diff --git a/mapping.csv b/mapping.csv index c86f67bf5a4..4253930a2bf 100644 --- a/mapping.csv +++ b/mapping.csv @@ -257031,3 +257031,125 @@ vulnerability,CVE-2018-9339,vulnerability--276c680a-7402-4ed8-8676-ba6a566ef01f vulnerability,CVE-2018-9421,vulnerability--31794af8-16a2-4b4b-b820-5ea77c9ac254 vulnerability,CVE-2018-9456,vulnerability--07b6688b-dad4-45c9-a074-722aa9a87246 vulnerability,CVE-2018-9365,vulnerability--7a6786fa-4cfe-495a-a9b5-d3651deec419 +vulnerability,CVE-2024-51208,vulnerability--6124da26-d79a-4c85-954c-21d97e0f8450 +vulnerability,CVE-2024-51209,vulnerability--268f8874-65f4-4307-8aa0-005e6eb9fe79 +vulnerability,CVE-2024-51151,vulnerability--9f28ea8b-3d48-4f34-820d-de767c661958 +vulnerability,CVE-2024-51163,vulnerability--0cc0df9e-52a7-43b7-b981-952119905394 +vulnerability,CVE-2024-51162,vulnerability--b781a805-371d-48c9-9848-8859d7f5a004 +vulnerability,CVE-2024-48531,vulnerability--fdb7869f-a47b-441f-8454-831313611e3f +vulnerability,CVE-2024-48536,vulnerability--200b18bb-d0c8-4ae9-b11a-196a1a260152 +vulnerability,CVE-2024-48895,vulnerability--1d774df9-34d5-4a79-9621-e381e6376c5a +vulnerability,CVE-2024-48534,vulnerability--3720b69f-dd87-4754-967e-c89fbd034a48 +vulnerability,CVE-2024-48530,vulnerability--7c9f650a-880e-4c65-9ec2-eceb4f9b670b +vulnerability,CVE-2024-48982,vulnerability--76c9ceb8-b954-4863-814e-f51470663fb4 +vulnerability,CVE-2024-48533,vulnerability--6517eaf7-44bc-4974-912b-cbb6ea23bcc2 +vulnerability,CVE-2024-48985,vulnerability--d84d26f8-c703-43cd-8154-0756215993da +vulnerability,CVE-2024-48986,vulnerability--af991285-e61f-4ae2-9175-84e9a66562f3 +vulnerability,CVE-2024-48983,vulnerability--1cb3639a-90bc-4b86-8de3-cac3663c5687 +vulnerability,CVE-2024-48981,vulnerability--7a291730-fe5a-4035-912d-30134f97e189 +vulnerability,CVE-2024-48899,vulnerability--2d67290c-123e-40f0-8f6b-1ac996e6a596 +vulnerability,CVE-2024-48984,vulnerability--9e4c83b2-b00c-4cb5-814b-37a86e7cf1c2 +vulnerability,CVE-2024-48535,vulnerability--7b7e97c4-024d-433a-b70a-9269f5e56b08 +vulnerability,CVE-2024-52442,vulnerability--243ceb6d-702a-461f-b746-af439f600f06 +vulnerability,CVE-2024-52473,vulnerability--7dc21e66-1922-458f-b285-61e2d1839ca2 +vulnerability,CVE-2024-52440,vulnerability--2e29c6f3-505d-4426-acf6-fd6e0cb643b4 +vulnerability,CVE-2024-52451,vulnerability--21943dc2-b49d-4a92-8e2a-e39b2835667f +vulnerability,CVE-2024-52447,vulnerability--dced2a7b-e4c9-4bda-9f49-92a07b184572 +vulnerability,CVE-2024-52441,vulnerability--539579a2-39cb-4b4c-bd37-3fe8ffa6f345 +vulnerability,CVE-2024-52437,vulnerability--37115755-732e-4e98-9774-7dbdbcee8a67 +vulnerability,CVE-2024-52701,vulnerability--c081c9a0-4390-4e30-b367-655190515939 +vulnerability,CVE-2024-52614,vulnerability--6fef9bf2-b2dd-46d6-b5c5-23c8b0fab995 +vulnerability,CVE-2024-52677,vulnerability--6e7407c7-11b4-4740-8547-2ee2357b2769 +vulnerability,CVE-2024-52755,vulnerability--5becfa09-e206-4921-a610-bc9a0a9e8189 +vulnerability,CVE-2024-52444,vulnerability--f288034a-1d68-4580-8f46-30bc1649f16f +vulnerability,CVE-2024-52769,vulnerability--97675622-2089-4622-85f2-452f6d366bb7 +vulnerability,CVE-2024-52770,vulnerability--cee39f59-5d5a-4c38-a775-252c8716a0d2 +vulnerability,CVE-2024-52581,vulnerability--2395c6cc-b111-4c87-b111-d92796f35024 +vulnerability,CVE-2024-52796,vulnerability--079695fc-addc-4cba-b804-390d9618292e +vulnerability,CVE-2024-52739,vulnerability--a3847305-5b2a-4c8b-a794-14eb73a798b3 +vulnerability,CVE-2024-52446,vulnerability--f75b6548-2a73-4c46-8460-46c191934381 +vulnerability,CVE-2024-52470,vulnerability--7ba01079-0add-4cc1-a354-82152bdb3333 +vulnerability,CVE-2024-52771,vulnerability--583a4ecd-0437-4724-a356-8ac3d7088c76 +vulnerability,CVE-2024-52471,vulnerability--22f611e3-fe48-4ce0-bdc8-c93c912196c5 +vulnerability,CVE-2024-52725,vulnerability--89ca6223-8b2a-43de-948a-145a6cf4e714 +vulnerability,CVE-2024-52765,vulnerability--3540e1b0-f862-4bca-8319-12d81ebc9dbf +vulnerability,CVE-2024-52598,vulnerability--9a90f43f-e8cc-4b54-827f-75ec9c70c1a2 +vulnerability,CVE-2024-52597,vulnerability--fb04e9f6-236f-4c99-8da3-ace19a83e4ba +vulnerability,CVE-2024-52438,vulnerability--61dce463-72c5-4f5c-a4cf-82ecbf4c5dff +vulnerability,CVE-2024-52450,vulnerability--411cd270-b521-4e1a-b981-2016fe37c65c +vulnerability,CVE-2024-52439,vulnerability--9a66d72c-2e03-45a5-97a7-8024b736f000 +vulnerability,CVE-2024-52757,vulnerability--372afce3-b7c4-46b4-b73a-e686675d8656 +vulnerability,CVE-2024-52449,vulnerability--8f03062c-74af-4e2d-a6e8-6c089d8fb616 +vulnerability,CVE-2024-52445,vulnerability--14e3fed8-7e88-4552-a1f7-290104e66f3f +vulnerability,CVE-2024-52033,vulnerability--21574974-8d98-404b-9ccf-589d52ebed00 +vulnerability,CVE-2024-52443,vulnerability--0eca3f37-84f3-4bcf-adbe-6094eb40268d +vulnerability,CVE-2024-52448,vulnerability--3f42dd3c-722d-40b7-8e10-e7ec983d01a2 +vulnerability,CVE-2024-52754,vulnerability--6f036588-2d2c-47d8-8a80-cdb879903ee7 +vulnerability,CVE-2024-52702,vulnerability--ae91a199-02fd-4827-b4f8-1fa3cfeca05f +vulnerability,CVE-2024-52472,vulnerability--0c2e2819-9136-496f-849c-ce416c08e314 +vulnerability,CVE-2024-45690,vulnerability--bd264cc7-8841-4e48-9dd5-0ca7131467fc +vulnerability,CVE-2024-45511,vulnerability--a0360d4c-33c5-4d7c-b2ad-5790749c29f1 +vulnerability,CVE-2024-45689,vulnerability--695d2048-ad1e-4ffb-9c50-ab338eda43c9 +vulnerability,CVE-2024-45510,vulnerability--889d2488-79aa-486a-a644-15e3fc381e0f +vulnerability,CVE-2024-45691,vulnerability--7e2a6188-0f8c-4f83-ba93-e82fdbe98be3 +vulnerability,CVE-2024-10515,vulnerability--85862ee4-2c6c-4b9d-a0d3-53b0c0bae91f +vulnerability,CVE-2024-10891,vulnerability--230655d6-0eac-49c9-948a-ac449c3fda84 +vulnerability,CVE-2024-10127,vulnerability--83acc0a5-b362-4dfd-927d-5acc396bc3f6 +vulnerability,CVE-2024-10855,vulnerability--ccddbd92-6700-4be8-a092-0c335af0cc23 +vulnerability,CVE-2024-10520,vulnerability--a423ae73-6711-4bbd-8e36-7fb4dffc6470 +vulnerability,CVE-2024-10900,vulnerability--95c3a126-f819-4ab0-b0d5-e78ea5c2bf7b +vulnerability,CVE-2024-10365,vulnerability--06f55f1f-c541-4b93-a6be-cf2989a174dc +vulnerability,CVE-2024-10126,vulnerability--7a505fb1-fea3-44f3-90cb-384af8d89dda +vulnerability,CVE-2024-10094,vulnerability--36a03c49-fb5e-4d3e-a8fe-d421c96fe4b5 +vulnerability,CVE-2024-10913,vulnerability--00f25db2-3689-4aed-864c-0e2dfc02cc71 +vulnerability,CVE-2024-10872,vulnerability--19f247ca-37ac-44c7-bb7b-e5216df6f624 +vulnerability,CVE-2024-10382,vulnerability--b705a530-28b7-44fb-95d7-c45613d7283c +vulnerability,CVE-2024-10899,vulnerability--48add1b6-f6a3-4d76-ae5d-b153083796b4 +vulnerability,CVE-2024-10665,vulnerability--d8380731-a819-43e6-991f-199382ab94ec +vulnerability,CVE-2024-9875,vulnerability--66564933-eae6-4a95-bd3f-472b9c1e6a45 +vulnerability,CVE-2024-9478,vulnerability--17a1fbdb-616b-45d3-bfe7-08632ccfcf0e +vulnerability,CVE-2024-9239,vulnerability--f94db6c1-6423-4fc8-a9ec-334510738037 +vulnerability,CVE-2024-9479,vulnerability--751496c1-7d0c-4f18-b376-4237b4087172 +vulnerability,CVE-2024-9653,vulnerability--30d00938-4378-4253-8f05-e722d2ba81e5 +vulnerability,CVE-2024-47865,vulnerability--5fa8ef16-1864-4f2a-a5d0-adc69ba4cda6 +vulnerability,CVE-2024-11489,vulnerability--32baa3ae-a878-453c-b11d-9bd1d2d55ab6 +vulnerability,CVE-2024-11495,vulnerability--bde7f41f-e314-4560-9c2b-1dde8854fab9 +vulnerability,CVE-2024-11404,vulnerability--72f9c85e-88fc-4f45-b19c-cfd7108fcd73 +vulnerability,CVE-2024-11491,vulnerability--cd2e06cb-3801-41f5-bac9-d1baa591684a +vulnerability,CVE-2024-11485,vulnerability--8ff4719a-0d5a-4a4f-9d40-cef6f25c111e +vulnerability,CVE-2024-11154,vulnerability--4bb2fe97-4724-46f9-ac3a-c3e00d1509d6 +vulnerability,CVE-2024-11492,vulnerability--db4e7484-d0b5-4ba9-85fc-496ba2f4e634 +vulnerability,CVE-2024-11277,vulnerability--921cc26a-499c-4861-8526-2a2db96fee73 +vulnerability,CVE-2024-11490,vulnerability--9f4062db-e83b-4c61-b63d-c03bc52b3ea9 +vulnerability,CVE-2024-11487,vulnerability--e1257e03-ab23-4d25-832b-a1d81c27a473 +vulnerability,CVE-2024-11406,vulnerability--dfe673dc-9c09-4793-853b-24b0f246fcf0 +vulnerability,CVE-2024-11488,vulnerability--aaa820d0-d361-4a51-b65a-b083e04809b7 +vulnerability,CVE-2024-11278,vulnerability--08031699-5ae9-4f6c-bb13-28aa58eb5a09 +vulnerability,CVE-2024-11484,vulnerability--260a6e4e-9434-4a89-a186-d9cc63f90bc8 +vulnerability,CVE-2024-11486,vulnerability--e93d3e30-fed8-43d4-8398-56924b3de46a +vulnerability,CVE-2024-11179,vulnerability--67da18c4-0ec4-4aef-8540-03819c8eb96c +vulnerability,CVE-2024-11176,vulnerability--fe9c3fe7-8a3f-40e9-b574-03e13ba6f803 +vulnerability,CVE-2024-11493,vulnerability--1cc46d40-d905-4718-af28-db6458a1dc11 +vulnerability,CVE-2024-11494,vulnerability--aa87bab4-2e7d-4525-adb3-94e09dc4f26d +vulnerability,CVE-2024-33439,vulnerability--a8ddc9c5-4875-4d35-aeed-74714debb45f +vulnerability,CVE-2024-8726,vulnerability--e3e09227-f37d-45a9-9a4b-306e6185fabf +vulnerability,CVE-2024-49203,vulnerability--28963455-a72e-49bb-9ae5-e6a2e58ed98d +vulnerability,CVE-2024-29292,vulnerability--1e33f521-6a5a-4b6e-b74d-6b5e82c8b340 +vulnerability,CVE-2018-9485,vulnerability--37c4be73-1d43-41c4-8588-9cb0829575e2 +vulnerability,CVE-2018-9474,vulnerability--dba1bef0-8c39-4509-aa41-72e894ad2133 +vulnerability,CVE-2018-9472,vulnerability--db2cdac5-6558-442c-91f8-10e8de04dd77 +vulnerability,CVE-2018-9479,vulnerability--acc8c701-cee2-4d8a-9ed2-f5a46ef07b0c +vulnerability,CVE-2018-9481,vulnerability--03531c69-af02-44c5-95c3-e4fff552fdad +vulnerability,CVE-2018-9480,vulnerability--dbc5daea-a3a6-4db0-8553-5309014dab1f +vulnerability,CVE-2018-9487,vulnerability--998b4086-27fc-449c-ab83-f558a6284b9a +vulnerability,CVE-2018-9478,vulnerability--a1168936-5e9c-4d6c-9304-9de956c8afe4 +vulnerability,CVE-2018-9484,vulnerability--facc78d1-0c79-497f-b50b-577fce8a91c1 +vulnerability,CVE-2018-9477,vulnerability--7b7f2074-03f3-4b7a-9d38-0fbffe8cda67 +vulnerability,CVE-2018-9475,vulnerability--3ef4359b-a480-4e4d-8c1d-004082d8ea57 +vulnerability,CVE-2018-9468,vulnerability--7164a1aa-7119-4d32-9159-8d16aef7bf10 +vulnerability,CVE-2018-9469,vulnerability--a1bd2c65-742b-46aa-abca-3ee94222bfee +vulnerability,CVE-2018-9483,vulnerability--3d7d2e26-965c-43fb-9b14-23ba8e64d8cd +vulnerability,CVE-2018-9482,vulnerability--cbed6b91-b43a-494e-a84f-14d409512f7b +vulnerability,CVE-2018-9471,vulnerability--c1dd2695-0c8c-4433-83cc-089d6ee1cde6 +vulnerability,CVE-2018-9470,vulnerability--9a69f45d-ef66-452a-8bc4-fd9c6902eae7 +vulnerability,CVE-2018-9486,vulnerability--86269b11-a26e-47fb-98e7-ffa6b5a89497 diff --git a/objects/vulnerability/vulnerability--00f25db2-3689-4aed-864c-0e2dfc02cc71.json b/objects/vulnerability/vulnerability--00f25db2-3689-4aed-864c-0e2dfc02cc71.json new file mode 100644 index 00000000000..763c0949149 --- /dev/null +++ b/objects/vulnerability/vulnerability--00f25db2-3689-4aed-864c-0e2dfc02cc71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8b71747-aa18-4f56-90bb-31538374da0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00f25db2-3689-4aed-864c-0e2dfc02cc71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.413987Z", + "modified": "2024-11-21T00:21:59.413987Z", + "name": "CVE-2024-10913", + "description": "The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10913" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03531c69-af02-44c5-95c3-e4fff552fdad.json b/objects/vulnerability/vulnerability--03531c69-af02-44c5-95c3-e4fff552fdad.json new file mode 100644 index 00000000000..796611da6a5 --- /dev/null +++ b/objects/vulnerability/vulnerability--03531c69-af02-44c5-95c3-e4fff552fdad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91f25260-3393-4439-9834-5043ef0bba05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03531c69-af02-44c5-95c3-e4fff552fdad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.899497Z", + "modified": "2024-11-21T00:22:12.899497Z", + "name": "CVE-2018-9481", + "description": "In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06f55f1f-c541-4b93-a6be-cf2989a174dc.json b/objects/vulnerability/vulnerability--06f55f1f-c541-4b93-a6be-cf2989a174dc.json new file mode 100644 index 00000000000..02d55b0ad0e --- /dev/null +++ b/objects/vulnerability/vulnerability--06f55f1f-c541-4b93-a6be-cf2989a174dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--351cac4f-d67a-4d07-acde-ce9ac4096fbb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06f55f1f-c541-4b93-a6be-cf2989a174dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.402399Z", + "modified": "2024-11-21T00:21:59.402399Z", + "name": "CVE-2024-10365", + "description": "The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--079695fc-addc-4cba-b804-390d9618292e.json b/objects/vulnerability/vulnerability--079695fc-addc-4cba-b804-390d9618292e.json new file mode 100644 index 00000000000..2e1b7395457 --- /dev/null +++ b/objects/vulnerability/vulnerability--079695fc-addc-4cba-b804-390d9618292e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44a99eb0-a1d6-4df1-9444-0f8539b6b211", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--079695fc-addc-4cba-b804-390d9618292e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.258981Z", + "modified": "2024-11-21T00:21:59.258981Z", + "name": "CVE-2024-52796", + "description": "Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as `X-Forwarded-*` from clients.