diff --git a/mapping.csv b/mapping.csv index b1f03dceeda..de1531ad89e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -258049,3 +258049,79 @@ vulnerability,CVE-2018-9354,vulnerability--c078bc3d-7e52-41d6-a2b2-7d4dc4cef2d3 vulnerability,CVE-2018-9349,vulnerability--408bb6bf-9166-4285-be22-3576564f60f7 vulnerability,CVE-2018-9352,vulnerability--2f847724-c776-47ff-9c3a-095c08747a4f vulnerability,CVE-2018-9351,vulnerability--b61b3680-424b-4c89-b6a2-a268ba4a73b0 +vulnerability,CVE-2024-52495,vulnerability--41da1499-5ca1-4e7b-96a4-753826902515 +vulnerability,CVE-2024-52497,vulnerability--3f872d6b-ce2f-4b99-ae09-405c05b51ccf +vulnerability,CVE-2024-52490,vulnerability--2fbd8c58-470f-4e66-9a40-25aad888232b +vulnerability,CVE-2024-52501,vulnerability--68fb4693-315d-40aa-99bf-8604d420cd93 +vulnerability,CVE-2024-52474,vulnerability--2b988dea-f44b-40fa-8c53-114c7b153fb7 +vulnerability,CVE-2024-52475,vulnerability--92064a4d-a553-4b4b-b129-c1e27d6a57d5 +vulnerability,CVE-2024-52498,vulnerability--4141367f-420a-4b92-b010-84a0840456f0 +vulnerability,CVE-2024-52338,vulnerability--715e3f52-23f5-48fb-b18a-76b8c646f43e +vulnerability,CVE-2024-52499,vulnerability--dbeed49c-241c-4747-99d1-66c1297adfb5 +vulnerability,CVE-2024-52481,vulnerability--c10e13ee-698f-4cef-ad3f-b9944d3101f0 +vulnerability,CVE-2024-52496,vulnerability--f3eacff3-40b2-4606-899a-27899a15d593 +vulnerability,CVE-2024-52283,vulnerability--90a243e1-908c-4b3f-8caf-6d8e6473a69a +vulnerability,CVE-2024-10896,vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9 +vulnerability,CVE-2024-10670,vulnerability--be18ef91-e106-4698-9500-40ad926c9b20 +vulnerability,CVE-2024-10780,vulnerability--295f0d8b-65b2-443e-afa6-776a3c148a66 +vulnerability,CVE-2024-10510,vulnerability--9c4dede7-c8a8-4800-b7ae-117ddaca9a88 +vulnerability,CVE-2024-10473,vulnerability--4834e02e-0028-4897-8dac-cb7f2fe349db +vulnerability,CVE-2024-10798,vulnerability--86e5c26d-f183-49b7-aa8e-5d9bdfc01564 +vulnerability,CVE-2024-10493,vulnerability--a3f728bc-7d3f-4d66-b80b-3d248a398a62 +vulnerability,CVE-2024-9852,vulnerability--70aa5ba6-3be1-496c-9009-2e494aaa5e86 +vulnerability,CVE-2024-9669,vulnerability--a88dca44-3903-4afc-b768-058817ad3ef1 +vulnerability,CVE-2024-7747,vulnerability--2f86d85a-ea5d-4d69-adc4-d6a0c3d66b74 +vulnerability,CVE-2024-11925,vulnerability--c3ba110c-2f47-4449-b9e3-f556983a66c3 +vulnerability,CVE-2024-11203,vulnerability--fee2c535-930b-4cd6-ad3d-6b75d273331a +vulnerability,CVE-2024-11964,vulnerability--f2644ff6-8a41-4f6b-b2ec-32f3edb597ee +vulnerability,CVE-2024-11402,vulnerability--d59eeb2b-db54-41f9-88d4-5839eb90df7d +vulnerability,CVE-2024-11963,vulnerability--c94e2ea3-9af8-495c-8cc2-f3170283419d +vulnerability,CVE-2024-11366,vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f +vulnerability,CVE-2024-11960,vulnerability--e1a9da87-52ff-4e4a-968b-6a77c1cdd63b +vulnerability,CVE-2024-11967,vulnerability--f2422783-80fe-41a3-91ee-e1beecd2efc1 +vulnerability,CVE-2024-11918,vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2 +vulnerability,CVE-2024-11599,vulnerability--9f0749c1-5523-4cf4-b82b-79e28b650a1a +vulnerability,CVE-2024-11458,vulnerability--53e812f7-00d9-47ff-ade8-ab0466784cfb +vulnerability,CVE-2024-11620,vulnerability--90af8bc0-7585-4999-8b2e-d00821562350 +vulnerability,CVE-2024-11103,vulnerability--3ea91e6f-99a6-4cd0-86df-ebbfd9f067de +vulnerability,CVE-2024-11684,vulnerability--5c1e6bad-ffcb-4f66-a8c1-91dbe2c23262 +vulnerability,CVE-2024-11969,vulnerability--41001caa-c676-41c5-ab87-3aed5e593164 +vulnerability,CVE-2024-11971,vulnerability--d64c3603-1cca-418a-9071-e68e7df4109a +vulnerability,CVE-2024-11959,vulnerability--32b66742-eacd-4570-937e-d71a9a4c26e4 +vulnerability,CVE-2024-11961,vulnerability--461c1a97-e98b-45c4-829c-badd2f64c8db +vulnerability,CVE-2024-11965,vulnerability--131b987a-d355-40f5-850d-92a84f4269a3 +vulnerability,CVE-2024-11966,vulnerability--6be9e6ae-be55-47f4-842b-140c580a3f51 +vulnerability,CVE-2024-11761,vulnerability--fd0bf6b7-d555-4e02-b165-ceda459171f5 +vulnerability,CVE-2024-11788,vulnerability--bcdefe51-aa4b-4204-8e06-2d285263fef9 +vulnerability,CVE-2024-11431,vulnerability--859b6f04-0cff-45ae-bca1-a9f6905dfc9e +vulnerability,CVE-2024-11962,vulnerability--ec7b651f-3918-441a-a0c8-b2b8f3b7abcd +vulnerability,CVE-2024-11968,vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f +vulnerability,CVE-2024-11082,vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b +vulnerability,CVE-2024-11786,vulnerability--6770313c-2390-4b27-8528-b6edabaf4bbc +vulnerability,CVE-2024-11970,vulnerability--628f5be3-748e-4b9a-beee-cdac230664d6 +vulnerability,CVE-2024-11685,vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52 +vulnerability,CVE-2024-11333,vulnerability--377a794b-8f11-453a-af26-7885b47f7f68 +vulnerability,CVE-2024-53060,vulnerability--bba28fa8-b128-4d03-ba8b-0cb276998aea +vulnerability,CVE-2024-53732,vulnerability--4de94aaa-175f-4008-bef3-bb2dc2dba92a +vulnerability,CVE-2024-53736,vulnerability--5dd7e43c-00ee-4e92-b866-fb4b7dcd8504 +vulnerability,CVE-2024-53008,vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3 +vulnerability,CVE-2024-53733,vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076 +vulnerability,CVE-2024-53731,vulnerability--d01d8162-d096-41d2-bbd2-8fc99ee378de +vulnerability,CVE-2024-53734,vulnerability--9cdbfaee-8319-4e16-b42a-7b72864a16c7 +vulnerability,CVE-2024-53737,vulnerability--6a3bb812-df55-47b4-9f19-27f7dbdd287f +vulnerability,CVE-2024-8066,vulnerability--66af5c7b-9e0d-47a1-9532-291726846366 +vulnerability,CVE-2024-8672,vulnerability--f019873a-81a7-4aa8-981b-0d343c06c384 +vulnerability,CVE-2024-8300,vulnerability--e56483be-6e1b-4137-b31a-bd1ace3898ef +vulnerability,CVE-2024-8308,vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e +vulnerability,CVE-2024-8299,vulnerability--b127e02e-fd6b-4e58-b043-f21ee66806e9 +vulnerability,CVE-2024-38389,vulnerability--fc5347fa-de48-4ea4-8c6c-7afdb0fda75d +vulnerability,CVE-2024-38309,vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276 +vulnerability,CVE-2024-38658,vulnerability--5b30c745-d67b-4c66-9157-ac399e2a81f1 +vulnerability,CVE-2024-22038,vulnerability--ce70bd72-9e32-4ecc-802d-47a5c6e0749e +vulnerability,CVE-2024-22037,vulnerability--9a05efdc-e362-436f-aba0-5f53dc6fdc61 +vulnerability,CVE-2024-49502,vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776 +vulnerability,CVE-2024-49503,vulnerability--8f3e5dc0-b4e6-4a51-9d78-3cdc7ec5d438 +vulnerability,CVE-2024-36466,vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b +vulnerability,CVE-2024-46939,vulnerability--2b0cd801-4431-436a-bb40-747a8831134e +vulnerability,CVE-2023-52922,vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b +vulnerability,CVE-2018-9377,vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7 diff --git a/objects/vulnerability/vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e.json b/objects/vulnerability/vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e.json new file mode 100644 index 00000000000..db0baafbaa9 --- /dev/null +++ b/objects/vulnerability/vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95fdbc67-2917-4d16-b576-840bc69e2b80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.582895Z", + "modified": "2024-11-29T00:22:07.582895Z", + "name": "CVE-2024-8308", + "description": "A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8308" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f.json b/objects/vulnerability/vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f.json new file mode 100644 index 00000000000..56c977dfe4e --- /dev/null +++ b/objects/vulnerability/vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdc6e5c0-93b8-4777-8ed6-2dc0c833e6e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.244764Z", + "modified": "2024-11-29T00:22:07.244764Z", + "name": "CVE-2024-11968", + "description": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2.json b/objects/vulnerability/vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2.json new file mode 100644 index 00000000000..d17a79b956c --- /dev/null +++ b/objects/vulnerability/vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16634ca4-8167-41f5-b926-2b5f814f41ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.199163Z", + "modified": "2024-11-29T00:22:07.199163Z", + "name": "CVE-2024-11918", + "description": "The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b.json b/objects/vulnerability/vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b.json new file mode 100644 index 00000000000..ee2d13499bd --- /dev/null +++ b/objects/vulnerability/vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1b973a8-f282-4f1e-888d-5dd7a50b51c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.246472Z", + "modified": "2024-11-29T00:22:07.246472Z", + "name": "CVE-2024-11082", + "description": "The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276.json b/objects/vulnerability/vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276.json new file mode 100644 index 00000000000..371fa4da868 --- /dev/null +++ b/objects/vulnerability/vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5356dbe-5ae8-4d28-934f-8441b011ac08", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.625196Z", + "modified": "2024-11-29T00:22:07.625196Z", + "name": "CVE-2024-38309", + "description": "There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).\r\nIf a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38309" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076.json b/objects/vulnerability/vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076.json new file mode 100644 index 00000000000..b4af86e65f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--487a2838-87a9-4468-a7eb-85e4794b2955", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.518277Z", + "modified": "2024-11-29T00:22:07.518277Z", + "name": "CVE-2024-53733", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53733" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--131b987a-d355-40f5-850d-92a84f4269a3.json b/objects/vulnerability/vulnerability--131b987a-d355-40f5-850d-92a84f4269a3.json new file mode 100644 index 00000000000..20ff2da3c04 --- /dev/null +++ b/objects/vulnerability/vulnerability--131b987a-d355-40f5-850d-92a84f4269a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b439ba2-16dc-46b6-9895-e5d6bdd03a66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--131b987a-d355-40f5-850d-92a84f4269a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.231142Z", + "modified": "2024-11-29T00:22:07.231142Z", + "name": "CVE-2024-11965", + "description": "A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3.json b/objects/vulnerability/vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3.json new file mode 100644 index 00000000000..a57a25128f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a6f57ee-b955-4e39-89d5-98255bc1caee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.513762Z", + "modified": "2024-11-29T00:22:07.513762Z", + "name": "CVE-2024-53008", + "description": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776.json b/objects/vulnerability/vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776.json new file mode 100644 index 00000000000..3b13c1e4967 --- /dev/null +++ b/objects/vulnerability/vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc00a497-05fb-4928-83c8-d12b0ed4ef7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:08.13473Z", + "modified": "2024-11-29T00:22:08.13473Z", + "name": "CVE-2024-49502", + "description": "A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9.json b/objects/vulnerability/vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9.json new file mode 100644 index 00000000000..9f2ad58ffdc --- /dev/null +++ b/objects/vulnerability/vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22cc429f-f7a9-43f5-9af8-76e88a734575", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.714442Z", + "modified": "2024-11-29T00:22:06.714442Z", + "name": "CVE-2024-10896", + "description": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10896" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52.json b/objects/vulnerability/vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52.json new file mode 100644 index 00000000000..c0eb067ae5d --- /dev/null +++ b/objects/vulnerability/vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--862081a3-082f-47fa-a1a1-48acb8b79cea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.251769Z", + "modified": "2024-11-29T00:22:07.251769Z", + "name": "CVE-2024-11685", + "description": "The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f.json b/objects/vulnerability/vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f.json new file mode 100644 index 00000000000..b0d9e68bcc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2d862b9-78a0-4fb6-a810-5cefafacc322", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.185498Z", + "modified": "2024-11-29T00:22:07.185498Z", + "name": "CVE-2024-11366", + "description": "The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--295f0d8b-65b2-443e-afa6-776a3c148a66.json b/objects/vulnerability/vulnerability--295f0d8b-65b2-443e-afa6-776a3c148a66.json new file mode 100644 index 00000000000..f2a2608d959 --- /dev/null +++ b/objects/vulnerability/vulnerability--295f0d8b-65b2-443e-afa6-776a3c148a66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--163cde5f-3311-4881-9a62-84109cdc33c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--295f0d8b-65b2-443e-afa6-776a3c148a66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.734168Z", + "modified": "2024-11-29T00:22:06.734168Z", + "name": "CVE-2024-10780", + "description": "The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10780" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b0cd801-4431-436a-bb40-747a8831134e.json b/objects/vulnerability/vulnerability--2b0cd801-4431-436a-bb40-747a8831134e.json new file mode 100644 index 