diff --git a/mapping.csv b/mapping.csv index 491065387ef..16cc3465b42 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248540,3 +248540,59 @@ vulnerability,CVE-2024-8579,vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb vulnerability,CVE-2024-8582,vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27 vulnerability,CVE-2024-43835,vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85 vulnerability,CVE-2024-43859,vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f +vulnerability,CVE-2024-27366,vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7 +vulnerability,CVE-2024-27367,vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2 +vulnerability,CVE-2024-27387,vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e +vulnerability,CVE-2024-27368,vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9 +vulnerability,CVE-2024-27364,vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c +vulnerability,CVE-2024-27365,vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846 +vulnerability,CVE-2024-27383,vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129 +vulnerability,CVE-2024-37288,vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752 +vulnerability,CVE-2024-44375,vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209 +vulnerability,CVE-2024-44333,vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98 +vulnerability,CVE-2024-44721,vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b +vulnerability,CVE-2024-44334,vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9 +vulnerability,CVE-2024-44335,vulnerability--c93ddcae-874f-4901-9c98-1add547d07de +vulnerability,CVE-2024-44849,vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2 +vulnerability,CVE-2024-44720,vulnerability--801f8f64-212e-427a-a55d-e96890b955ca +vulnerability,CVE-2024-44902,vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0 +vulnerability,CVE-2024-44085,vulnerability--e1f021d4-b515-4698-8709-744ae02e9676 +vulnerability,CVE-2024-44725,vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e +vulnerability,CVE-2024-44724,vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2 +vulnerability,CVE-2024-44411,vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c +vulnerability,CVE-2024-44410,vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a +vulnerability,CVE-2024-6796,vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d +vulnerability,CVE-2024-6572,vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc +vulnerability,CVE-2024-6910,vulnerability--203fbb58-d361-4480-a165-7883f5cc8676 +vulnerability,CVE-2024-6795,vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa +vulnerability,CVE-2024-42759,vulnerability--782902b1-c26d-430e-ae9e-7073303150d8 +vulnerability,CVE-2024-42500,vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43 +vulnerability,CVE-2024-24510,vulnerability--54da2c6f-834e-4759-8548-713134ceb15b +vulnerability,CVE-2024-8586,vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d +vulnerability,CVE-2024-8604,vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276 +vulnerability,CVE-2024-8611,vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3 +vulnerability,CVE-2024-8605,vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a +vulnerability,CVE-2024-8610,vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7 +vulnerability,CVE-2024-8372,vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415 +vulnerability,CVE-2024-8042,vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10 +vulnerability,CVE-2024-8373,vulnerability--46db5192-1aaa-4009-8314-04043db2e23a +vulnerability,CVE-2024-8585,vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79 +vulnerability,CVE-2024-8584,vulnerability--94528850-866c-4ac7-b7d9-67664564f925 +vulnerability,CVE-2024-8601,vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e +vulnerability,CVE-2024-7015,vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b +vulnerability,CVE-2024-7688,vulnerability--42acd64a-e174-442c-8605-623a47c129b7 +vulnerability,CVE-2024-7318,vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f +vulnerability,CVE-2024-7341,vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f +vulnerability,CVE-2024-7260,vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4 +vulnerability,CVE-2024-7687,vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89 +vulnerability,CVE-2024-7918,vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b +vulnerability,CVE-2024-7689,vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02 +vulnerability,CVE-2024-40643,vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f +vulnerability,CVE-2024-5561,vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce +vulnerability,CVE-2024-45041,vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e +vulnerability,CVE-2024-45296,vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b +vulnerability,CVE-2024-45411,vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571 +vulnerability,CVE-2024-45203,vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec +vulnerability,CVE-2024-45625,vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8 +vulnerability,CVE-2024-45406,vulnerability--b3c995e8-6543-4238-8543-80477be10f8a +vulnerability,CVE-2023-50883,vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3 diff --git a/objects/vulnerability/vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a.json b/objects/vulnerability/vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a.json new file mode 100644 index 00000000000..8c8f6406b96 --- /dev/null +++ b/objects/vulnerability/vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--957a71c0-ec18-48a6-8b19-8c9edf74b0fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.746253Z", + "modified": "2024-09-10T00:19:32.746253Z", + "name": "CVE-2024-8605", + "description": "A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f.json b/objects/vulnerability/vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f.json new file mode 100644 index 00000000000..43c4e378d91 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ae4ac14-6a73-4c48-9ce4-5d5eee383b75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.403967Z", + "modified": "2024-09-10T00:19:33.403967Z", + "name": "CVE-2024-40643", + "description": "Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that \"<\" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an \"illegal\" tag within a tag.