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08031699-5ae9-4f6c-bb13-28aa58eb5a09.json b/objects/vulnerability/vulnerability--08031699-5ae9-4f6c-bb13-28aa58eb5a09.json new file mode 100644 index 00000000000..74122b7d705 --- /dev/null +++ b/objects/vulnerability/vulnerability--08031699-5ae9-4f6c-bb13-28aa58eb5a09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54f3e092-6a36-486c-b158-97de86996485", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08031699-5ae9-4f6c-bb13-28aa58eb5a09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.857971Z", + "modified": "2024-11-21T00:21:59.857971Z", + "name": "CVE-2024-11278", + "description": "The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c2e2819-9136-496f-849c-ce416c08e314.json b/objects/vulnerability/vulnerability--0c2e2819-9136-496f-849c-ce416c08e314.json new file mode 100644 index 00000000000..3dcc18007df --- /dev/null +++ b/objects/vulnerability/vulnerability--0c2e2819-9136-496f-849c-ce416c08e314.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba4a7540-08c4-490d-a484-b1f473c5f6c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c2e2819-9136-496f-849c-ce416c08e314", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.303354Z", + "modified": "2024-11-21T00:21:59.303354Z", + "name": "CVE-2024-52472", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weather Atlas Weather Atlas Widget allows Reflected XSS.This issue affects Weather Atlas Widget: from n/a through 3.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0cc0df9e-52a7-43b7-b981-952119905394.json b/objects/vulnerability/vulnerability--0cc0df9e-52a7-43b7-b981-952119905394.json new file mode 100644 index 00000000000..92d9aba1ac2 --- /dev/null +++ b/objects/vulnerability/vulnerability--0cc0df9e-52a7-43b7-b981-952119905394.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66e8c9b0-969b-4ce7-a7ed-cb102ac0cfe4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0cc0df9e-52a7-43b7-b981-952119905394", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.064442Z", + "modified": "2024-11-21T00:21:59.064442Z", + "name": "CVE-2024-51163", + "description": "Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.47.0 and earlier allows a remote attacker to obtain sensitive information via the print labelling function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0eca3f37-84f3-4bcf-adbe-6094eb40268d.json b/objects/vulnerability/vulnerability--0eca3f37-84f3-4bcf-adbe-6094eb40268d.json new file mode 100644 index 00000000000..0f9ee7c780e --- /dev/null +++ b/objects/vulnerability/vulnerability--0eca3f37-84f3-4bcf-adbe-6094eb40268d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23c59482-3b76-418d-b6cc-c4dc4c93a260", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0eca3f37-84f3-4bcf-adbe-6094eb40268d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.28791Z", + "modified": "2024-11-21T00:21:59.28791Z", + "name": "CVE-2024-52443", + "description": "Deserialization of Untrusted Data vulnerability in Nerijus Masikonis Geolocator allows Object Injection.This issue affects Geolocator: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52443" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14e3fed8-7e88-4552-a1f7-290104e66f3f.json b/objects/vulnerability/vulnerability--14e3fed8-7e88-4552-a1f7-290104e66f3f.json new file mode 100644 index 00000000000..0a9d73c5857 --- /dev/null +++ b/objects/vulnerability/vulnerability--14e3fed8-7e88-4552-a1f7-290104e66f3f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a8fe24f-e6ef-4d9f-a1c8-f524e74278fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14e3fed8-7e88-4552-a1f7-290104e66f3f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.285097Z", + "modified": "2024-11-21T00:21:59.285097Z", + "name": "CVE-2024-52445", + "description": "Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu Restaurant QR Menu Lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through 1.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17a1fbdb-616b-45d3-bfe7-08632ccfcf0e.json b/objects/vulnerability/vulnerability--17a1fbdb-616b-45d3-bfe7-08632ccfcf0e.json new file mode 100644 index 00000000000..3e6e6b77157 --- /dev/null +++ b/objects/vulnerability/vulnerability--17a1fbdb-616b-45d3-bfe7-08632ccfcf0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14a8004a-d21b-494a-963e-27000d54ae9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17a1fbdb-616b-45d3-bfe7-08632ccfcf0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.46635Z", + "modified": "2024-11-21T00:21:59.46635Z", + "name": "CVE-2024-9478", + "description": "Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19f247ca-37ac-44c7-bb7b-e5216df6f624.json b/objects/vulnerability/vulnerability--19f247ca-37ac-44c7-bb7b-e5216df6f624.json new file mode 100644 index 00000000000..703d93ec40d --- /dev/null +++ b/objects/vulnerability/vulnerability--19f247ca-37ac-44c7-bb7b-e5216df6f624.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18b989a2-9ada-4fa7-8add-2e69d832ee25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19f247ca-37ac-44c7-bb7b-e5216df6f624", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.415098Z", + "modified": "2024-11-21T00:21:59.415098Z", + "name": "CVE-2024-10872", + "description": "The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cb3639a-90bc-4b86-8de3-cac3663c5687.json b/objects/vulnerability/vulnerability--1cb3639a-90bc-4b86-8de3-cac3663c5687.json new file mode 100644 index 00000000000..13e33d67371 --- /dev/null +++ b/objects/vulnerability/vulnerability--1cb3639a-90bc-4b86-8de3-cac3663c5687.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c45399ae-0972-48a7-a67c-156b95681371", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cb3639a-90bc-4b86-8de3-cac3663c5687", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.134657Z", + "modified": "2024-11-21T00:21:59.134657Z", + "name": "CVE-2024-48983", + "description": "An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier plus the header length. WsfMsgAlloc then increments this again by sizeof(wsfMsg_t). This may cause an integer overflow that results in the buffer being significantly too small to contain the entire packet. This may cause a buffer overflow of up to 65 KB . This bug is trivial to exploit for a denial of service but can generally not be exploited further because the exploitable buffer is dynamically allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cc46d40-d905-4718-af28-db6458a1dc11.json b/objects/vulnerability/vulnerability--1cc46d40-d905-4718-af28-db6458a1dc11.json new file mode 100644 index 00000000000..39570ad61cc --- /dev/null +++ b/objects/vulnerability/vulnerability--1cc46d40-d905-4718-af28-db6458a1dc11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8659ac87-ada2-4900-bbd5-4d3c5396247a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cc46d40-d905-4718-af28-db6458a1dc11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.866223Z", + "modified": "2024-11-21T00:21:59.866223Z", + "name": "CVE-2024-11493", + "description": "A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d774df9-34d5-4a79-9621-e381e6376c5a.json b/objects/vulnerability/vulnerability--1d774df9-34d5-4a79-9621-e381e6376c5a.json new file mode 100644 index 00000000000..44ae3faf565 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d774df9-34d5-4a79-9621-e381e6376c5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1a97089-3af9-476a-b7ad-e50ab037e7d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d774df9-34d5-4a79-9621-e381e6376c5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.101952Z", + "modified": "2024-11-21T00:21:59.101952Z", + "name": "CVE-2024-48895", + "description": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48895" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e33f521-6a5a-4b6e-b74d-6b5e82c8b340.json b/objects/vulnerability/vulnerability--1e33f521-6a5a-4b6e-b74d-6b5e82c8b340.json new file mode 100644 index 00000000000..650aabc08cf --- /dev/null +++ b/objects/vulnerability/vulnerability--1e33f521-6a5a-4b6e-b74d-6b5e82c8b340.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2118aa0-6ae5-4cbe-a643-56f33df1fbb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e33f521-6a5a-4b6e-b74d-6b5e82c8b340", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:01.457103Z", + "modified": "2024-11-21T00:22:01.457103Z", + "name": "CVE-2024-29292", + "description": "Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--200b18bb-d0c8-4ae9-b11a-196a1a260152.json b/objects/vulnerability/vulnerability--200b18bb-d0c8-4ae9-b11a-196a1a260152.json new file mode 100644 index 00000000000..830c66b8a27 --- /dev/null +++ b/objects/vulnerability/vulnerability--200b18bb-d0c8-4ae9-b11a-196a1a260152.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ba79c5a-95aa-4edf-8125-fef76967040d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--200b18bb-d0c8-4ae9-b11a-196a1a260152", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.097116Z", + "modified": "2024-11-21T00:21:59.097116Z", + "name": "CVE-2024-48536", + "description": "Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21574974-8d98-404b-9ccf-589d52ebed00.json b/objects/vulnerability/vulnerability--21574974-8d98-404b-9ccf-589d52ebed00.json new file mode 100644 index 00000000000..e51027beb11 --- /dev/null +++ b/objects/vulnerability/vulnerability--21574974-8d98-404b-9ccf-589d52ebed00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8080f4eb-92ea-4100-9241-74200c2c0b6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21574974-8d98-404b-9ccf-589d52ebed00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.286195Z", + "modified": "2024-11-21T00:21:59.286195Z", + "name": "CVE-2024-52033", + "description": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52033" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21943dc2-b49d-4a92-8e2a-e39b2835667f.json b/objects/vulnerability/vulnerability--21943dc2-b49d-4a92-8e2a-e39b2835667f.json new file mode 100644 index 00000000000..762eeb55f2b --- /dev/null +++ b/objects/vulnerability/vulnerability--21943dc2-b49d-4a92-8e2a-e39b2835667f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1800125e-0068-48f4-8a40-5a00069abe35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21943dc2-b49d-4a92-8e2a-e39b2835667f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.22897Z", + "modified": "2024-11-21T00:21:59.22897Z", + "name": "CVE-2024-52451", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Aaron Robbins Post Ideas allows SQL Injection.This issue affects Post Ideas: from n/a through 2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22f611e3-fe48-4ce0-bdc8-c93c912196c5.json b/objects/vulnerability/vulnerability--22f611e3-fe48-4ce0-bdc8-c93c912196c5.json new file mode 100644 index 00000000000..8bd8d3d51c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--22f611e3-fe48-4ce0-bdc8-c93c912196c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd8c6cc2-4b17-467e-8b92-8e25adaef0c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22f611e3-fe48-4ce0-bdc8-c93c912196c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.268462Z", + "modified": "2024-11-21T00:21:59.268462Z", + "name": "CVE-2024-52471", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--230655d6-0eac-49c9-948a-ac449c3fda84.json b/objects/vulnerability/vulnerability--230655d6-0eac-49c9-948a-ac449c3fda84.json new file mode 100644 index 00000000000..982be297da1 --- /dev/null +++ b/objects/vulnerability/vulnerability--230655d6-0eac-49c9-948a-ac449c3fda84.