00000000000..9912a30a9e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b0cd801-4431-436a-bb40-747a8831134e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--489122ea-62a0-4d45-81fc-afe681c9fafb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b0cd801-4431-436a-bb40-747a8831134e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:08.454427Z", + "modified": "2024-11-29T00:22:08.454427Z", + "name": "CVE-2024-46939", + "description": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46939" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b988dea-f44b-40fa-8c53-114c7b153fb7.json b/objects/vulnerability/vulnerability--2b988dea-f44b-40fa-8c53-114c7b153fb7.json new file mode 100644 index 00000000000..88a82d97b84 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b988dea-f44b-40fa-8c53-114c7b153fb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82736aa0-70c0-4d62-a231-a8015f040e02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b988dea-f44b-40fa-8c53-114c7b153fb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.599432Z", + "modified": "2024-11-29T00:22:06.599432Z", + "name": "CVE-2024-52474", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f86d85a-ea5d-4d69-adc4-d6a0c3d66b74.json b/objects/vulnerability/vulnerability--2f86d85a-ea5d-4d69-adc4-d6a0c3d66b74.json new file mode 100644 index 00000000000..3aaa49c798f --- /dev/null +++ b/objects/vulnerability/vulnerability--2f86d85a-ea5d-4d69-adc4-d6a0c3d66b74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed1e9fa6-1ab4-4c50-86a2-93c1f608bcb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f86d85a-ea5d-4d69-adc4-d6a0c3d66b74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.104863Z", + "modified": "2024-11-29T00:22:07.104863Z", + "name": "CVE-2024-7747", + "description": "The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2fbd8c58-470f-4e66-9a40-25aad888232b.json b/objects/vulnerability/vulnerability--2fbd8c58-470f-4e66-9a40-25aad888232b.json new file mode 100644 index 00000000000..17c31fd62f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--2fbd8c58-470f-4e66-9a40-25aad888232b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c16f89f-6f62-491a-9d22-efd7cd952011", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2fbd8c58-470f-4e66-9a40-25aad888232b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.588417Z", + "modified": "2024-11-29T00:22:06.588417Z", + "name": "CVE-2024-52490", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32b66742-eacd-4570-937e-d71a9a4c26e4.json b/objects/vulnerability/vulnerability--32b66742-eacd-4570-937e-d71a9a4c26e4.json new file mode 100644 index 00000000000..17eb33984aa --- /dev/null +++ b/objects/vulnerability/vulnerability--32b66742-eacd-4570-937e-d71a9a4c26e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c3cb4a6-8156-47b2-ba3c-354533178cee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32b66742-eacd-4570-937e-d71a9a4c26e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.221951Z", + "modified": "2024-11-29T00:22:07.221951Z", + "name": "CVE-2024-11959", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11959" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--377a794b-8f11-453a-af26-7885b47f7f68.json b/objects/vulnerability/vulnerability--377a794b-8f11-453a-af26-7885b47f7f68.json new file mode 100644 index 00000000000..b1f723612e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--377a794b-8f11-453a-af26-7885b47f7f68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--405dcf7a-3142-4264-9c1f-f9ed60fb6150", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--377a794b-8f11-453a-af26-7885b47f7f68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.252853Z", + "modified": "2024-11-29T00:22:07.252853Z", + "name": "CVE-2024-11333", + "description": "The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ea91e6f-99a6-4cd0-86df-ebbfd9f067de.json b/objects/vulnerability/vulnerability--3ea91e6f-99a6-4cd0-86df-ebbfd9f067de.json new file mode 100644 index 00000000000..cd668cdf976 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ea91e6f-99a6-4cd0-86df-ebbfd9f067de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--207999cd-9f8a-4d58-aec5-d877e0381fa6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ea91e6f-99a6-4cd0-86df-ebbfd9f067de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.207709Z", + "modified": "2024-11-29T00:22:07.207709Z", + "name": "CVE-2024-11103", + "description": "The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f872d6b-ce2f-4b99-ae09-405c05b51ccf.json b/objects/vulnerability/vulnerability--3f872d6b-ce2f-4b99-ae09-405c05b51ccf.json new file mode 100644 index 00000000000..d60ed43daf2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f872d6b-ce2f-4b99-ae09-405c05b51ccf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47796901-b198-4b04-bb97-fb0f29e6476b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f872d6b-ce2f-4b99-ae09-405c05b51ccf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.584137Z", + "modified": "2024-11-29T00:22:06.584137Z", + "name": "CVE-2024-52497", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41001caa-c676-41c5-ab87-3aed5e593164.json b/objects/vulnerability/vulnerability--41001caa-c676-41c5-ab87-3aed5e593164.json new file mode 100644 index 00000000000..a859d88b054 --- /dev/null +++ b/objects/vulnerability/vulnerability--41001caa-c676-41c5-ab87-3aed5e593164.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21720c47-1b34-473e-9df6-227f8e08f87c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41001caa-c676-41c5-ab87-3aed5e593164", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.211065Z", + "modified": "2024-11-29T00:22:07.211065Z", + "name": "CVE-2024-11969", + "description": "The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4141367f-420a-4b92-b010-84a0840456f0.json b/objects/vulnerability/vulnerability--4141367f-420a-4b92-b010-84a0840456f0.json new file mode 100644 index 00000000000..c3bd86c6983 --- /dev/null +++ b/objects/vulnerability/vulnerability--4141367f-420a-4b92-b010-84a0840456f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10831960-3f19-48bb-ace3-90b8000a0246", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4141367f-420a-4b92-b010-84a0840456f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.605022Z", + "modified": "2024-11-29T00:22:06.605022Z", + "name": "CVE-2024-52498", + "description": "Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41da1499-5ca1-4e7b-96a4-753826902515.json b/objects/vulnerability/vulnerability--41da1499-5ca1-4e7b-96a4-753826902515.json new file mode 100644 index 00000000000..f932bcdd444 --- /dev/null +++ b/objects/vulnerability/vulnerability--41da1499-5ca1-4e7b-96a4-753826902515.