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4.json b/objects/vulnerability/vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4.json new file mode 100644 index 00000000000..5f8baa5eca7 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--136e52b7-0a09-4835-8cb1-7947d7c65505", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.233271Z", + "modified": "2024-09-10T00:19:33.233271Z", + "name": "CVE-2024-7260", + "description": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415.json b/objects/vulnerability/vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415.json new file mode 100644 index 00000000000..2fbbb0e3899 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f78f426b-ffb7-4ef3-b7e5-92e8e9c7c047", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.750279Z", + "modified": "2024-09-10T00:19:32.750279Z", + "name": "CVE-2024-8372", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8372" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--203fbb58-d361-4480-a165-7883f5cc8676.json b/objects/vulnerability/vulnerability--203fbb58-d361-4480-a165-7883f5cc8676.json new file mode 100644 index 00000000000..acdae2ea77a --- /dev/null +++ b/objects/vulnerability/vulnerability--203fbb58-d361-4480-a165-7883f5cc8676.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd32e1ed-ed9c-4583-b473-b97f0403e61b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--203fbb58-d361-4480-a165-7883f5cc8676", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.13766Z", + "modified": "2024-09-10T00:19:32.13766Z", + "name": "CVE-2024-6910", + "description": "The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e.json b/objects/vulnerability/vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e.json new file mode 100644 index 00000000000..3e16ed35365 --- /dev/null +++ b/objects/vulnerability/vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7cabfb9-094e-4974-a397-a01e2a2d6adf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.683388Z", + "modified": "2024-09-10T00:19:31.683388Z", + "name": "CVE-2024-27387", + "description": "An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on rtt_id coming from userspace, which can lead to a heap overwrite.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b.json b/objects/vulnerability/vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b.json new file mode 100644 index 00000000000..a342400a8c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f4d9c08-1424-408e-adfe-d2a6ba9e3b11", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.205048Z", + "modified": "2024-09-10T00:19:33.205048Z", + "name": "CVE-2024-7015", + "description": "Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f.json b/objects/vulnerability/vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f.json new file mode 100644 index 00000000000..2f25552343b --- /dev/null +++ b/objects/vulnerability/vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff0ed3e2-371a-4267-817b-ee1dbb63ba4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.22481Z", + "modified": "2024-09-10T00:19:33.22481Z", + "name": "CVE-2024-7341", + "description": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8.json b/objects/vulnerability/vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8.json new file mode 100644 index 00000000000..58cda0463ca --- /dev/null +++ b/objects/vulnerability/vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b204142-7bf0-43e0-b06f-8cba4269d7d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.660043Z", + "modified": "2024-09-10T00:19:33.660043Z", + "name": "CVE-2024-45625", + "description": "Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42acd64a-e174-442c-8605-623a47c129b7.json b/objects/vulnerability/vulnerability--42acd64a-e174-442c-8605-623a47c129b7.json new file mode 100644 index 00000000000..4e581a45daf --- /dev/null +++ b/objects/vulnerability/vulnerability--42acd64a-e174-442c-8605-623a47c129b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--310e134b-a850-4eec-a6bc-3c4c381d1965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42acd64a-e174-442c-8605-623a47c129b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.20784Z", + "modified": "2024-09-10T00:19:33.20784Z", + "name": "CVE-2024-7688", + "description": "The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46db5192-1aaa-4009-8314-04043db2e23a.json b/objects/vulnerability/vulnerability--46db5192-1aaa-4009-8314-04043db2e23a.json new file mode 100644 index 00000000000..e124aef87f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--46db5192-1aaa-4009-8314-04043db2e23a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddcfac1d-d81b-49db-be0b-c79fd6d51c85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46db5192-1aaa-4009-8314-04043db2e23a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.756916Z", + "modified": "2024-09-10T00:19:32.756916Z", + "name": "CVE-2024-8373", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8373" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209.json b/objects/vulnerability/vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209.json new file mode 100644 index 00000000000..e60a9a7edfc --- /dev/null +++ b/objects/vulnerability/vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be691f0f-2283-4656-a786-bc918aec4494", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.841195Z", + "modified": "2024-09-10T00:19:31.841195Z", + "name": "CVE-2024-44375", + "description": "D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44375" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3.json