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26df5b52-d555-4c8d-8e34-b53775730f78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--230655d6-0eac-49c9-948a-ac449c3fda84", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.378799Z", + "modified": "2024-11-21T00:21:59.378799Z", + "name": "CVE-2024-10891", + "description": "The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10891" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2395c6cc-b111-4c87-b111-d92796f35024.json b/objects/vulnerability/vulnerability--2395c6cc-b111-4c87-b111-d92796f35024.json new file mode 100644 index 00000000000..6f0bc13ea75 --- /dev/null +++ b/objects/vulnerability/vulnerability--2395c6cc-b111-4c87-b111-d92796f35024.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4cc3bca4-be8a-4548-aa66-1bfcca115283", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2395c6cc-b111-4c87-b111-d92796f35024", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.257093Z", + "modified": "2024-11-21T00:21:59.257093Z", + "name": "CVE-2024-52581", + "description": "Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to upload arbitrary large files wrapped in a `multipart/form-data` request and cause excessive memory consumption on the server. The multipart form parser in affected versions is vulnerable to this type of attack by design. The public method signature as well as its implementation both expect the entire request body to be available as a single byte string. It is not possible to accept large file uploads in a safe way using this parser. This may be a regression, as a variation of this issue was already reported in CVE-2023-25578. Limiting the part number is not sufficient to prevent out-of-memory errors on the server. A patch is available in version 2.13.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--243ceb6d-702a-461f-b746-af439f600f06.json b/objects/vulnerability/vulnerability--243ceb6d-702a-461f-b746-af439f600f06.json new file mode 100644 index 00000000000..ffaf849cef4 --- /dev/null +++ b/objects/vulnerability/vulnerability--243ceb6d-702a-461f-b746-af439f600f06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0865c19-3283-4540-ba65-7fa46ee83258", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--243ceb6d-702a-461f-b746-af439f600f06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.205502Z", + "modified": "2024-11-21T00:21:59.205502Z", + "name": "CVE-2024-52442", + "description": "Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52442" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--260a6e4e-9434-4a89-a186-d9cc63f90bc8.json b/objects/vulnerability/vulnerability--260a6e4e-9434-4a89-a186-d9cc63f90bc8.json new file mode 100644 index 00000000000..7d970c4bc00 --- /dev/null +++ b/objects/vulnerability/vulnerability--260a6e4e-9434-4a89-a186-d9cc63f90bc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7e388fb-05cf-4b34-aef3-a093be18e86d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--260a6e4e-9434-4a89-a186-d9cc63f90bc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.859539Z", + "modified": "2024-11-21T00:21:59.859539Z", + "name": "CVE-2024-11484", + "description": "A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--268f8874-65f4-4307-8aa0-005e6eb9fe79.json b/objects/vulnerability/vulnerability--268f8874-65f4-4307-8aa0-005e6eb9fe79.json new file mode 100644 index 00000000000..cba15415e38 --- /dev/null +++ b/objects/vulnerability/vulnerability--268f8874-65f4-4307-8aa0-005e6eb9fe79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db62ff05-c1ba-473f-8538-771a9e5169cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--268f8874-65f4-4307-8aa0-005e6eb9fe79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.06086Z", + "modified": "2024-11-21T00:21:59.06086Z", + "name": "CVE-2024-51209", + "description": "Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51209" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28963455-a72e-49bb-9ae5-e6a2e58ed98d.json b/objects/vulnerability/vulnerability--28963455-a72e-49bb-9ae5-e6a2e58ed98d.json new file mode 100644 index 00000000000..bf6fd159c81 --- /dev/null +++ b/objects/vulnerability/vulnerability--28963455-a72e-49bb-9ae5-e6a2e58ed98d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4cd4820-69f9-49d3-a14f-4a69ae5daeb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28963455-a72e-49bb-9ae5-e6a2e58ed98d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:00.702269Z", + "modified": "2024-11-21T00:22:00.702269Z", + "name": "CVE-2024-49203", + "description": "Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d67290c-123e-40f0-8f6b-1ac996e6a596.json b/objects/vulnerability/vulnerability--2d67290c-123e-40f0-8f6b-1ac996e6a596.json new file mode 100644 index 00000000000..10949950512 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d67290c-123e-40f0-8f6b-1ac996e6a596.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--156e2c27-f091-4b8d-ba6a-8876dd7983a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d67290c-123e-40f0-8f6b-1ac996e6a596", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.139682Z", + "modified": "2024-11-21T00:21:59.139682Z", + "name": "CVE-2024-48899", + "description": "A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e29c6f3-505d-4426-acf6-fd6e0cb643b4.json b/objects/vulnerability/vulnerability--2e29c6f3-505d-4426-acf6-fd6e0cb643b4.json new file mode 100644 index 00000000000..aaf75d83970 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e29c6f3-505d-4426-acf6-fd6e0cb643b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e94ce3e3-9288-4949-8f36-16941547a046", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e29c6f3-505d-4426-acf6-fd6e0cb643b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.227857Z", + "modified": "2024-11-21T00:21:59.227857Z", + "name": "CVE-2024-52440", + "description": "Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52440" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30d00938-4378-4253-8f05-e722d2ba81e5.json b/objects/vulnerability/vulnerability--30d00938-4378-4253-8f05-e722d2ba81e5.json new file mode 100644 index 00000000000..bab170ea497 --- /dev/null +++ b/objects/vulnerability/vulnerability--30d00938-4378-4253-8f05-e722d2ba81e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89160c47-0d4b-4efc-b3b2-4b89a55700c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30d00938-4378-4253-8f05-e722d2ba81e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.490425Z", + "modified": "2024-11-21T00:21:59.490425Z", + "name": "CVE-2024-9653", + "description": "The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32baa3ae-a878-453c-b11d-9bd1d2d55ab6.json b/objects/vulnerability/vulnerability--32baa3ae-a878-453c-b11d-9bd1d2d55ab6.json new file mode 100644 index 00000000000..5773b37a053 --- /dev/null +++ b/objects/vulnerability/vulnerability--32baa3ae-a878-453c-b11d-9bd1d2d55ab6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae1768ac-5a9b-4ef1-a855-0c8963b01899", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32baa3ae-a878-453c-b11d-9bd1d2d55ab6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.833629Z", + "modified": "2024-11-21T00:21:59.833629Z", + "name": "CVE-2024-11489", + "description": "A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3540e1b0-f862-4bca-8319-12d81ebc9dbf.json b/objects/vulnerability/vulnerability--3540e1b0-f862-4bca-8319-12d81ebc9dbf.json new file mode 100644 index 00000000000..a9a8d750140 --- /dev/null +++ b/objects/vulnerability/vulnerability--3540e1b0-f862-4bca-8319-12d81ebc9dbf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--890bea9c-6e33-4fca-9d4a-cdc9548f7433", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3540e1b0-f862-4bca-8319-12d81ebc9dbf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.272779Z", + "modified": "2024-11-21T00:21:59.272779Z", + "name": "CVE-2024-52765", + "description": "H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36a03c49-fb5e-4d3e-a8fe-d421c96fe4b5.json b/objects/vulnerability/vulnerability--36a03c49-fb5e-4d3e-a8fe-d421c96fe4b5.json new file mode 100644 index 00000000000..a6cf2a64d9f --- /dev/null +++ b/objects/vulnerability/vulnerability--36a03c49-fb5e-4d3e-a8fe-d421c96fe4b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4310d4dc-5b95-454d-a8b0-fb9ae236ee13", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36a03c49-fb5e-4d3e-a8fe-d421c96fe4b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.407966Z", + "modified": "2024-11-21T00:21:59.407966Z", + "name": "CVE-2024-10094", + "description": "Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37115755-732e-4e98-9774-7dbdbcee8a67.json b/objects/vulnerability/vulnerability--37115755-732e-4e98-9774-7dbdbcee8a67.json new file mode 100644 index 00000000000..8e59c478212 --- /dev/null +++ b/objects/vulnerability/vulnerability--37115755-732e-4e98-9774-7dbdbcee8a67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ee18f77-ae99-4ffb-b4c0-5b3a251d301e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37115755-732e-4e98-9774-7dbdbcee8a67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.238814Z", + "modified": "2024-11-21T00:21:59.238814Z", + "name": "CVE-2024-52437", + "description": "Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System allows Privilege Escalation.This issue affects Banner System: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3720b69f-dd87-4754-967e-c89fbd034a48.json b/objects/vulnerability/vulnerability--3720b69f-dd87-4754-967e-c89fbd034a48.json new file mode 100644 index 00000000000..a886b08e7d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--3720b69f-dd87-4754-967e-c89fbd034a48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b3e6635-d301-44bc-a3ad-689d5c3f593a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3720b69f-dd87-4754-967e-c89fbd034a48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.106967Z", + "modified": "2024-11-21T00:21:59.106967Z", + "name": "CVE-2024-48534", + "description": "A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--372afce3-b7c4-46b4-b73a-e686675d8656.json b/objects/vulnerability/vulnerability--372afce3-b7c4-46b4-b73a-e686675d8656.json new file mode 100644 index 00000000000..fe82300475d --- /dev/null +++ b/objects/vulnerability/vulnerability--372afce3-b7c4-46b4-b73a-e686675d8656.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d99f160-6dc5-4e7e-af9c-57e064546ee6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--372afce3-b7c4-46b4-b73a-e686675d8656", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.282865Z", + "modified": "2024-11-21T00:21:59.282865Z", + "name": "CVE-2024-52757", + "description": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52757" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37c4be73-1d43-41c4-8588-9cb0829575e2.json b/objects/vulnerability/vulnerability--37c4be73-1d43-41c4-8588-9cb0829575e2.json new file mode 100644 index 00000000000..351802c0a65 --- /dev/null +++ b/objects/vulnerability/vulnerability--37c4be73-1d43-41c4-8588-9cb0829575e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2404a0c-d0a8-4f4f-b27a-719b4bc5e642", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37c4be73-1d43-41c4-8588-9cb0829575e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.881713Z", + "modified": "2024-11-21T00:22:12.881713Z", + "name": "CVE-2018-9485", + "description": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d7d2e26-965c-43fb-9b14-23ba8e64d8cd.json b/objects/vulnerability/vulnerability--3d7d2e26-965c-43fb-9b14-23ba8e64d8cd.json new file mode 100644 index 00000000000..e4b8a4b65ec --- /dev/null +++ b/objects/vulnerability/vulnerability--3d7d2e26-965c-43fb-9b14-23ba8e64d8cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fbb5ef2-71c6-47d9-b260-ce802e43ea6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d7d2e26-965c-43fb-9b14-23ba8e64d8cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.938632Z", + "modified": "2024-11-21T00:22:12.938632Z", + "name": "CVE-2018-9483", + "description": "In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ef4359b-a480-4e4d-8c1d-004082d8ea57.json b/objects/vulnerability/vulnerability--3ef4359b-a480-4e4d-8c1d-004082d8ea57.json new file mode 100644 index 