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f66409c-4ee9-4ab3-b5c3-b364f26e25af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41da1499-5ca1-4e7b-96a4-753826902515", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.571496Z", + "modified": "2024-11-29T00:22:06.571496Z", + "name": "CVE-2024-52495", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--461c1a97-e98b-45c4-829c-badd2f64c8db.json b/objects/vulnerability/vulnerability--461c1a97-e98b-45c4-829c-badd2f64c8db.json new file mode 100644 index 00000000000..d53aa397f24 --- /dev/null +++ b/objects/vulnerability/vulnerability--461c1a97-e98b-45c4-829c-badd2f64c8db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--941f10bf-9029-494b-8549-1cc1ef62724d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--461c1a97-e98b-45c4-829c-badd2f64c8db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.223629Z", + "modified": "2024-11-29T00:22:07.223629Z", + "name": "CVE-2024-11961", + "description": "A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11961" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4834e02e-0028-4897-8dac-cb7f2fe349db.json b/objects/vulnerability/vulnerability--4834e02e-0028-4897-8dac-cb7f2fe349db.json new file mode 100644 index 00000000000..26ef33dce6e --- /dev/null +++ b/objects/vulnerability/vulnerability--4834e02e-0028-4897-8dac-cb7f2fe349db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41da0a4b-a6d0-49db-9763-bebd4a3d18ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4834e02e-0028-4897-8dac-cb7f2fe349db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.751467Z", + "modified": "2024-11-29T00:22:06.751467Z", + "name": "CVE-2024-10473", + "description": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4de94aaa-175f-4008-bef3-bb2dc2dba92a.json b/objects/vulnerability/vulnerability--4de94aaa-175f-4008-bef3-bb2dc2dba92a.json new file mode 100644 index 00000000000..334d7ce6849 --- /dev/null +++ b/objects/vulnerability/vulnerability--4de94aaa-175f-4008-bef3-bb2dc2dba92a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec24b87a-8058-4b23-8b55-4431e65eac0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4de94aaa-175f-4008-bef3-bb2dc2dba92a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.495179Z", + "modified": "2024-11-29T00:22:07.495179Z", + "name": "CVE-2024-53732", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53732" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53e812f7-00d9-47ff-ade8-ab0466784cfb.json b/objects/vulnerability/vulnerability--53e812f7-00d9-47ff-ade8-ab0466784cfb.json new file mode 100644 index 00000000000..7305d8d61bd --- /dev/null +++ b/objects/vulnerability/vulnerability--53e812f7-00d9-47ff-ade8-ab0466784cfb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e20854f-e795-4643-949e-8582a1836cfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53e812f7-00d9-47ff-ade8-ab0466784cfb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.20208Z", + "modified": "2024-11-29T00:22:07.20208Z", + "name": "CVE-2024-11458", + "description": "The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b30c745-d67b-4c66-9157-ac399e2a81f1.json b/objects/vulnerability/vulnerability--5b30c745-d67b-4c66-9157-ac399e2a81f1.json new file mode 100644 index 00000000000..d65d05a9ad0 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b30c745-d67b-4c66-9157-ac399e2a81f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--246077be-0b35-4110-a9b6-122a925b82f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b30c745-d67b-4c66-9157-ac399e2a81f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.647194Z", + "modified": "2024-11-29T00:22:07.647194Z", + "name": "CVE-2024-38658", + "description": "There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c1e6bad-ffcb-4f66-a8c1-91dbe2c23262.json b/objects/vulnerability/vulnerability--5c1e6bad-ffcb-4f66-a8c1-91dbe2c23262.json new file mode 100644 index 00000000000..312fe37af28 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c1e6bad-ffcb-4f66-a8c1-91dbe2c23262.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fd9ce48-0e7e-4dff-9914-05914245db5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c1e6bad-ffcb-4f66-a8c1-91dbe2c23262", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.209295Z", + "modified": "2024-11-29T00:22:07.209295Z", + "name": "CVE-2024-11684", + "description": "The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5dd7e43c-00ee-4e92-b866-fb4b7dcd8504.json b/objects/vulnerability/vulnerability--5dd7e43c-00ee-4e92-b866-fb4b7dcd8504.json new file mode 100644 index 00000000000..837dbaacd3c --- /dev/null +++ b/objects/vulnerability/vulnerability--5dd7e43c-00ee-4e92-b866-fb4b7dcd8504.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54d084eb-0390-417a-b445-6479c56caab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5dd7e43c-00ee-4e92-b866-fb4b7dcd8504", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.502099Z", + "modified": "2024-11-29T00:22:07.502099Z", + "name": "CVE-2024-53736", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53736" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--628f5be3-748e-4b9a-beee-cdac230664d6.json b/objects/vulnerability/vulnerability--628f5be3-748e-4b9a-beee-cdac230664d6.json new file mode 100644 index 00000000000..def72d037ff --- /dev/null +++ b/objects/vulnerability/vulnerability--628f5be3-748e-4b9a-beee-cdac230664d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c2f7295-8034-4f07-a36f-2f65a288242a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--628f5be3-748e-4b9a-beee-cdac230664d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.250539Z", + "modified": "2024-11-29T00:22:07.250539Z", + "name": "CVE-2024-11970", + "description": "A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11970" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66af5c7b-9e0d-47a1-9532-291726846366.json b/objects/vulnerability/vulnerability--66af5c7b-9e0d-47a1-9532-291726846366.json new file mode 100644 index 00000000000..b8a76578df1 --- /dev/null +++ b/objects/vulnerability/vulnerability--66af5c7b-9e0d-47a1-9532-291726846366.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b194f7fe-229c-40db-a473-b03a375e919c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66af5c7b-9e0d-47a1-9532-291726846366", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.548601Z", + "modified": "2024-11-29T00:22:07.548601Z", + "name": "CVE-2024-8066", + "description": "The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6770313c-2390-4b27-8528-b6edabaf4bbc.json b/objects/vulnerability/vulnerability--6770313c-2390-4b27-8528-b6edabaf4bbc.json new file mode 100644 index 00000000000..846bc03190b --- /dev/null +++ b/objects/vulnerability/vulnerability--6770313c-2390-4b27-8528-b6edabaf4bbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ce772a5-15db-475f-af8f-4a88a4bb4180", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6770313c-2390-4b27-8528-b6edabaf4bbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.248958Z", + "modified": "2024-11-29T00:22:07.248958Z", + "name": "CVE-2024-11786", + "description": "The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68fb4693-315d-40aa-99bf-8604d420cd93.json b/objects/vulnerability/vulnerability--68fb4693-315d-40aa-99bf-8604d420cd93.json new file mode 100644 index 00000000000..214de21c83c --- /dev/null +++ b/objects/vulnerability/vulnerability--68fb4693-315d-40aa-99bf-8604d420cd93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b489502-cea9-4624-824e-f06317e08d6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68fb4693-315d-40aa-99bf-8604d420cd93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.594848Z", + "modified": "2024-11-29T00:22:06.594848Z", + "name": "CVE-2024-52501", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a3bb812-df55-47b4-9f19-27f7dbdd287f.json