b/objects/vulnerability/vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3.json new file mode 100644 index 00000000000..cc69f34e238 --- /dev/null +++ b/objects/vulnerability/vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fab0abd-38e1-4201-a6a3-55a948765f49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.743558Z", + "modified": "2024-09-10T00:19:32.743558Z", + "name": "CVE-2024-8611", + "description": "A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c.json b/objects/vulnerability/vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c.json new file mode 100644 index 00000000000..0f07d5965b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db028350-5119-42f7-9d77-4f2b546a4bb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.69179Z", + "modified": "2024-09-10T00:19:31.69179Z", + "name": "CVE-2024-27364", + "description": "An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98.json b/objects/vulnerability/vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98.json new file mode 100644 index 00000000000..40dd6ed4f52 --- /dev/null +++ b/objects/vulnerability/vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcd1667c-50bc-4a7c-9202-9f6aa7e88601", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.845888Z", + "modified": "2024-09-10T00:19:31.845888Z", + "name": "CVE-2024-44333", + "description": "D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2.json b/objects/vulnerability/vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2.json new file mode 100644 index 00000000000..6dbacef5e10 --- /dev/null +++ b/objects/vulnerability/vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fde26bd0-d06b-49c2-bf3d-2f5ad8f0810e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.88264Z", + "modified": "2024-09-10T00:19:31.88264Z", + "name": "CVE-2024-44724", + "description": "AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44724" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc.json b/objects/vulnerability/vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc.json new file mode 100644 index 00000000000..d2e9f800ede --- /dev/null +++ b/objects/vulnerability/vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c2b7dab-433d-452a-87e8-4d8b03f9dafd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.133617Z", + "modified": "2024-09-10T00:19:32.133617Z", + "name": "CVE-2024-6572", + "description": "Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54da2c6f-834e-4759-8548-713134ceb15b.json b/objects/vulnerability/vulnerability--54da2c6f-834e-4759-8548-713134ceb15b.json new file mode 100644 index 00000000000..f3c9abb709c --- /dev/null +++ b/objects/vulnerability/vulnerability--54da2c6f-834e-4759-8548-713134ceb15b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b3f7cb9-3741-4f7d-8ad1-149daa770392", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54da2c6f-834e-4759-8548-713134ceb15b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.36091Z", + "modified": "2024-09-10T00:19:32.36091Z", + "name": "CVE-2024-24510", + "description": "Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10.json b/objects/vulnerability/vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10.json new file mode 100644 index 00000000000..5bda2038e29 --- /dev/null +++ b/objects/vulnerability/vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fbe56796-ac81-4b1e-8ebe-3c858aeb56c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.752832Z", + "modified": "2024-09-10T00:19:32.752832Z", + "name": "CVE-2024-8042", + "description": "Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8042" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec.json b/objects/vulnerability/vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec.json new file mode 100644 index 00000000000..b1d9f916e49 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61672d94-93b7-4842-98b7-b6c92f83d58b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.658158Z", + "modified": "2024-09-10T00:19:33.658158Z", + "name": "CVE-2024-45203", + "description": "Improper authorization in handler for custom URL scheme issue in \"@cosme\" App for Android versions prior 5.69.0 and \"@cosme\" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b.json b/objects/vulnerability/vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b.json new file mode 100644 index 00000000000..9f466fa679f --- /dev/null +++ b/objects/vulnerability/vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b714102-fa22-400f-8677-d72e52dfe1ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.847473Z", + "modified": "2024-09-10T00:19:31.847473Z", + "name": "CVE-2024-44721", + "description": "SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44721" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa.json b/objects/vulnerability/vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa.json new file mode 100644 index 00000000000..b37aeefbe90 --- /dev/null +++ b/objects/vulnerability/vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e478eb6-acca-4bde-972a-10abdc93d646", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.163267Z", + "modified": "2024-09-10T00:19:32.163267Z", + "name": "CVE-2024-6795", + "description": "In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. \n\nAn attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content \n\nand/or perform administrative operations including shutting down the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0.json b/objects/vulnerability/vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0.json new file mode 100644 index 00000000000..a9a8b330109 --- /dev/null +++ b/objects/vulnerability/vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d9bb973-3264-4a15-b9ee-1b3e3ba40043", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.866288Z", + "modified": "2024-09-10T00:19:31.866288Z", + "name": "CVE-2024-44902", + "description": "A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89.json b/objects/vulnerability/vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89.json new file mode 100644 index 00000000000..25b03f1cc25 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41626c44-26da-421f-9443-f76947404983", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.254398Z", + "modified": "2024-09-10T00:19:33.254398Z", + "name": "CVE-2024-7687", + "description": "The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7.json b/objects/vulnerability/vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7.json new file mode 100644 index 00000000000..00e062b2329 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--019a8bfe-df3a-40bb-968f-2d5302fc12a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.748779Z", + "modified": "2024-09-10T00:19:32.748779Z", + "name": "CVE-2024-8610", + "description": "A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7.json b/objects/vulnerability/vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7.json new file mode 100644 index 00000000000..beff6fce3da --- /dev/null +++ b/objects/vulnerability/vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78733552-b76d-4af1-9bb7-ff9207027130", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.623163Z", + "modified": "2024-09-10T00:19:31.623163Z", + "name": "CVE-2024-27366", + "description": "An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f.json b/objects/vulnerability/vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f.json new file mode 100644 index 00000000000..44535be89f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7982b34-b21a-4a6a-a899-7bd0c49039ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.220153Z", + "modified": "2024-09-10T00:19:33.220153Z", + "name": "CVE-2024-7318", + "description": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7318" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--782902b1-c26d-430e-ae9e-7073303150d8.json b/objects/vulnerability/vulnerability--782902b1-c26d-430e-ae9e-7073303150d8.json new file mode 100644 index 00000000000..ab3419bed84 --- /dev/null +++ b/objects/vulnerability/vulnerability--782902b1-c26d-430e-ae9e-7073303150d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d78fea5-d726-4547-a3d9-906b145eddab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--782902b1-c26d-430e-ae9e-7073303150d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.17629Z", + "modified": "2024-09-10T00:19:32.17629Z", + "name": "CVE-2024-42759", + "description": "An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42759" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02.json b/objects/vulnerability/vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02.json new file mode 100644 index 00000000000..31dba490451 --- /dev/null +++ b/objects/vulnerability/vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e395c72f-d72f-41e7-9c10-167dcdd37699", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.261731Z", + "modified": "2024-09-10T00:19:33.261731Z", + "name": "CVE-2024-7689", + "description": "The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c.json b/objects/vulnerability/vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c.json new file mode 100644 index 00000000000..d1ca11ccbcf --- /dev/null +++ b/objects/vulnerability/vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd5b04fe-04e7-4772-95a7-1151031f4c68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.885245Z", + "modified": "2024-09-10T00:19:31.885245Z", + "name": "CVE-2024-44411", + "description": "D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44411" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--801f8f64-212e-427a-a55d-e96890b955ca.json b/objects/vulnerability/vulnerability--801f8f64-212e-427a-a55d-e96890b955ca.json new file mode 100644 index 00000000000..ad54d22b07c --- /dev/null +++ b/objects/vulnerability/vulnerability--801f8f64-212e-427a-a55d-e96890b955ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d771181e-18bd-4126-b56f-0c7492caaab8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--801f8f64-212e-427a-a55d-e96890b955ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.864439Z", + "modified": "2024-09-10T00:19:31.864439Z", + "name": "CVE-2024-44720", + "description": "SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44720" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9.json b/objects/vulnerability/vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9.json new file mode 100644 index 00000000000..9a80f046604 --- /dev/null +++ b/objects/vulnerability/vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1f2e901-8b3d-41ff-9f3d-5d5d7ee37959", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.854309Z", + "modified": "2024-09-10T00:19:31.854309Z", + "name": "CVE-2024-44334", + "description": "D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44334" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752.json b/objects/vulnerability/vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752.json new file mode 100644 index 00000000000..2d9efd543d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e525286-047c-48a3-980b-b5683277cde5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.737574Z", + "modified": "2024-09-10T00:19:31.737574Z", + "name": "CVE-2024-37288", + "description": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html  and have configured an Amazon Bedrock connector https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94528850-866c-4ac7-b7d9-67664564f925.json b/objects/vulnerability/vulnerability--94528850-866c-4ac7-b7d9-67664564f925.json new file mode 100644 index 00000000000..19b5ef57d22 --- /dev/null +++ b/objects/vulnerability/vulnerability--94528850-866c-4ac7-b7d9-67664564f925.