00000000000..f737f4ce9b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ef4359b-a480-4e4d-8c1d-004082d8ea57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04e25e44-aa88-4b9e-937d-ccb4d25b1439", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ef4359b-a480-4e4d-8c1d-004082d8ea57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.928277Z", + "modified": "2024-11-21T00:22:12.928277Z", + "name": "CVE-2018-9475", + "description": "In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f42dd3c-722d-40b7-8e10-e7ec983d01a2.json b/objects/vulnerability/vulnerability--3f42dd3c-722d-40b7-8e10-e7ec983d01a2.json new file mode 100644 index 00000000000..caab7aff85e --- /dev/null +++ b/objects/vulnerability/vulnerability--3f42dd3c-722d-40b7-8e10-e7ec983d01a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0436fad-a18a-464c-9a24-3bb0215320f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f42dd3c-722d-40b7-8e10-e7ec983d01a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.290864Z", + "modified": "2024-11-21T00:21:59.290864Z", + "name": "CVE-2024-52448", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebCodingPlace Ultimate Classified Listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through 1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52448" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--411cd270-b521-4e1a-b981-2016fe37c65c.json b/objects/vulnerability/vulnerability--411cd270-b521-4e1a-b981-2016fe37c65c.json new file mode 100644 index 00000000000..4d09ccc2ea6 --- /dev/null +++ b/objects/vulnerability/vulnerability--411cd270-b521-4e1a-b981-2016fe37c65c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76cb30da-9e9a-4549-a6a0-c59f10280a35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--411cd270-b521-4e1a-b981-2016fe37c65c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.279895Z", + "modified": "2024-11-21T00:21:59.279895Z", + "name": "CVE-2024-52450", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48add1b6-f6a3-4d76-ae5d-b153083796b4.json b/objects/vulnerability/vulnerability--48add1b6-f6a3-4d76-ae5d-b153083796b4.json new file mode 100644 index 00000000000..3862c6f0629 --- /dev/null +++ b/objects/vulnerability/vulnerability--48add1b6-f6a3-4d76-ae5d-b153083796b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--742518a2-8d7a-4076-a1fb-0895946c8998", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48add1b6-f6a3-4d76-ae5d-b153083796b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.426166Z", + "modified": "2024-11-21T00:21:59.426166Z", + "name": "CVE-2024-10899", + "description": "The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bb2fe97-4724-46f9-ac3a-c3e00d1509d6.json b/objects/vulnerability/vulnerability--4bb2fe97-4724-46f9-ac3a-c3e00d1509d6.json new file mode 100644 index 00000000000..38e09916fd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bb2fe97-4724-46f9-ac3a-c3e00d1509d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d5f8419-c424-45a9-951f-e38dcf039a74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bb2fe97-4724-46f9-ac3a-c3e00d1509d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.84128Z", + "modified": "2024-11-21T00:21:59.84128Z", + "name": "CVE-2024-11154", + "description": "The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11154" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--539579a2-39cb-4b4c-bd37-3fe8ffa6f345.json b/objects/vulnerability/vulnerability--539579a2-39cb-4b4c-bd37-3fe8ffa6f345.json new file mode 100644 index 00000000000..94890807633 --- /dev/null +++ b/objects/vulnerability/vulnerability--539579a2-39cb-4b4c-bd37-3fe8ffa6f345.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f2508f5-1b59-4a70-b1b4-4c652728f396", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--539579a2-39cb-4b4c-bd37-3fe8ffa6f345", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.236802Z", + "modified": "2024-11-21T00:21:59.236802Z", + "name": "CVE-2024-52441", + "description": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn allows Object Injection.This issue affects Quick Learn: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52441" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--583a4ecd-0437-4724-a356-8ac3d7088c76.json b/objects/vulnerability/vulnerability--583a4ecd-0437-4724-a356-8ac3d7088c76.json new file mode 100644 index 00000000000..0495aee00ef --- /dev/null +++ b/objects/vulnerability/vulnerability--583a4ecd-0437-4724-a356-8ac3d7088c76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26dcc72a-8b39-4be7-bdf4-7db44d192e67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--583a4ecd-0437-4724-a356-8ac3d7088c76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.26685Z", + "modified": "2024-11-21T00:21:59.26685Z", + "name": "CVE-2024-52771", + "description": "DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5becfa09-e206-4921-a610-bc9a0a9e8189.json b/objects/vulnerability/vulnerability--5becfa09-e206-4921-a610-bc9a0a9e8189.json new file mode 100644 index 00000000000..e472e5cfbd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--5becfa09-e206-4921-a610-bc9a0a9e8189.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1535e6c-5b0a-4643-96b2-1b6165ea38fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5becfa09-e206-4921-a610-bc9a0a9e8189", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.24586Z", + "modified": "2024-11-21T00:21:59.24586Z", + "name": "CVE-2024-52755", + "description": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52755" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fa8ef16-1864-4f2a-a5d0-adc69ba4cda6.json b/objects/vulnerability/vulnerability--5fa8ef16-1864-4f2a-a5d0-adc69ba4cda6.json new file mode 100644 index 00000000000..3cec2b7de66 --- /dev/null +++ b/objects/vulnerability/vulnerability--5fa8ef16-1864-4f2a-a5d0-adc69ba4cda6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7b9944f-fbe5-409b-99b5-3719be861178", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fa8ef16-1864-4f2a-a5d0-adc69ba4cda6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.571499Z", + "modified": "2024-11-21T00:21:59.571499Z", + "name": "CVE-2024-47865", + "description": "Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6124da26-d79a-4c85-954c-21d97e0f8450.json b/objects/vulnerability/vulnerability--6124da26-d79a-4c85-954c-21d97e0f8450.json new file mode 100644 index 00000000000..0cd646c7aae --- /dev/null +++ b/objects/vulnerability/vulnerability--6124da26-d79a-4c85-954c-21d97e0f8450.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--767e56e8-6515-472f-8757-cd85dfe75a61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6124da26-d79a-4c85-954c-21d97e0f8450", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.024948Z", + "modified": "2024-11-21T00:21:59.024948Z", + "name": "CVE-2024-51208", + "description": "File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61dce463-72c5-4f5c-a4cf-82ecbf4c5dff.json b/objects/vulnerability/vulnerability--61dce463-72c5-4f5c-a4cf-82ecbf4c5dff.json new file mode 100644 index 00000000000..af0660f69f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--61dce463-72c5-4f5c-a4cf-82ecbf4c5dff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5485e1ad-d19a-49e3-b121-5613a6a1bf3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61dce463-72c5-4f5c-a4cf-82ecbf4c5dff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.278205Z", + "modified": "2024-11-21T00:21:59.278205Z", + "name": "CVE-2024-52438", + "description": "Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52438" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6517eaf7-44bc-4974-912b-cbb6ea23bcc2.json b/objects/vulnerability/vulnerability--6517eaf7-44bc-4974-912b-cbb6ea23bcc2.json new file mode 100644 index 00000000000..d7db552e498 --- /dev/null +++ b/objects/vulnerability/vulnerability--6517eaf7-44bc-4974-912b-cbb6ea23bcc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--595920d8-f463-4c42-b9cd-03b0dc6f2b6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6517eaf7-44bc-4974-912b-cbb6ea23bcc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.1149Z", + "modified": "2024-11-21T00:21:59.1149Z", + "name": "CVE-2024-48533", + "description": "A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66564933-eae6-4a95-bd3f-472b9c1e6a45.json b/objects/vulnerability/vulnerability--66564933-eae6-4a95-bd3f-472b9c1e6a45.json new file mode 100644 index 00000000000..4603d28c7a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--66564933-eae6-4a95-bd3f-472b9c1e6a45.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e38c2eca-130f-4ab9-b37e-bd13b5ef56e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66564933-eae6-4a95-bd3f-472b9c1e6a45", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.459852Z", + "modified": "2024-11-21T00:21:59.459852Z", + "name": "CVE-2024-9875", + "description": "Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67da18c4-0ec4-4aef-8540-03819c8eb96c.json b/objects/vulnerability/vulnerability--67da18c4-0ec4-4aef-8540-03819c8eb96c.json new file mode 100644 index 00000000000..8210973cc9a --- /dev/null +++ b/objects/vulnerability/vulnerability--67da18c4-0ec4-4aef-8540-03819c8eb96c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6ca5544-e232-432b-9810-a225118e1421", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67da18c4-0ec4-4aef-8540-03819c8eb96c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.863594Z", + "modified": "2024-11-21T00:21:59.863594Z", + "name": "CVE-2024-11179", + "description": "The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--695d2048-ad1e-4ffb-9c50-ab338eda43c9.json b/objects/vulnerability/vulnerability--695d2048-ad1e-4ffb-9c50-ab338eda43c9.json new file mode 100644 index 00000000000..fd950b2a4a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--695d2048-ad1e-4ffb-9c50-ab338eda43c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d59cfdb-f2b6-49e0-b8fb-1d23c36dadf5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--695d2048-ad1e-4ffb-9c50-ab338eda43c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.340389Z", + "modified": "2024-11-21T00:21:59.340389Z", + "name": "CVE-2024-45689", + "description": "A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e7407c7-11b4-4740-8547-2ee2357b2769.json b/objects/vulnerability/vulnerability--6e7407c7-11b4-4740-8547-2ee2357b2769.json new file mode 100644 index 00000000000..0e84444b670 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e7407c7-11b4-4740-8547-2ee2357b2769.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23cddaf6-485f-4f3a-9eab-a6275bc6260c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e7407c7-11b4-4740-8547-2ee2357b2769", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.244907Z", + "modified": "2024-11-21T00:21:59.244907Z", + "name": "CVE-2024-52677", + "description": "HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f036588-2d2c-47d8-8a80-cdb879903ee7.json b/objects/vulnerability/vulnerability--6f036588-2d2c-47d8-8a80-cdb879903ee7.json new file mode 100644 index 00000000000..74f4b46890e --- /dev/null +++ b/objects/vulnerability/vulnerability--6f036588-2d2c-47d8-8a80-cdb879903ee7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d2fb79b-4499-4f4c-8590-8fb0873bc2e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f036588-2d2c-47d8-8a80-cdb879903ee7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.292532Z", + "modified": "2024-11-21T00:21:59.292532Z", + "name": "CVE-2024-52754", + "description": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fef9bf2-b2dd-46d6-b5c5-23c8b0fab995.json b/objects/vulnerability/vulnerability--6fef9bf2-b2dd-46d6-b5c5-23c8b0fab995.json new file mode 100644 index 00000000000..af594efd409 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fef9bf2-b2dd-46d6-b5c5-23c8b0fab995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d39e612-b55b-4735-90a5-f10f02147353", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fef9bf2-b2dd-46d6-b5c5-23c8b0fab995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.243318Z", + "modified": "2024-11-21T00:21:59.243318Z", + "name": "CVE-2024-52614", + "description": "Use of hard-coded cryptographic key issue exists in \"Kura Sushi Official App Produced by EPARK\" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7164a1aa-7119-4d32-9159-8d16aef7bf10.json b/objects/vulnerability/vulnerability--7164a1aa-7119-4d32-9159-8d16aef7bf10.json new file mode 100644 index 00000000000..aed557c7b8c --- /dev/null +++ b/objects/vulnerability/vulnerability--7164a1aa-7119-4d32-9159-8d16aef7bf10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eccc3a7c-a13f-402c-881a-4c943438b94f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7164a1aa-7119-4d32-9159-8d16aef7bf10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.930262Z", + "modified": "2024-11-21T00:22:12.930262Z", + "name": "CVE-2018-9468", + "description": "In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72f9c85e-88fc-4f45-b19c-cfd7108fcd73.json b/objects/vulnerability/vulnerability--72f9c85e-88fc-4f45-b19c-cfd7108fcd73.json new file mode 100644 index 00000000000..47a5f524571 --- /dev/null +++ b/objects/vulnerability/vulnerability--72f9c85e-88fc-4f45-b19c-cfd7108fcd73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47bd47f8-a018-49e7-9cfd-ad95c3d4fe8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72f9c85e-88fc-4f45-b19c-cfd7108fcd73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.836002Z", + "modified": "2024-11-21T00:21:59.836002Z", + "name": "CVE-2024-11404", + "description": "Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--751496c1-7d0c-4f18-b376-4237b4087172.json b/objects/vulnerability/vulnerability--751496c1-7d0c-4f18-b376-4237b4087172.json new file mode 100644 index 00000000000..0b2aa1b10e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--751496c1-7d0c-4f18-b376-4237b4087172.