b/objects/vulnerability/vulnerability--6a3bb812-df55-47b4-9f19-27f7dbdd287f.json new file mode 100644 index 00000000000..27ebce1c51f --- /dev/null +++ b/objects/vulnerability/vulnerability--6a3bb812-df55-47b4-9f19-27f7dbdd287f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1db531ba-661b-4bf1-bbec-5bb7daab92fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a3bb812-df55-47b4-9f19-27f7dbdd287f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.526505Z", + "modified": "2024-11-29T00:22:07.526505Z", + "name": "CVE-2024-53737", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53737" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6be9e6ae-be55-47f4-842b-140c580a3f51.json b/objects/vulnerability/vulnerability--6be9e6ae-be55-47f4-842b-140c580a3f51.json new file mode 100644 index 00000000000..b2737e8f713 --- /dev/null +++ b/objects/vulnerability/vulnerability--6be9e6ae-be55-47f4-842b-140c580a3f51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66dc0182-3a4b-404f-966e-ac575b7deba6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6be9e6ae-be55-47f4-842b-140c580a3f51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.232967Z", + "modified": "2024-11-29T00:22:07.232967Z", + "name": "CVE-2024-11966", + "description": "A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70aa5ba6-3be1-496c-9009-2e494aaa5e86.json b/objects/vulnerability/vulnerability--70aa5ba6-3be1-496c-9009-2e494aaa5e86.json new file mode 100644 index 00000000000..4c2c9240737 --- /dev/null +++ b/objects/vulnerability/vulnerability--70aa5ba6-3be1-496c-9009-2e494aaa5e86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e06a058e-4bd0-413d-930d-6ce003a1708e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70aa5ba6-3be1-496c-9009-2e494aaa5e86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.767041Z", + "modified": "2024-11-29T00:22:06.767041Z", + "name": "CVE-2024-9852", + "description": "Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--715e3f52-23f5-48fb-b18a-76b8c646f43e.json b/objects/vulnerability/vulnerability--715e3f52-23f5-48fb-b18a-76b8c646f43e.json new file mode 100644 index 00000000000..912783ce1b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--715e3f52-23f5-48fb-b18a-76b8c646f43e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62b1c46f-cd15-45c0-9b24-08d870ecc51c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--715e3f52-23f5-48fb-b18a-76b8c646f43e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.622144Z", + "modified": "2024-11-29T00:22:06.622144Z", + "name": "CVE-2024-52338", + "description": "Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it \nreads Arrow IPC, Feather or Parquet data from untrusted sources (for \nexample, user-supplied input files). This vulnerability only affects the arrow R package, not other Apache Arrow \nimplementations or bindings unless those bindings are specifically used via the R package (for example, an R application that embeds a Python interpreter and uses PyArrow to read files from untrusted sources is still vulnerable if the arrow R package is an affected version). It is recommended that users of the arrow R package upgrade to 17.0.0 or later. Similarly, it\n is recommended that downstream libraries upgrade their dependency \nrequirements to arrow 17.0.0 or later. If using an affected\nversion of the package, untrusted data can read into a Table and its internal to_data_frame() method can be used as a workaround (e.g., read_parquet(..., as_data_frame = FALSE)$to_data_frame()).\n\n\nThis issue affects the Apache Arrow R package: from 4.0.0 through 16.1.0.\n\n\nUsers are recommended to upgrade to version 17.0.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52338" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--859b6f04-0cff-45ae-bca1-a9f6905dfc9e.json b/objects/vulnerability/vulnerability--859b6f04-0cff-45ae-bca1-a9f6905dfc9e.json new file mode 100644 index 00000000000..3b088abd20a --- /dev/null +++ b/objects/vulnerability/vulnerability--859b6f04-0cff-45ae-bca1-a9f6905dfc9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee1b0925-5914-4e17-bbbb-8283bb12a31a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--859b6f04-0cff-45ae-bca1-a9f6905dfc9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.238692Z", + "modified": "2024-11-29T00:22:07.238692Z", + "name": "CVE-2024-11431", + "description": "The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11431" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86e5c26d-f183-49b7-aa8e-5d9bdfc01564.json b/objects/vulnerability/vulnerability--86e5c26d-f183-49b7-aa8e-5d9bdfc01564.json new file mode 100644 index 00000000000..3d4a2e042fc --- /dev/null +++ b/objects/vulnerability/vulnerability--86e5c26d-f183-49b7-aa8e-5d9bdfc01564.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdd6f2f3-a8b5-4e95-a426-ec2e7f29abab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86e5c26d-f183-49b7-aa8e-5d9bdfc01564", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.753867Z", + "modified": "2024-11-29T00:22:06.753867Z", + "name": "CVE-2024-10798", + "description": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f3e5dc0-b4e6-4a51-9d78-3cdc7ec5d438.json b/objects/vulnerability/vulnerability--8f3e5dc0-b4e6-4a51-9d78-3cdc7ec5d438.json new file mode 100644 index 00000000000..29c8db5997f --- /dev/null +++ b/objects/vulnerability/vulnerability--8f3e5dc0-b4e6-4a51-9d78-3cdc7ec5d438.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6fd9f30e-36e5-4f1e-899c-f93703e68733", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f3e5dc0-b4e6-4a51-9d78-3cdc7ec5d438", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:08.161234Z", + "modified": "2024-11-29T00:22:08.161234Z", + "name": "CVE-2024-49503", + "description": "A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90a243e1-908c-4b3f-8caf-6d8e6473a69a.json b/objects/vulnerability/vulnerability--90a243e1-908c-4b3f-8caf-6d8e6473a69a.json new file mode 100644 index 00000000000..567898f47ef --- /dev/null +++ b/objects/vulnerability/vulnerability--90a243e1-908c-4b3f-8caf-6d8e6473a69a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47868410-8253-42ba-9928-19ea2b520235", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90a243e1-908c-4b3f-8caf-6d8e6473a69a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.638798Z", + "modified": "2024-11-29T00:22:06.638798Z", + "name": "CVE-2024-52283", + "description": "Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52283" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90af8bc0-7585-4999-8b2e-d00821562350.json b/objects/vulnerability/vulnerability--90af8bc0-7585-4999-8b2e-d00821562350.json new file mode 100644 index 00000000000..5022561a2b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--90af8bc0-7585-4999-8b2e-d00821562350.