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa1fb85a-2767-4260-a21f-dde38bd7fe38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94528850-866c-4ac7-b7d9-67664564f925", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.761688Z", + "modified": "2024-09-10T00:19:32.761688Z", + "name": "CVE-2024-8584", + "description": "Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a.json b/objects/vulnerability/vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a.json new file mode 100644 index 00000000000..a7ffd051e97 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd7785f2-8d5e-4e5b-87ce-613a5968c189", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.886665Z", + "modified": "2024-09-10T00:19:31.886665Z", + "name": "CVE-2024-44410", + "description": "D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44410" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2.json b/objects/vulnerability/vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2.json new file mode 100644 index 00000000000..69087ecb174 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85e71a9b-6493-4257-b91b-57acd29ef1dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.634839Z", + "modified": "2024-09-10T00:19:31.634839Z", + "name": "CVE-2024-27367", + "description": "An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2.json b/objects/vulnerability/vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2.json new file mode 100644 index 00000000000..a2b43068924 --- /dev/null +++ b/objects/vulnerability/vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4403358-c380-4e2d-9c4c-11ee122f730b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.861145Z", + "modified": "2024-09-10T00:19:31.861145Z", + "name": "CVE-2024-44849", + "description": "Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276.json b/objects/vulnerability/vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276.json new file mode 100644 index 00000000000..fcccd13f9b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c16371ba-a1f4-4b84-80b8-3cedcfdd78d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.740827Z", + "modified": "2024-09-10T00:19:32.740827Z", + "name": "CVE-2024-8604", + "description": "A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43.json b/objects/vulnerability/vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43.json new file mode 100644 index 00000000000..34c61035156 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66f0f7ff-d69a-41e5-9004-a413d5f2a465", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.179136Z", + "modified": "2024-09-10T00:19:32.179136Z", + "name": "CVE-2024-42500", + "description": "HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3c995e8-6543-4238-8543-80477be10f8a.json b/objects/vulnerability/vulnerability--b3c995e8-6543-4238-8543-80477be10f8a.json new file mode 100644 index 00000000000..58fd024d9a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3c995e8-6543-4238-8543-80477be10f8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41791334-b703-4ef4-99fe-2af66eef7920", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3c995e8-6543-4238-8543-80477be10f8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.671391Z", + "modified": "2024-09-10T00:19:33.671391Z", + "name": "CVE-2024-45406", + "description": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b.json b/objects/vulnerability/vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b.json new file mode 100644 index 00000000000..c5dc4ca4580 --- /dev/null +++ b/objects/vulnerability/vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cda910d4-a1c3-45d6-b12d-7f237551faf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.644428Z", + "modified": "2024-09-10T00:19:33.644428Z", + "name": "CVE-2024-45296", + "description": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45296" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e.json b/objects/vulnerability/vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e.json new file mode 100644 index 00000000000..9b1b3eb6626 --- /dev/null +++ b/objects/vulnerability/vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52e49118-e613-49fc-8f43-fadbb9c9a66e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.634936Z", + "modified": "2024-09-10T00:19:33.634936Z", + "name": "CVE-2024-45041", + "description": "External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has \"get/list\" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45041" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79.json b/objects/vulnerability/vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79.json new file mode 100644 index 00000000000..e612d974dd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34d38c27-3e1e-449d-b396-9e9d947159f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.759722Z", + "modified": "2024-09-10T00:19:32.759722Z", + "name": "CVE-2024-8585", + "description": "Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e.json b/objects/vulnerability/vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e.json new file mode 100644 index 00000000000..48970cb0e4c --- /dev/null +++ b/objects/vulnerability/vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c05de8ad-a0e0-4a33-bedd-46df76a7caba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.877657Z", + "modified": "2024-09-10T00:19:31.877657Z", + "name": "CVE-2024-44725", + "description": "AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44725" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b.json b/objects/vulnerability/vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b.json new file mode 100644 index 00000000000..eafd5d00978 --- /dev/null +++ b/objects/vulnerability/vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1852b15f-59ef-40db-a961-7b2ed1782fa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.255578Z", + "modified": "2024-09-10T00:19:33.255578Z", + "name": "CVE-2024-7918", + "description": "The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d.json