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12acd670-21b4-48e6-a962-1582b4795cbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--751496c1-7d0c-4f18-b376-4237b4087172", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.486954Z", + "modified": "2024-11-21T00:21:59.486954Z", + "name": "CVE-2024-9479", + "description": "Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76c9ceb8-b954-4863-814e-f51470663fb4.json b/objects/vulnerability/vulnerability--76c9ceb8-b954-4863-814e-f51470663fb4.json new file mode 100644 index 00000000000..ecb46882103 --- /dev/null +++ b/objects/vulnerability/vulnerability--76c9ceb8-b954-4863-814e-f51470663fb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38598749-9545-4f11-912b-60fdeb1232b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76c9ceb8-b954-4863-814e-f51470663fb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.112516Z", + "modified": "2024-11-21T00:21:59.112516Z", + "name": "CVE-2024-48982", + "description": "An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a291730-fe5a-4035-912d-30134f97e189.json b/objects/vulnerability/vulnerability--7a291730-fe5a-4035-912d-30134f97e189.json new file mode 100644 index 00000000000..8a0af1aa7ac --- /dev/null +++ b/objects/vulnerability/vulnerability--7a291730-fe5a-4035-912d-30134f97e189.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7761ebf8-da8a-4b98-8d70-1f06d793fe79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a291730-fe5a-4035-912d-30134f97e189", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.13675Z", + "modified": "2024-11-21T00:21:59.13675Z", + "name": "CVE-2024-48981", + "description": "An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to a not-yet-allocated buffer that is supposed to receive the contents of the packet body. One can then overwrite the state variable used by the function to determine which state of packet parsing is currently occurring. Because the buffer is allocated when the last byte of the header has been copied, the combination of having a bad header length variable that will never match the counter variable and being able to overwrite the state variable with the resulting buffer overflow can be used to advance the function to the next step while skipping the buffer allocation and resulting pointer write. The next 16 bytes from the packet body are then written wherever the corrupted data pointer is pointing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48981" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a505fb1-fea3-44f3-90cb-384af8d89dda.json b/objects/vulnerability/vulnerability--7a505fb1-fea3-44f3-90cb-384af8d89dda.json new file mode 100644 index 00000000000..1b220198f51 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a505fb1-fea3-44f3-90cb-384af8d89dda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06c9f68f-a82f-4042-a3fd-37de15ce3a2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a505fb1-fea3-44f3-90cb-384af8d89dda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.404992Z", + "modified": "2024-11-21T00:21:59.404992Z", + "name": "CVE-2024-10126", + "description": "Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10126" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b7e97c4-024d-433a-b70a-9269f5e56b08.json b/objects/vulnerability/vulnerability--7b7e97c4-024d-433a-b70a-9269f5e56b08.json new file mode 100644 index 00000000000..06bedd5d530 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b7e97c4-024d-433a-b70a-9269f5e56b08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e0250aa-48b5-4d87-9050-d5562d71ab0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b7e97c4-024d-433a-b70a-9269f5e56b08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.144608Z", + "modified": "2024-11-21T00:21:59.144608Z", + "name": "CVE-2024-48535", + "description": "A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48535" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b7f2074-03f3-4b7a-9d38-0fbffe8cda67.json b/objects/vulnerability/vulnerability--7b7f2074-03f3-4b7a-9d38-0fbffe8cda67.json new file mode 100644 index 00000000000..b1da4c809ff --- /dev/null +++ b/objects/vulnerability/vulnerability--7b7f2074-03f3-4b7a-9d38-0fbffe8cda67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e3404c1-55f8-416b-b083-18ce0e487096", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b7f2074-03f3-4b7a-9d38-0fbffe8cda67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.92597Z", + "modified": "2024-11-21T00:22:12.92597Z", + "name": "CVE-2018-9477", + "description": "In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ba01079-0add-4cc1-a354-82152bdb3333.json b/objects/vulnerability/vulnerability--7ba01079-0add-4cc1-a354-82152bdb3333.json new file mode 100644 index 00000000000..7e2fb6de4cb --- /dev/null +++ b/objects/vulnerability/vulnerability--7ba01079-0add-4cc1-a354-82152bdb3333.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--887c3cf6-822b-41d8-aab3-ccfb111d91cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ba01079-0add-4cc1-a354-82152bdb3333", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.264951Z", + "modified": "2024-11-21T00:21:59.264951Z", + "name": "CVE-2024-52470", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c9f650a-880e-4c65-9ec2-eceb4f9b670b.json b/objects/vulnerability/vulnerability--7c9f650a-880e-4c65-9ec2-eceb4f9b670b.json new file mode 100644 index 00000000000..4e1e9503226 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c9f650a-880e-4c65-9ec2-eceb4f9b670b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddf353d5-7cac-441d-8979-db638df1b434", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c9f650a-880e-4c65-9ec2-eceb4f9b670b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.108178Z", + "modified": "2024-11-21T00:21:59.108178Z", + "name": "CVE-2024-48530", + "description": "An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7dc21e66-1922-458f-b285-61e2d1839ca2.json b/objects/vulnerability/vulnerability--7dc21e66-1922-458f-b285-61e2d1839ca2.json new file mode 100644 index 00000000000..4bc8b7a9ca7 --- /dev/null +++ b/objects/vulnerability/vulnerability--7dc21e66-1922-458f-b285-61e2d1839ca2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--683da14f-88a6-409a-bf9b-144bc984c287", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7dc21e66-1922-458f-b285-61e2d1839ca2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.224132Z", + "modified": "2024-11-21T00:21:59.224132Z", + "name": "CVE-2024-52473", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Lyrics Karaoke Player allows Reflected XSS.This issue affects HTML5 Lyrics Karaoke Player: from n/a through 2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e2a6188-0f8c-4f83-ba93-e82fdbe98be3.json b/objects/vulnerability/vulnerability--7e2a6188-0f8c-4f83-ba93-e82fdbe98be3.json new file mode 100644 index 00000000000..e3c4c04ba4e --- /dev/null +++ b/objects/vulnerability/vulnerability--7e2a6188-0f8c-4f83-ba93-e82fdbe98be3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90539a41-0497-4142-b09a-33dd2ca33f69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e2a6188-0f8c-4f83-ba93-e82fdbe98be3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.361083Z", + "modified": "2024-11-21T00:21:59.361083Z", + "name": "CVE-2024-45691", + "description": "A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to \"magic hash\" values.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83acc0a5-b362-4dfd-927d-5acc396bc3f6.json b/objects/vulnerability/vulnerability--83acc0a5-b362-4dfd-927d-5acc396bc3f6.json new file mode 100644 index 00000000000..48a9d3b9e42 --- /dev/null +++ b/objects/vulnerability/vulnerability--83acc0a5-b362-4dfd-927d-5acc396bc3f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d0de944-a16d-4132-8303-6da92667324f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83acc0a5-b362-4dfd-927d-5acc396bc3f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.38711Z", + "modified": "2024-11-21T00:21:59.38711Z", + "name": "CVE-2024-10127", + "description": "Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10127" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85862ee4-2c6c-4b9d-a0d3-53b0c0bae91f.json b/objects/vulnerability/vulnerability--85862ee4-2c6c-4b9d-a0d3-53b0c0bae91f.json new file mode 100644 index 00000000000..028a26e89d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--85862ee4-2c6c-4b9d-a0d3-53b0c0bae91f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dc6512a-ee0c-4a3b-aea3-0d3107eeaada", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85862ee4-2c6c-4b9d-a0d3-53b0c0bae91f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.369932Z", + "modified": "2024-11-21T00:21:59.369932Z", + "name": "CVE-2024-10515", + "description": "In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86269b11-a26e-47fb-98e7-ffa6b5a89497.json b/objects/vulnerability/vulnerability--86269b11-a26e-47fb-98e7-ffa6b5a89497.json new file mode 100644 index 00000000000..1d87e2f3d88 --- /dev/null +++ b/objects/vulnerability/vulnerability--86269b11-a26e-47fb-98e7-ffa6b5a89497.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35026439-c6b2-480e-9ccc-5a903c6731bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86269b11-a26e-47fb-98e7-ffa6b5a89497", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.953626Z", + "modified": "2024-11-21T00:22:12.953626Z", + "name": "CVE-2018-9486", + "description": "In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--889d2488-79aa-486a-a644-15e3fc381e0f.json b/objects/vulnerability/vulnerability--889d2488-79aa-486a-a644-15e3fc381e0f.json new file mode 100644 index 00000000000..6290a27ce63 --- /dev/null +++ b/objects/vulnerability/vulnerability--889d2488-79aa-486a-a644-15e3fc381e0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fde59498-a01b-4a30-92c1-3385418cd180", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--889d2488-79aa-486a-a644-15e3fc381e0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.345335Z", + "modified": "2024-11-21T00:21:59.345335Z", + "name": "CVE-2024-45510", + "description": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89ca6223-8b2a-43de-948a-145a6cf4e714.json b/objects/vulnerability/vulnerability--89ca6223-8b2a-43de-948a-145a6cf4e714.json new file mode 100644 index 00000000000..ee23e9a7ed4 --- /dev/null +++ b/objects/vulnerability/vulnerability--89ca6223-8b2a-43de-948a-145a6cf4e714.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30690132-7772-41fc-9cee-fc1147ba9fa3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89ca6223-8b2a-43de-948a-145a6cf4e714", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.271511Z", + "modified": "2024-11-21T00:21:59.271511Z", + "name": "CVE-2024-52725", + "description": "SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52725" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f03062c-74af-4e2d-a6e8-6c089d8fb616.json b/objects/vulnerability/vulnerability--8f03062c-74af-4e2d-a6e8-6c089d8fb616.json new file mode 100644 index 00000000000..8e77616f95c --- /dev/null +++ b/objects/vulnerability/vulnerability--8f03062c-74af-4e2d-a6e8-6c089d8fb616.