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e4f285f-3ca7-4440-944e-add92037277e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90af8bc0-7585-4999-8b2e-d00821562350", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.203083Z", + "modified": "2024-11-29T00:22:07.203083Z", + "name": "CVE-2024-11620", + "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92064a4d-a553-4b4b-b129-c1e27d6a57d5.json b/objects/vulnerability/vulnerability--92064a4d-a553-4b4b-b129-c1e27d6a57d5.json new file mode 100644 index 00000000000..ce3e49cd92c --- /dev/null +++ b/objects/vulnerability/vulnerability--92064a4d-a553-4b4b-b129-c1e27d6a57d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--498b544f-6ff9-4a87-8fa3-d1c31f0719d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92064a4d-a553-4b4b-b129-c1e27d6a57d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.601146Z", + "modified": "2024-11-29T00:22:06.601146Z", + "name": "CVE-2024-52475", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a05efdc-e362-436f-aba0-5f53dc6fdc61.json b/objects/vulnerability/vulnerability--9a05efdc-e362-436f-aba0-5f53dc6fdc61.json new file mode 100644 index 00000000000..98514751200 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a05efdc-e362-436f-aba0-5f53dc6fdc61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c4c2818-6a95-490d-82aa-fd79ddc3ad52", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a05efdc-e362-436f-aba0-5f53dc6fdc61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.688127Z", + "modified": "2024-11-29T00:22:07.688127Z", + "name": "CVE-2024-22037", + "description": "The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22037" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c4dede7-c8a8-4800-b7ae-117ddaca9a88.json b/objects/vulnerability/vulnerability--9c4dede7-c8a8-4800-b7ae-117ddaca9a88.json new file mode 100644 index 00000000000..d9d315791c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c4dede7-c8a8-4800-b7ae-117ddaca9a88.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63db5bf8-37a1-41a7-9fd8-fb55e12d71a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c4dede7-c8a8-4800-b7ae-117ddaca9a88", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.737953Z", + "modified": "2024-11-29T00:22:06.737953Z", + "name": "CVE-2024-10510", + "description": "The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9cdbfaee-8319-4e16-b42a-7b72864a16c7.json b/objects/vulnerability/vulnerability--9cdbfaee-8319-4e16-b42a-7b72864a16c7.json new file mode 100644 index 00000000000..f46870bdde8 --- /dev/null +++ b/objects/vulnerability/vulnerability--9cdbfaee-8319-4e16-b42a-7b72864a16c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32ca542f-bdcf-43d4-ac6c-11f4ffaaafe4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9cdbfaee-8319-4e16-b42a-7b72864a16c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.523144Z", + "modified": "2024-11-29T00:22:07.523144Z", + "name": "CVE-2024-53734", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53734" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f0749c1-5523-4cf4-b82b-79e28b650a1a.json b/objects/vulnerability/vulnerability--9f0749c1-5523-4cf4-b82b-79e28b650a1a.json new file mode 100644 index 00000000000..c7729758c05 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f0749c1-5523-4cf4-b82b-79e28b650a1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a937e759-0806-4bbf-b09d-845f916b0ec7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f0749c1-5523-4cf4-b82b-79e28b650a1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.200635Z", + "modified": "2024-11-29T00:22:07.200635Z", + "name": "CVE-2024-11599", + "description": "Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b.json b/objects/vulnerability/vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b.json new file mode 100644 index 00000000000..ec79779d4de --- /dev/null +++ b/objects/vulnerability/vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3aab73b0-728d-4b7b-bab1-aa9ff720229a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f940bd1-f3a9-430d-b7f0-d3b442c18e7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:08.392678Z", + "modified": "2024-11-29T00:22:08.392678Z", + "name": "CVE-2024-36466", + "description": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3f728bc-7d3f-4d66-b80b-3d248a398a62.json b/objects/vulnerability/vulnerability--a3f728bc-7d3f-4d66-b80b-3d248a398a62.json new file mode 100644 index 00000000000..7747ec1fe72 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3f728bc-7d3f-4d66-b80b-3d248a398a62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb82add1-d372-4d6d-bcb6-a34ff423b7f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3f728bc-7d3f-4d66-b80b-3d248a398a62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.755811Z", + "modified": "2024-11-29T00:22:06.755811Z", + "name": "CVE-2024-10493", + "description": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a88dca44-3903-4afc-b768-058817ad3ef1.json b/objects/vulnerability/vulnerability--a88dca44-3903-4afc-b768-058817ad3ef1.json new file mode 100644 index 00000000000..4ab6ebbcc9d --- /dev/null +++ b/objects/vulnerability/vulnerability--a88dca44-3903-4afc-b768-058817ad3ef1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a53d2f98-f9e2-4571-9f72-46594c476718", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a88dca44-3903-4afc-b768-058817ad3ef1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.799532Z", + "modified": "2024-11-29T00:22:06.799532Z", + "name": "CVE-2024-9669", + "description": "The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b127e02e-fd6b-4e58-b043-f21ee66806e9.json b/objects/vulnerability/vulnerability--b127e02e-fd6b-4e58-b043-f21ee66806e9.json new file mode 100644 index 00000000000..47a18f1a3d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b127e02e-fd6b-4e58-b043-f21ee66806e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--402b69e4-7f89-4f18-9f25-f98429b1103c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b127e02e-fd6b-4e58-b043-f21ee66806e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.586816Z", + "modified": "2024-11-29T00:22:07.586816Z", + "name": "CVE-2024-8299", + "description": "Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bba28fa8-b128-4d03-ba8b-0cb276998aea.json b/objects/vulnerability/vulnerability--bba28fa8-b128-4d03-ba8b-0cb276998aea.json new file mode 100644 index 00000000000..aa557a01901 --- /dev/null +++ b/objects/vulnerability/vulnerability--bba28fa8-b128-4d03-ba8b-0cb276998aea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3063d1ba-ff43-4206-b222-408e3a584d75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bba28fa8-b128-4d03-ba8b-0cb276998aea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.482575Z", + "modified": "2024-11-29T00:22:07.482575Z", + "name": "CVE-2024-53060", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcdefe51-aa4b-4204-8e06-2d285263fef9.json b/objects/vulnerability/vulnerability--bcdefe51-aa4b-4204-8e06-2d285263fef9.json new file mode 100644 index 