b/objects/vulnerability/vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d.json new file mode 100644 index 00000000000..e27b5e37bff --- /dev/null +++ b/objects/vulnerability/vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b0e6da6-0bd8-40a3-8e6b-fde4468f0bb6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.736099Z", + "modified": "2024-09-10T00:19:32.736099Z", + "name": "CVE-2024-8586", + "description": "WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8586" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c93ddcae-874f-4901-9c98-1add547d07de.json b/objects/vulnerability/vulnerability--c93ddcae-874f-4901-9c98-1add547d07de.json new file mode 100644 index 00000000000..87a0bfcf217 --- /dev/null +++ b/objects/vulnerability/vulnerability--c93ddcae-874f-4901-9c98-1add547d07de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3c9ccb2-bcfd-4d49-9fd6-c1771a0aa85f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c93ddcae-874f-4901-9c98-1add547d07de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.860041Z", + "modified": "2024-09-10T00:19:31.860041Z", + "name": "CVE-2024-44335", + "description": "D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9.json b/objects/vulnerability/vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9.json new file mode 100644 index 00000000000..bc058c57489 --- /dev/null +++ b/objects/vulnerability/vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89eb28b2-4411-4f0a-b0ea-dffe88b61a57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.686412Z", + "modified": "2024-09-10T00:19:31.686412Z", + "name": "CVE-2024-27368", + "description": "An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e.json b/objects/vulnerability/vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e.json new file mode 100644 index 00000000000..adf3c1c35c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e3cc2e4-3d1d-4cde-8997-b6375be00cd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.764993Z", + "modified": "2024-09-10T00:19:32.764993Z", + "name": "CVE-2024-8601", + "description": "This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce.json b/objects/vulnerability/vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce.json new file mode 100644 index 00000000000..b2e56470d6d --- /dev/null +++ b/objects/vulnerability/vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ff9b63c-9f1d-4395-a210-487562ce5770", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.532436Z", + "modified": "2024-09-10T00:19:33.532436Z", + "name": "CVE-2024-5561", + "description": "The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1f021d4-b515-4698-8709-744ae02e9676.json b/objects/vulnerability/vulnerability--e1f021d4-b515-4698-8709-744ae02e9676.json new file mode 100644 index 00000000000..73a8564a160 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1f021d4-b515-4698-8709-744ae02e9676.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46c774a5-f6b0-48d7-92be-4e6cc61af06a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1f021d4-b515-4698-8709-744ae02e9676", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.869387Z", + "modified": "2024-09-10T00:19:31.869387Z", + "name": "CVE-2024-44085", + "description": "ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44085" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d.json b/objects/vulnerability/vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d.json new file mode 100644 index 00000000000..b12fae592f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ec7305f-3306-4af5-9cd8-f3a0c48a4af3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:32.131774Z", + "modified": "2024-09-10T00:19:32.131774Z", + "name": "CVE-2024-6796", + "description": "In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846.json b/objects/vulnerability/vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846.json new file mode 100644 index 00000000000..e60c8916ebe --- /dev/null +++ b/objects/vulnerability/vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc19f9cc-2595-42e1-bab8-150c174745c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.696325Z", + "modified": "2024-09-10T00:19:31.696325Z", + "name": "CVE-2024-27365", + "description": "An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571.json b/objects/vulnerability/vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571.json new file mode 100644 index 00000000000..c049b1fb874 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13118f63-ba29-4823-96b5-fa3d1010b508", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:33.652148Z", + "modified": "2024-09-10T00:19:33.652148Z", + "name": "CVE-2024-45411", + "description": "Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45411" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129.json b/objects/vulnerability/vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129.json new file mode 100644 index 00000000000..68b6804e2c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0a3139f-2f6e-4420-b93d-1891c33bf2c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:31.718569Z", + "modified": "2024-09-10T00:19:31.718569Z", + "name": "CVE-2024-27383", + "description": "An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3.json b/objects/vulnerability/vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3.json new file mode 100644 index 00000000000..18dec7d8d1b --- /dev/null +++ b/objects/vulnerability/vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c767487-b114-44ee-a1db-821049b88d3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-10T00:19:39.059423Z", + "modified": "2024-09-10T00:19:39.059423Z", + "name": "CVE-2023-50883", + "description": "ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50883" + } + ] + } + ] +} \ No newline at end of file