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--979ece59-74cf-4059-b0da-f7d6f1b26032", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f03062c-74af-4e2d-a6e8-6c089d8fb616", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.283914Z", + "modified": "2024-11-21T00:21:59.283914Z", + "name": "CVE-2024-52449", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52449" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ff4719a-0d5a-4a4f-9d40-cef6f25c111e.json b/objects/vulnerability/vulnerability--8ff4719a-0d5a-4a4f-9d40-cef6f25c111e.json new file mode 100644 index 00000000000..b4123c4a2ae --- /dev/null +++ b/objects/vulnerability/vulnerability--8ff4719a-0d5a-4a4f-9d40-cef6f25c111e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2e98748-18be-421c-be39-fdde224c7288", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ff4719a-0d5a-4a4f-9d40-cef6f25c111e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.839732Z", + "modified": "2024-11-21T00:21:59.839732Z", + "name": "CVE-2024-11485", + "description": "A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--921cc26a-499c-4861-8526-2a2db96fee73.json b/objects/vulnerability/vulnerability--921cc26a-499c-4861-8526-2a2db96fee73.json new file mode 100644 index 00000000000..4b8a746c59c --- /dev/null +++ b/objects/vulnerability/vulnerability--921cc26a-499c-4861-8526-2a2db96fee73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3ea9079-1fee-403e-9a60-c1a3dbce3183", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--921cc26a-499c-4861-8526-2a2db96fee73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.845709Z", + "modified": "2024-11-21T00:21:59.845709Z", + "name": "CVE-2024-11277", + "description": "The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11277" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95c3a126-f819-4ab0-b0d5-e78ea5c2bf7b.json b/objects/vulnerability/vulnerability--95c3a126-f819-4ab0-b0d5-e78ea5c2bf7b.json new file mode 100644 index 00000000000..424f917cd48 --- /dev/null +++ b/objects/vulnerability/vulnerability--95c3a126-f819-4ab0-b0d5-e78ea5c2bf7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--571c2f6a-4fb6-4c17-b7b0-14b67e5bd681", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95c3a126-f819-4ab0-b0d5-e78ea5c2bf7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.393084Z", + "modified": "2024-11-21T00:21:59.393084Z", + "name": "CVE-2024-10900", + "description": "The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10900" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97675622-2089-4622-85f2-452f6d366bb7.json b/objects/vulnerability/vulnerability--97675622-2089-4622-85f2-452f6d366bb7.json new file mode 100644 index 00000000000..4579a02ba46 --- /dev/null +++ b/objects/vulnerability/vulnerability--97675622-2089-4622-85f2-452f6d366bb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af7422f5-282a-469b-9866-a83ea81a3bab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97675622-2089-4622-85f2-452f6d366bb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.252401Z", + "modified": "2024-11-21T00:21:59.252401Z", + "name": "CVE-2024-52769", + "description": "An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52769" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--998b4086-27fc-449c-ab83-f558a6284b9a.json b/objects/vulnerability/vulnerability--998b4086-27fc-449c-ab83-f558a6284b9a.json new file mode 100644 index 00000000000..8c9d890b5ef --- /dev/null +++ b/objects/vulnerability/vulnerability--998b4086-27fc-449c-ab83-f558a6284b9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--008cf441-ebe7-40c8-acd4-153a47cea4bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--998b4086-27fc-449c-ab83-f558a6284b9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.909392Z", + "modified": "2024-11-21T00:22:12.909392Z", + "name": "CVE-2018-9487", + "description": "In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a66d72c-2e03-45a5-97a7-8024b736f000.json b/objects/vulnerability/vulnerability--9a66d72c-2e03-45a5-97a7-8024b736f000.json new file mode 100644 index 00000000000..4634a068a9c --- /dev/null +++ b/objects/vulnerability/vulnerability--9a66d72c-2e03-45a5-97a7-8024b736f000.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31ec9b65-2b08-4b51-af25-8a2448a1233d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a66d72c-2e03-45a5-97a7-8024b736f000", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.281881Z", + "modified": "2024-11-21T00:21:59.281881Z", + "name": "CVE-2024-52439", + "description": "Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52439" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a69f45d-ef66-452a-8bc4-fd9c6902eae7.json b/objects/vulnerability/vulnerability--9a69f45d-ef66-452a-8bc4-fd9c6902eae7.json new file mode 100644 index 00000000000..beb23c894ad --- /dev/null +++ b/objects/vulnerability/vulnerability--9a69f45d-ef66-452a-8bc4-fd9c6902eae7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ceec84f2-691a-4a0f-a241-2e6800dbb154", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a69f45d-ef66-452a-8bc4-fd9c6902eae7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.945779Z", + "modified": "2024-11-21T00:22:12.945779Z", + "name": "CVE-2018-9470", + "description": "In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a90f43f-e8cc-4b54-827f-75ec9c70c1a2.json b/objects/vulnerability/vulnerability--9a90f43f-e8cc-4b54-827f-75ec9c70c1a2.json new file mode 100644 index 00000000000..df8acdd3cdf --- /dev/null +++ b/objects/vulnerability/vulnerability--9a90f43f-e8cc-4b54-827f-75ec9c70c1a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba95bcd1-4bf7-4255-b35b-a6f93d484329", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a90f43f-e8cc-4b54-827f-75ec9c70c1a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.274455Z", + "modified": "2024-11-21T00:21:59.274455Z", + "name": "CVE-2024-52598", + "description": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e4c83b2-b00c-4cb5-814b-37a86e7cf1c2.json b/objects/vulnerability/vulnerability--9e4c83b2-b00c-4cb5-814b-37a86e7cf1c2.json new file mode 100644 index 00000000000..e46d290dec0 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e4c83b2-b00c-4cb5-814b-37a86e7cf1c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--890c8fa6-fe74-478d-aa62-10391eb0eabe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e4c83b2-b00c-4cb5-814b-37a86e7cf1c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.142157Z", + "modified": "2024-11-21T00:21:59.142157Z", + "name": "CVE-2024-48984", + "description": "An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the second report, etc. In doing this, it tracks the largest report so it can later allocate a buffer that fits every individual report (but only one at a time). It does not, however, validate that these addresses are all contained within the buffer passed to hciEvtProcessLeExtAdvReport. It is then possible, though unlikely, that the buffer designated to hold the reports is allocated in such a way that one of these out-of-bounds length fields is contained within the new buffer. When the (n-1)th report is copied, it overwrites the length field of the nth report. This now corrupted length field is then used for a memcpy into the new buffer, which may lead to a buffer overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f28ea8b-3d48-4f34-820d-de767c661958.json b/objects/vulnerability/vulnerability--9f28ea8b-3d48-4f34-820d-de767c661958.json new file mode 100644 index 00000000000..488d0733e12 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f28ea8b-3d48-4f34-820d-de767c661958.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9dc3f79f-412e-43d2-b2e7-312ff98d59f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f28ea8b-3d48-4f34-820d-de767c661958", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.062517Z", + "modified": "2024-11-21T00:21:59.062517Z", + "name": "CVE-2024-51151", + "description": "D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51151" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f4062db-e83b-4c61-b63d-c03bc52b3ea9.json b/objects/vulnerability/vulnerability--9f4062db-e83b-4c61-b63d-c03bc52b3ea9.json new file mode 100644 index 00000000000..598c966585e --- /dev/null +++ b/objects/vulnerability/vulnerability--9f4062db-e83b-4c61-b63d-c03bc52b3ea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ceff8d9c-6b67-43c7-be61-35df3661ac5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f4062db-e83b-4c61-b63d-c03bc52b3ea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.84803Z", + "modified": "2024-11-21T00:21:59.84803Z", + "name": "CVE-2024-11490", + "description": "A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0360d4c-33c5-4d7c-b2ad-5790749c29f1.json b/objects/vulnerability/vulnerability--a0360d4c-33c5-4d7c-b2ad-5790749c29f1.json new file mode 100644 index 00000000000..146bc8dc012 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0360d4c-33c5-4d7c-b2ad-5790749c29f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed49ab8f-953f-4ca8-9cc3-8586c400231f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0360d4c-33c5-4d7c-b2ad-5790749c29f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.326244Z", + "modified": "2024-11-21T00:21:59.326244Z", + "name": "CVE-2024-45511", + "description": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder containing a malicious file uploaded by the attacker. The vulnerability allows the attacker to execute arbitrary JavaScript in the context of the victim's session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1168936-5e9c-4d6c-9304-9de956c8afe4.json b/objects/vulnerability/vulnerability--a1168936-5e9c-4d6c-9304-9de956c8afe4.json new file mode 100644 index 00000000000..3b19bf77fe7 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1168936-5e9c-4d6c-9304-9de956c8afe4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fe2a2c4-80c7-4729-a5e8-23e12a8a2b59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1168936-5e9c-4d6c-9304-9de956c8afe4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.917137Z", + "modified": "2024-11-21T00:22:12.917137Z", + "name": "CVE-2018-9478", + "description": "In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.  User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1bd2c65-742b-46aa-abca-3ee94222bfee.json b/objects/vulnerability/vulnerability--a1bd2c65-742b-46aa-abca-3ee94222bfee.json new file mode 100644 index 00000000000..5ff5930c419 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1bd2c65-742b-46aa-abca-3ee94222bfee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81e5840b-acc0-478a-b71e-2fbd72542cc1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1bd2c65-742b-46aa-abca-3ee94222bfee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.937069Z", + "modified": "2024-11-21T00:22:12.937069Z", + "name": "CVE-2018-9469", + "description": "In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9469" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3847305-5b2a-4c8b-a794-14eb73a798b3.json b/objects/vulnerability/vulnerability--a3847305-5b2a-4c8b-a794-14eb73a798b3.json new file mode 100644 index 00000000000..5faf47c09e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3847305-5b2a-4c8b-a794-14eb73a798b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7e15478-602a-42ef-8f7f-496e27cb6509", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3847305-5b2a-4c8b-a794-14eb73a798b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.260312Z", + "modified": "2024-11-21T00:21:59.260312Z", + "name": "CVE-2024-52739", + "description": "D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52739" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a423ae73-6711-4bbd-8e36-7fb4dffc6470.json b/objects/vulnerability/vulnerability--a423ae73-6711-4bbd-8e36-7fb4dffc6470.json new file mode 100644 index 00000000000..ed649b7ee09 --- /dev/null +++ b/objects/vulnerability/vulnerability--a423ae73-6711-4bbd-8e36-7fb4dffc6470.