00000000000..eb4b2fda4c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--bcdefe51-aa4b-4204-8e06-2d285263fef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--346b4aef-7e0c-4dd1-bfae-847f54df2ff0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcdefe51-aa4b-4204-8e06-2d285263fef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.237489Z", + "modified": "2024-11-29T00:22:07.237489Z", + "name": "CVE-2024-11788", + "description": "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be18ef91-e106-4698-9500-40ad926c9b20.json b/objects/vulnerability/vulnerability--be18ef91-e106-4698-9500-40ad926c9b20.json new file mode 100644 index 00000000000..c110ec79c8a --- /dev/null +++ b/objects/vulnerability/vulnerability--be18ef91-e106-4698-9500-40ad926c9b20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46d6ee8a-9871-4ed7-b32a-c6701e08b27e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be18ef91-e106-4698-9500-40ad926c9b20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.728478Z", + "modified": "2024-11-29T00:22:06.728478Z", + "name": "CVE-2024-10670", + "description": "The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c10e13ee-698f-4cef-ad3f-b9944d3101f0.json b/objects/vulnerability/vulnerability--c10e13ee-698f-4cef-ad3f-b9944d3101f0.json new file mode 100644 index 00000000000..eef74c505c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c10e13ee-698f-4cef-ad3f-b9944d3101f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2d9234d-f996-49a3-897a-ad1470364b3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c10e13ee-698f-4cef-ad3f-b9944d3101f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.630761Z", + "modified": "2024-11-29T00:22:06.630761Z", + "name": "CVE-2024-52481", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3ba110c-2f47-4449-b9e3-f556983a66c3.json b/objects/vulnerability/vulnerability--c3ba110c-2f47-4449-b9e3-f556983a66c3.json new file mode 100644 index 00000000000..1301e8b9bc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3ba110c-2f47-4449-b9e3-f556983a66c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--302d5b50-0b15-482c-b97b-b75ed5eb571e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3ba110c-2f47-4449-b9e3-f556983a66c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.174555Z", + "modified": "2024-11-29T00:22:07.174555Z", + "name": "CVE-2024-11925", + "description": "The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c94e2ea3-9af8-495c-8cc2-f3170283419d.json b/objects/vulnerability/vulnerability--c94e2ea3-9af8-495c-8cc2-f3170283419d.json new file mode 100644 index 00000000000..266ca8f1f24 --- /dev/null +++ b/objects/vulnerability/vulnerability--c94e2ea3-9af8-495c-8cc2-f3170283419d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ff8f482-78cc-48f6-89cd-b48f3dbf6daf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c94e2ea3-9af8-495c-8cc2-f3170283419d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.183282Z", + "modified": "2024-11-29T00:22:07.183282Z", + "name": "CVE-2024-11963", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce70bd72-9e32-4ecc-802d-47a5c6e0749e.json b/objects/vulnerability/vulnerability--ce70bd72-9e32-4ecc-802d-47a5c6e0749e.json new file mode 100644 index 00000000000..60c800680d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce70bd72-9e32-4ecc-802d-47a5c6e0749e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0521557-f3c8-41d6-ba36-c7b19247135a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce70bd72-9e32-4ecc-802d-47a5c6e0749e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.675555Z", + "modified": "2024-11-29T00:22:07.675555Z", + "name": "CVE-2024-22038", + "description": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d01d8162-d096-41d2-bbd2-8fc99ee378de.json b/objects/vulnerability/vulnerability--d01d8162-d096-41d2-bbd2-8fc99ee378de.json new file mode 100644 index 00000000000..54974d8608f --- /dev/null +++ b/objects/vulnerability/vulnerability--d01d8162-d096-41d2-bbd2-8fc99ee378de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21f9a7a7-5b93-47db-8103-0ffe921c03d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d01d8162-d096-41d2-bbd2-8fc99ee378de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.519226Z", + "modified": "2024-11-29T00:22:07.519226Z", + "name": "CVE-2024-53731", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fintelligence Fintelligence Calculator allows Stored XSS.This issue affects Fintelligence Calculator: from n/a through 1.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53731" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b.json b/objects/vulnerability/vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b.json new file mode 100644 index 00000000000..cfa10e435f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--708bc257-3064-43e2-8113-e053835eec5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d118952b-61ae-4573-b90a-2d8c3a4c456b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:16.272689Z", + "modified": "2024-11-29T00:22:16.272689Z", + "name": "CVE-2023-52922", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52922" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d59eeb2b-db54-41f9-88d4-5839eb90df7d.json b/objects/vulnerability/vulnerability--d59eeb2b-db54-41f9-88d4-5839eb90df7d.json new file mode 100644 index 00000000000..0db4505e13e --- /dev/null +++ b/objects/vulnerability/vulnerability--d59eeb2b-db54-41f9-88d4-5839eb90df7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce665bae-9cf2-430c-9f98-63f90cfecb79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d59eeb2b-db54-41f9-88d4-5839eb90df7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.181621Z", + "modified": "2024-11-29T00:22:07.181621Z", + "name": "CVE-2024-11402", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11402" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d64c3603-1cca-418a-9071-e68e7df4109a.json b/objects/vulnerability/vulnerability--d64c3603-1cca-418a-9071-e68e7df4109a.json new file mode 100644 index 00000000000..e757e8c6dff --- /dev/null +++ b/objects/vulnerability/vulnerability--d64c3603-1cca-418a-9071-e68e7df4109a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74810a16-1b4a-492b-ae00-886fc80a3992", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d64c3603-1cca-418a-9071-e68e7df4109a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.21811Z", + "modified": "2024-11-29T00:22:07.21811Z", + "name": "CVE-2024-11971", + "description": "A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbeed49c-241c-4747-99d1-66c1297adfb5.json b/objects/vulnerability/vulnerability--dbeed49c-241c-4747-99d1-66c1297adfb5.json new file mode 100644 index 00000000000..1a5bf042743 --- /dev/null +++ b/objects/vulnerability/vulnerability--dbeed49c-241c-4747-99d1-66c1297adfb5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4911d23-8230-4ac3-b128-0895c8d8e27d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbeed49c-241c-4747-99d1-66c1297adfb5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.628859Z", + "modified": "2024-11-29T00:22:06.628859Z", + "name": "CVE-2024-52499", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1a9da87-52ff-4e4a-968b-6a77c1cdd63b.json b/objects/vulnerability/vulnerability--e1a9da87-52ff-4e4a-968b-6a77c1cdd63b.json new file mode 100644 index 00000000000..ac609721b53 