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cebe1693-0802-4827-995a-d594e7c4a6fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a423ae73-6711-4bbd-8e36-7fb4dffc6470", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.391787Z", + "modified": "2024-11-21T00:21:59.391787Z", + "name": "CVE-2024-10520", + "description": "The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8ddc9c5-4875-4d35-aeed-74714debb45f.json b/objects/vulnerability/vulnerability--a8ddc9c5-4875-4d35-aeed-74714debb45f.json new file mode 100644 index 00000000000..da10a837cf2 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8ddc9c5-4875-4d35-aeed-74714debb45f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bbf0f654-b9ef-4f85-a1ff-94c87335fa46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8ddc9c5-4875-4d35-aeed-74714debb45f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:00.09004Z", + "modified": "2024-11-21T00:22:00.09004Z", + "name": "CVE-2024-33439", + "description": "An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33439" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa87bab4-2e7d-4525-adb3-94e09dc4f26d.json b/objects/vulnerability/vulnerability--aa87bab4-2e7d-4525-adb3-94e09dc4f26d.json new file mode 100644 index 00000000000..ce426fd10db --- /dev/null +++ b/objects/vulnerability/vulnerability--aa87bab4-2e7d-4525-adb3-94e09dc4f26d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7cf3501-60c3-47f9-9ed0-bc87cab506d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa87bab4-2e7d-4525-adb3-94e09dc4f26d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.873346Z", + "modified": "2024-11-21T00:21:59.873346Z", + "name": "CVE-2024-11494", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aaa820d0-d361-4a51-b65a-b083e04809b7.json b/objects/vulnerability/vulnerability--aaa820d0-d361-4a51-b65a-b083e04809b7.json new file mode 100644 index 00000000000..0b7a6aec6cd --- /dev/null +++ b/objects/vulnerability/vulnerability--aaa820d0-d361-4a51-b65a-b083e04809b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4bed7118-fe2c-427b-925a-bf5603bc9df4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aaa820d0-d361-4a51-b65a-b083e04809b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.856564Z", + "modified": "2024-11-21T00:21:59.856564Z", + "name": "CVE-2024-11488", + "description": "A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acc8c701-cee2-4d8a-9ed2-f5a46ef07b0c.json b/objects/vulnerability/vulnerability--acc8c701-cee2-4d8a-9ed2-f5a46ef07b0c.json new file mode 100644 index 00000000000..ee609c3dce6 --- /dev/null +++ b/objects/vulnerability/vulnerability--acc8c701-cee2-4d8a-9ed2-f5a46ef07b0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ea55455-c6e8-43bd-89f7-b873eb83f1d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acc8c701-cee2-4d8a-9ed2-f5a46ef07b0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.898218Z", + "modified": "2024-11-21T00:22:12.898218Z", + "name": "CVE-2018-9479", + "description": "In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.  User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae91a199-02fd-4827-b4f8-1fa3cfeca05f.json b/objects/vulnerability/vulnerability--ae91a199-02fd-4827-b4f8-1fa3cfeca05f.json new file mode 100644 index 00000000000..ce8dd5664eb --- /dev/null +++ b/objects/vulnerability/vulnerability--ae91a199-02fd-4827-b4f8-1fa3cfeca05f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--738d90c3-6e14-49a6-97e0-3398446b3a8c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae91a199-02fd-4827-b4f8-1fa3cfeca05f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.294135Z", + "modified": "2024-11-21T00:21:59.294135Z", + "name": "CVE-2024-52702", + "description": "A stored cross-site scripting (XSS) vulnerability in the component install\\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52702" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af991285-e61f-4ae2-9175-84e9a66562f3.json b/objects/vulnerability/vulnerability--af991285-e61f-4ae2-9175-84e9a66562f3.json new file mode 100644 index 00000000000..9f2552e7802 --- /dev/null +++ b/objects/vulnerability/vulnerability--af991285-e61f-4ae2-9175-84e9a66562f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cda3a49-c2c0-4255-96a7-b96567c66d43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af991285-e61f-4ae2-9175-84e9a66562f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.11917Z", + "modified": "2024-11-21T00:21:59.11917Z", + "name": "CVE-2024-48986", + "description": "An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48986" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b705a530-28b7-44fb-95d7-c45613d7283c.json b/objects/vulnerability/vulnerability--b705a530-28b7-44fb-95d7-c45613d7283c.json new file mode 100644 index 00000000000..f61654f4b37 --- /dev/null +++ b/objects/vulnerability/vulnerability--b705a530-28b7-44fb-95d7-c45613d7283c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b416613f-be85-4402-bf11-5e9ee155cfcb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b705a530-28b7-44fb-95d7-c45613d7283c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.417453Z", + "modified": "2024-11-21T00:21:59.417453Z", + "name": "CVE-2024-10382", + "description": "There exists a code execution vulnerability in the Car App Android Jetpack Library. In the CarAppService desrialization logic is used that allows for arbitrary java classes to be constructed. In combination with other gadgets, this can lead to arbitrary code execution. An attacker needs to have an app on a victims Android device that uses the CarAppService Class and the victim would need to install a malicious app alongside it. We recommend upgrading the library past version 1.7.0-beta02", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10382" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b781a805-371d-48c9-9848-8859d7f5a004.json b/objects/vulnerability/vulnerability--b781a805-371d-48c9-9848-8859d7f5a004.json new file mode 100644 index 00000000000..9e8b3c2443c --- /dev/null +++ b/objects/vulnerability/vulnerability--b781a805-371d-48c9-9848-8859d7f5a004.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c2551eb-ad55-477a-81a9-34093d9e5473", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b781a805-371d-48c9-9848-8859d7f5a004", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.075231Z", + "modified": "2024-11-21T00:21:59.075231Z", + "name": "CVE-2024-51162", + "description": "An issue in Audimex EE v.15.1.20 and before allows a remote attacker to escalate privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd264cc7-8841-4e48-9dd5-0ca7131467fc.json b/objects/vulnerability/vulnerability--bd264cc7-8841-4e48-9dd5-0ca7131467fc.json new file mode 100644 index 00000000000..9d9ea60d4f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd264cc7-8841-4e48-9dd5-0ca7131467fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f1cefb7-6580-4250-ae49-0ce414af80a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd264cc7-8841-4e48-9dd5-0ca7131467fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.311537Z", + "modified": "2024-11-21T00:21:59.311537Z", + "name": "CVE-2024-45690", + "description": "A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45690" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bde7f41f-e314-4560-9c2b-1dde8854fab9.json b/objects/vulnerability/vulnerability--bde7f41f-e314-4560-9c2b-1dde8854fab9.json new file mode 100644 index 00000000000..b5469b3a496 --- /dev/null +++ b/objects/vulnerability/vulnerability--bde7f41f-e314-4560-9c2b-1dde8854fab9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edad32da-4fd6-4f4d-9688-b47a75c902f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bde7f41f-e314-4560-9c2b-1dde8854fab9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.834952Z", + "modified": "2024-11-21T00:21:59.834952Z", + "name": "CVE-2024-11495", + "description": "Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c081c9a0-4390-4e30-b367-655190515939.json b/objects/vulnerability/vulnerability--c081c9a0-4390-4e30-b367-655190515939.json new file mode 100644 index 00000000000..c2fc53f074c --- /dev/null +++ b/objects/vulnerability/vulnerability--c081c9a0-4390-4e30-b367-655190515939.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e25dd8f-99b3-4865-9176-cc52e367b167", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c081c9a0-4390-4e30-b367-655190515939", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.24065Z", + "modified": "2024-11-21T00:21:59.24065Z", + "name": "CVE-2024-52701", + "description": "A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1dd2695-0c8c-4433-83cc-089d6ee1cde6.json b/objects/vulnerability/vulnerability--c1dd2695-0c8c-4433-83cc-089d6ee1cde6.json new file mode 100644 index 00000000000..bb975466d74 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1dd2695-0c8c-4433-83cc-089d6ee1cde6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--353b6902-2602-4d45-9ff5-fae1a4faafbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1dd2695-0c8c-4433-83cc-089d6ee1cde6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.943028Z", + "modified": "2024-11-21T00:22:12.943028Z", + "name": "CVE-2018-9471", + "description": "In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbed6b91-b43a-494e-a84f-14d409512f7b.json b/objects/vulnerability/vulnerability--cbed6b91-b43a-494e-a84f-14d409512f7b.json new file mode 100644 index 00000000000..86e10cbd98c --- /dev/null +++ b/objects/vulnerability/vulnerability--cbed6b91-b43a-494e-a84f-14d409512f7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2aa32045-8229-4817-8ebc-7261b36e707f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbed6b91-b43a-494e-a84f-14d409512f7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.940567Z", + "modified": "2024-11-21T00:22:12.940567Z", + "name": "CVE-2018-9482", + "description": "In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ccddbd92-6700-4be8-a092-0c335af0cc23.json b/objects/vulnerability/vulnerability--ccddbd92-6700-4be8-a092-0c335af0cc23.json new file mode 100644 index 00000000000..6f3616a9a3a --- /dev/null +++ b/objects/vulnerability/vulnerability--ccddbd92-6700-4be8-a092-0c335af0cc23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--854a5315-9d20-4a2e-8e78-40b25fac8483", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ccddbd92-6700-4be8-a092-0c335af0cc23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.389718Z", + "modified": "2024-11-21T00:21:59.389718Z", + "name": "CVE-2024-10855", + "description": "The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10855" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd2e06cb-3801-41f5-bac9-d1baa591684a.json b/objects/vulnerability/vulnerability--cd2e06cb-3801-41f5-bac9-d1baa591684a.json new file mode 100644 index 00000000000..31521e1308c --- /dev/null +++ b/objects/vulnerability/vulnerability--cd2e06cb-3801-41f5-bac9-d1baa591684a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77b4ec52-0bdf-4e55-9c63-059a30b4edb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd2e06cb-3801-41f5-bac9-d1baa591684a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.83764Z", + "modified": "2024-11-21T00:21:59.83764Z", + "name": "CVE-2024-11491", + "description": "A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php/admin/web/useradmin.html. The manipulation of the argument ks leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cee39f59-5d5a-4c38-a775-252c8716a0d2.json b/objects/vulnerability/vulnerability--cee39f59-5d5a-4c38-a775-252c8716a0d2.json new file mode 100644 index 00000000000..0f8e500232b --- /dev/null +++ b/objects/vulnerability/vulnerability--cee39f59-5d5a-4c38-a775-252c8716a0d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07a27bea-25ba-4bfb-8a32-fefe8e47b6d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cee39f59-5d5a-4c38-a775-252c8716a0d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.255491Z", + "modified": "2024-11-21T00:21:59.255491Z", + "name": "CVE-2024-52770", + "description": "An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8380731-a819-43e6-991f-199382ab94ec.json b/objects/vulnerability/vulnerability--d8380731-a819-43e6-991f-199382ab94ec.json new file mode 100644 index 00000000000..f828f83af92 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8380731-a819-43e6-991f-199382ab94ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0550b64-2087-4a67-a167-e203aea92bce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8380731-a819-43e6-991f-199382ab94ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.428566Z", + "modified": "2024-11-21T00:21:59.428566Z", + "name": "CVE-2024-10665", + "description": "The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d84d26f8-c703-43cd-8154-0756215993da.json b/objects/vulnerability/vulnerability--d84d26f8-c703-43cd-8154-0756215993da.json new file mode 100644 