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1a9da87-52ff-4e4a-968b-6a77c1cdd63b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b86b920c-6e34-4a7d-a9a4-bd131e2bbd1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1a9da87-52ff-4e4a-968b-6a77c1cdd63b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.186587Z", + "modified": "2024-11-29T00:22:07.186587Z", + "name": "CVE-2024-11960", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e56483be-6e1b-4137-b31a-bd1ace3898ef.json b/objects/vulnerability/vulnerability--e56483be-6e1b-4137-b31a-bd1ace3898ef.json new file mode 100644 index 00000000000..c980d9c28f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e56483be-6e1b-4137-b31a-bd1ace3898ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2007ab52-bd8c-4131-bf2f-26ff11c6f457", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e56483be-6e1b-4137-b31a-bd1ace3898ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.577179Z", + "modified": "2024-11-29T00:22:07.577179Z", + "name": "CVE-2024-8300", + "description": "Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec7b651f-3918-441a-a0c8-b2b8f3b7abcd.json b/objects/vulnerability/vulnerability--ec7b651f-3918-441a-a0c8-b2b8f3b7abcd.json new file mode 100644 index 00000000000..956fc3a17bc --- /dev/null +++ b/objects/vulnerability/vulnerability--ec7b651f-3918-441a-a0c8-b2b8f3b7abcd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cc723a9-d9a1-4079-8fba-f561582bb80f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec7b651f-3918-441a-a0c8-b2b8f3b7abcd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.243434Z", + "modified": "2024-11-29T00:22:07.243434Z", + "name": "CVE-2024-11962", + "description": "A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f019873a-81a7-4aa8-981b-0d343c06c384.json b/objects/vulnerability/vulnerability--f019873a-81a7-4aa8-981b-0d343c06c384.json new file mode 100644 index 00000000000..92eb1fece16 --- /dev/null +++ b/objects/vulnerability/vulnerability--f019873a-81a7-4aa8-981b-0d343c06c384.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6ab28fc-7e02-4706-9775-c6dd3c0a52d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f019873a-81a7-4aa8-981b-0d343c06c384", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.566392Z", + "modified": "2024-11-29T00:22:07.566392Z", + "name": "CVE-2024-8672", + "description": "The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2422783-80fe-41a3-91ee-e1beecd2efc1.json b/objects/vulnerability/vulnerability--f2422783-80fe-41a3-91ee-e1beecd2efc1.json new file mode 100644 index 00000000000..1695e065b71 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2422783-80fe-41a3-91ee-e1beecd2efc1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77f087a4-0a95-46fa-b29c-eb1718f841e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2422783-80fe-41a3-91ee-e1beecd2efc1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.193962Z", + "modified": "2024-11-29T00:22:07.193962Z", + "name": "CVE-2024-11967", + "description": "A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2644ff6-8a41-4f6b-b2ec-32f3edb597ee.json b/objects/vulnerability/vulnerability--f2644ff6-8a41-4f6b-b2ec-32f3edb597ee.json new file mode 100644 index 00000000000..d237b5f2808 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2644ff6-8a41-4f6b-b2ec-32f3edb597ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1240e7e-c590-4db6-9737-8ea904c12d44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2644ff6-8a41-4f6b-b2ec-32f3edb597ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.180285Z", + "modified": "2024-11-29T00:22:07.180285Z", + "name": "CVE-2024-11964", + "description": "A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3eacff3-40b2-4606-899a-27899a15d593.json b/objects/vulnerability/vulnerability--f3eacff3-40b2-4606-899a-27899a15d593.json new file mode 100644 index 00000000000..6ff652ea403 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3eacff3-40b2-4606-899a-27899a15d593.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4bcc894-1f22-427f-a15e-e20c007c301e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3eacff3-40b2-4606-899a-27899a15d593", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:06.637177Z", + "modified": "2024-11-29T00:22:06.637177Z", + "name": "CVE-2024-52496", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7.json b/objects/vulnerability/vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7.json new file mode 100644 index 00000000000..f2b791d072a --- /dev/null +++ b/objects/vulnerability/vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3a83f6e-3291-446f-b0f3-768d276f68d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5739db6-77e1-4b90-8d06-ba5442f29de7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:20.333842Z", + "modified": "2024-11-29T00:22:20.333842Z", + "name": "CVE-2018-9377", + "description": "In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9377" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc5347fa-de48-4ea4-8c6c-7afdb0fda75d.json b/objects/vulnerability/vulnerability--fc5347fa-de48-4ea4-8c6c-7afdb0fda75d.json new file mode 100644 index 00000000000..2f6e50087a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--fc5347fa-de48-4ea4-8c6c-7afdb0fda75d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ceda415a-85c2-4574-b49e-f3f03141704c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc5347fa-de48-4ea4-8c6c-7afdb0fda75d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.615651Z", + "modified": "2024-11-29T00:22:07.615651Z", + "name": "CVE-2024-38389", + "description": "There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd0bf6b7-d555-4e02-b165-ceda459171f5.json b/objects/vulnerability/vulnerability--fd0bf6b7-d555-4e02-b165-ceda459171f5.json new file mode 100644 index 00000000000..ac666c5e62b --- /dev/null +++ b/objects/vulnerability/vulnerability--fd0bf6b7-d555-4e02-b165-ceda459171f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b659ccfa-5b13-43e9-adfa-09d98a394eed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd0bf6b7-d555-4e02-b165-ceda459171f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.236328Z", + "modified": "2024-11-29T00:22:07.236328Z", + "name": "CVE-2024-11761", + "description": "The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11761" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fee2c535-930b-4cd6-ad3d-6b75d273331a.json b/objects/vulnerability/vulnerability--fee2c535-930b-4cd6-ad3d-6b75d273331a.json new file mode 100644 index 00000000000..1969bbc4cf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--fee2c535-930b-4cd6-ad3d-6b75d273331a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6920bb91-8ac8-491d-8382-8277c307769d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fee2c535-930b-4cd6-ad3d-6b75d273331a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-29T00:22:07.178591Z", + "modified": "2024-11-29T00:22:07.178591Z", + "name": "CVE-2024-11203", + "description": "The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11203" + } + ] + } + ] +} \ No newline at end of file