index 00000000000..16a12bcbf58 --- /dev/null +++ b/objects/vulnerability/vulnerability--d84d26f8-c703-43cd-8154-0756215993da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad025d01-e2a4-4407-9928-801d3145acbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d84d26f8-c703-43cd-8154-0756215993da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.116334Z", + "modified": "2024-11-21T00:21:59.116334Z", + "name": "CVE-2024-48985", + "description": "An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes into the 4-byte large temporary header buffer, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to the buffer that is supposed to receive the contents of the packet body but which couldn't be allocated. One can then overwrite the state variable used by the function to determine which step of the parsing process is currently being executed. This advances the function to the next state, where it proceeds to copy data to that arbitrary location. The packet body is then written wherever the corrupted data pointer is pointing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48985" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db2cdac5-6558-442c-91f8-10e8de04dd77.json b/objects/vulnerability/vulnerability--db2cdac5-6558-442c-91f8-10e8de04dd77.json new file mode 100644 index 00000000000..d93ac62cb06 --- /dev/null +++ b/objects/vulnerability/vulnerability--db2cdac5-6558-442c-91f8-10e8de04dd77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1e13141-91b1-4938-b8a9-5ec9e0670c8c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db2cdac5-6558-442c-91f8-10e8de04dd77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.895428Z", + "modified": "2024-11-21T00:22:12.895428Z", + "name": "CVE-2018-9472", + "description": "In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db4e7484-d0b5-4ba9-85fc-496ba2f4e634.json b/objects/vulnerability/vulnerability--db4e7484-d0b5-4ba9-85fc-496ba2f4e634.json new file mode 100644 index 00000000000..25ca1d92445 --- /dev/null +++ b/objects/vulnerability/vulnerability--db4e7484-d0b5-4ba9-85fc-496ba2f4e634.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19d68755-951a-409f-b5a6-deaaede8269a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db4e7484-d0b5-4ba9-85fc-496ba2f4e634", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.84285Z", + "modified": "2024-11-21T00:21:59.84285Z", + "name": "CVE-2024-11492", + "description": "A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dba1bef0-8c39-4509-aa41-72e894ad2133.json b/objects/vulnerability/vulnerability--dba1bef0-8c39-4509-aa41-72e894ad2133.json new file mode 100644 index 00000000000..4829312731b --- /dev/null +++ b/objects/vulnerability/vulnerability--dba1bef0-8c39-4509-aa41-72e894ad2133.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1ac9199-5f50-485d-8a36-56b519db142b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dba1bef0-8c39-4509-aa41-72e894ad2133", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.893088Z", + "modified": "2024-11-21T00:22:12.893088Z", + "name": "CVE-2018-9474", + "description": "In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbc5daea-a3a6-4db0-8553-5309014dab1f.json b/objects/vulnerability/vulnerability--dbc5daea-a3a6-4db0-8553-5309014dab1f.json new file mode 100644 index 00000000000..3f8c8a4506a --- /dev/null +++ b/objects/vulnerability/vulnerability--dbc5daea-a3a6-4db0-8553-5309014dab1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e527f5c3-fa55-4760-b0d1-6080b43adcfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbc5daea-a3a6-4db0-8553-5309014dab1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.908109Z", + "modified": "2024-11-21T00:22:12.908109Z", + "name": "CVE-2018-9480", + "description": "In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dced2a7b-e4c9-4bda-9f49-92a07b184572.json b/objects/vulnerability/vulnerability--dced2a7b-e4c9-4bda-9f49-92a07b184572.json new file mode 100644 index 00000000000..249202e0c3d --- /dev/null +++ b/objects/vulnerability/vulnerability--dced2a7b-e4c9-4bda-9f49-92a07b184572.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2010d0e-a07b-411c-ad7f-166db299a47f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dced2a7b-e4c9-4bda-9f49-92a07b184572", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.234434Z", + "modified": "2024-11-21T00:21:59.234434Z", + "name": "CVE-2024-52447", + "description": "Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52447" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dfe673dc-9c09-4793-853b-24b0f246fcf0.json b/objects/vulnerability/vulnerability--dfe673dc-9c09-4793-853b-24b0f246fcf0.json new file mode 100644 index 00000000000..79ee6ca3ce7 --- /dev/null +++ b/objects/vulnerability/vulnerability--dfe673dc-9c09-4793-853b-24b0f246fcf0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aaa83b22-e589-4249-bdab-e233f2c36009", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dfe673dc-9c09-4793-853b-24b0f246fcf0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.853007Z", + "modified": "2024-11-21T00:21:59.853007Z", + "name": "CVE-2024-11406", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1257e03-ab23-4d25-832b-a1d81c27a473.json b/objects/vulnerability/vulnerability--e1257e03-ab23-4d25-832b-a1d81c27a473.json new file mode 100644 index 00000000000..20decc8ef0f --- /dev/null +++ b/objects/vulnerability/vulnerability--e1257e03-ab23-4d25-832b-a1d81c27a473.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fccfdd46-762d-4969-a000-da3cb7dbe4e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1257e03-ab23-4d25-832b-a1d81c27a473", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.850211Z", + "modified": "2024-11-21T00:21:59.850211Z", + "name": "CVE-2024-11487", + "description": "A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3e09227-f37d-45a9-9a4b-306e6185fabf.json b/objects/vulnerability/vulnerability--e3e09227-f37d-45a9-9a4b-306e6185fabf.json new file mode 100644 index 00000000000..1caf8dc77c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3e09227-f37d-45a9-9a4b-306e6185fabf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05d52397-62d8-4ba5-b9e4-ddecd9ae968d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3e09227-f37d-45a9-9a4b-306e6185fabf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:00.15715Z", + "modified": "2024-11-21T00:22:00.15715Z", + "name": "CVE-2024-8726", + "description": "The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8726" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e93d3e30-fed8-43d4-8398-56924b3de46a.json b/objects/vulnerability/vulnerability--e93d3e30-fed8-43d4-8398-56924b3de46a.json new file mode 100644 index 00000000000..f248791c805 --- /dev/null +++ b/objects/vulnerability/vulnerability--e93d3e30-fed8-43d4-8398-56924b3de46a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c4bb318-234c-4559-ae04-4a97f29d403b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e93d3e30-fed8-43d4-8398-56924b3de46a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.860731Z", + "modified": "2024-11-21T00:21:59.860731Z", + "name": "CVE-2024-11486", + "description": "A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f288034a-1d68-4580-8f46-30bc1649f16f.json b/objects/vulnerability/vulnerability--f288034a-1d68-4580-8f46-30bc1649f16f.json new file mode 100644 index 00000000000..807f7e43bb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f288034a-1d68-4580-8f46-30bc1649f16f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b3fc6c6-d465-4261-bfed-9987310b9c02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f288034a-1d68-4580-8f46-30bc1649f16f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.247657Z", + "modified": "2024-11-21T00:21:59.247657Z", + "name": "CVE-2024-52444", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPOPAL Opal Woo Custom Product Variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52444" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f75b6548-2a73-4c46-8460-46c191934381.json b/objects/vulnerability/vulnerability--f75b6548-2a73-4c46-8460-46c191934381.json new file mode 100644 index 00000000000..041db1f37d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f75b6548-2a73-4c46-8460-46c191934381.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35d01db3-2916-415f-a35c-54f5bb10c87f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f75b6548-2a73-4c46-8460-46c191934381", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.263771Z", + "modified": "2024-11-21T00:21:59.263771Z", + "name": "CVE-2024-52446", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through 1.1.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52446" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f94db6c1-6423-4fc8-a9ec-334510738037.json b/objects/vulnerability/vulnerability--f94db6c1-6423-4fc8-a9ec-334510738037.json new file mode 100644 index 00000000000..c9553fbc1b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f94db6c1-6423-4fc8-a9ec-334510738037.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5f0a2b8-0064-45d4-82d0-6457528a61ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f94db6c1-6423-4fc8-a9ec-334510738037", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.471261Z", + "modified": "2024-11-21T00:21:59.471261Z", + "name": "CVE-2024-9239", + "description": "The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--facc78d1-0c79-497f-b50b-577fce8a91c1.json b/objects/vulnerability/vulnerability--facc78d1-0c79-497f-b50b-577fce8a91c1.json new file mode 100644 index 00000000000..6c791ca363b --- /dev/null +++ b/objects/vulnerability/vulnerability--facc78d1-0c79-497f-b50b-577fce8a91c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea9ee241-8252-4463-8b18-d70d25f912b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--facc78d1-0c79-497f-b50b-577fce8a91c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:22:12.922771Z", + "modified": "2024-11-21T00:22:12.922771Z", + "name": "CVE-2018-9484", + "description": "In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb04e9f6-236f-4c99-8da3-ace19a83e4ba.json b/objects/vulnerability/vulnerability--fb04e9f6-236f-4c99-8da3-ace19a83e4ba.json new file mode 100644 index 00000000000..c38a8cb722e --- /dev/null +++ b/objects/vulnerability/vulnerability--fb04e9f6-236f-4c99-8da3-ace19a83e4ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--817da7b4-f3b6-4df7-87f5-2c3a852c761c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb04e9f6-236f-4c99-8da3-ace19a83e4ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.27686Z", + "modified": "2024-11-21T00:21:59.27686Z", + "name": "CVE-2024-52597", + "description": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One of the accepted types of image is SVG, which allows JS scripting. Therefore, by uploading a malicious SVG which contains JS code, an attacker which is able to drive a victim to the uploaded image could compromise that victim's session and access to their tokens. Version 5.4.1 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdb7869f-a47b-441f-8454-831313611e3f.json b/objects/vulnerability/vulnerability--fdb7869f-a47b-441f-8454-831313611e3f.json new file mode 100644 index 00000000000..9097897c3b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--fdb7869f-a47b-441f-8454-831313611e3f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8141c18e-eb55-427b-bcd7-2b470d6d2430", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdb7869f-a47b-441f-8454-831313611e3f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.094376Z", + "modified": "2024-11-21T00:21:59.094376Z", + "name": "CVE-2024-48531", + "description": "A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe9c3fe7-8a3f-40e9-b574-03e13ba6f803.json b/objects/vulnerability/vulnerability--fe9c3fe7-8a3f-40e9-b574-03e13ba6f803.json new file mode 100644 index 00000000000..a74407bbb2d --- /dev/null +++ b/objects/vulnerability/vulnerability--fe9c3fe7-8a3f-40e9-b574-03e13ba6f803.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--915b1066-fc9a-499d-8568-4299cda34274", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe9c3fe7-8a3f-40e9-b574-03e13ba6f803", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-21T00:21:59.864595Z", + "modified": "2024-11-21T00:21:59.864595Z", + "name": "CVE-2024-11176", + "description": "Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11176" + } + ] + } + ] +} \ No newline at end of file