From daf0b6e8db1d83f83c415d738463af9236f7a25a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 00:19:32 +0000 Subject: [PATCH] generated content from 2024-08-31 --- mapping.csv | 62 +++++++++++++++++++ ...-016903f3-df45-464f-b5f8-e9104b9c1968.json | 22 +++++++ ...-01c6f1e7-5678-4f40-858c-0a6d86428672.json | 22 +++++++ ...-07c4aab1-a418-48a7-8898-dbfb5cb41920.json | 22 +++++++ ...-128bdb2f-c568-4e84-87a8-950578394902.json | 22 +++++++ ...-15aee1c6-24c9-4286-8a00-d6cb1ad9121d.json | 22 +++++++ ...-19052056-8bfc-4985-9d7c-2c6df24ef46e.json | 22 +++++++ ...-1994ce87-63d6-44de-b67d-82d27c09fbb7.json | 22 +++++++ ...-1ca6b75c-a476-4584-b7bd-76dce51bb6f8.json | 22 +++++++ ...-1e106ff1-cd8f-42af-afe2-a6eb298462ab.json | 22 +++++++ ...-21249973-c182-41bf-af8b-fcd24fcb78d8.json | 22 +++++++ ...-23897315-08a9-428b-b4e7-4ac3bacb3e50.json | 22 +++++++ ...-2494adcc-fbaa-460e-9f2a-4f5a9f5f6476.json | 22 +++++++ ...-26871db3-9062-49ce-8260-d12a7e12c484.json | 22 +++++++ ...-26f230a3-d229-4158-bacc-010d50aa3719.json | 22 +++++++ ...-28552071-ad50-4dd4-9e96-b0b8a6aeb180.json | 22 +++++++ ...-2bf38061-5ade-400e-a348-0ba6debd728e.json | 22 +++++++ ...-31d0a008-dfc9-4b5b-ba38-6088cc1f743c.json | 22 +++++++ ...-39da29d7-b9a0-4e0f-99b1-752ac80429e6.json | 22 +++++++ ...-3ec1e1d4-845d-4546-ac3a-97d6604c9890.json | 22 +++++++ ...-3fb8d3f1-cf63-4107-a793-08c6ce409676.json | 22 +++++++ ...-408e2af4-5875-4b77-9eae-5095329463f6.json | 22 +++++++ ...-41ad692d-3db0-41f0-8d22-893d34a35d49.json | 22 +++++++ ...-45bf86ef-e7ec-4c89-958b-35a92d97534e.json | 22 +++++++ ...-46291480-c087-455d-9b66-998bf3052b7b.json | 22 +++++++ ...-4b79afb3-9d0c-44c5-9895-d66d9404c350.json | 22 +++++++ ...-4ef1c767-1971-46fd-8276-a68c1c9051d8.json | 22 +++++++ ...-52b7a877-4bf0-4d27-a2c0-7f7182ca090b.json | 22 +++++++ ...-568a9e1d-61a0-42c7-ac8f-002ae7c6196e.json | 22 +++++++ ...-57c526ee-7673-4700-ae4b-be951f105bca.json | 22 +++++++ ...-5cbc4583-e5b7-4752-b9bc-03e32c279148.json | 22 +++++++ ...-60ad1133-d36e-4dfa-948c-8349276a2ed8.json | 22 +++++++ ...-62dbfd15-4a3d-472a-b59c-706995aa2f1a.json | 22 +++++++ ...-65d73fda-500d-4854-8227-3ab016c48239.json | 22 +++++++ ...-66bb8385-4fdb-453a-a90c-648c7aaf441d.json | 22 +++++++ ...-6755826a-b169-4968-83a6-c264c50a2538.json | 22 +++++++ ...-6c783cee-f8a2-4aa4-a945-83af392e8128.json | 22 +++++++ ...-6dc864e0-d35d-4f06-876d-6390e185c87a.json | 22 +++++++ ...-703e8d32-bc69-464f-b30d-3186a61169f8.json | 22 +++++++ ...-70701b79-47e5-45c4-ae95-6cf56c4fd5a2.json | 22 +++++++ ...-826112b5-80a7-4e8b-9c8a-bdd2caaa62f9.json | 22 +++++++ ...-840186d9-d28e-47aa-9460-c56038ff33ca.json | 22 +++++++ ...-86ddf85d-52b7-45d3-86aa-023a52e8cc41.json | 22 +++++++ ...-880a1359-21a5-448a-ab9f-19b716c3cad8.json | 22 +++++++ ...-a2984885-ee3b-475f-99c8-25f0e233968f.json | 22 +++++++ ...-a3417e69-9531-4ecb-8727-bc0a4b55ccc7.json | 22 +++++++ ...-a617276b-b9af-4e95-a232-8dc9c600e891.json | 22 +++++++ ...-a9e529f0-4047-4cec-aff5-f11513813d7d.json | 22 +++++++ ...-a9eb61e6-4236-43b6-b19b-d68c951ea96b.json | 22 +++++++ ...-ab71845d-667e-4e0f-abfa-1befbe8a364b.json | 22 +++++++ ...-bea095a9-845d-4c46-8556-8910699a5af3.json | 22 +++++++ ...-c0228721-f485-41b6-9072-61e3c2b08021.json | 22 +++++++ ...-d067a6e4-acf7-4373-b975-c87ec744a362.json | 22 +++++++ ...-d58bd510-91d9-4060-85d3-fe16e5fc4b64.json | 22 +++++++ ...-d71750d8-d437-468b-af3d-c9fe738ac283.json | 22 +++++++ ...-da926a17-7a7d-44ef-abec-038e8eca38fa.json | 22 +++++++ ...-df481a05-1097-44fa-932a-084045cf1002.json | 22 +++++++ ...-e25bb2c9-fc48-48b5-adaa-1ac342b25bda.json | 22 +++++++ ...-ecbcec98-86cb-4bcc-9b02-2c51c4940202.json | 22 +++++++ ...-ef617e45-2767-4427-84ba-249a5036383f.json | 22 +++++++ ...-f3583055-669c-40e6-93d0-fb84579473be.json | 22 +++++++ ...-f7f5b8a5-be4a-49bd-a844-dfedf8079fe2.json | 22 +++++++ ...-fba5630b-985a-41c0-9b9a-02f08174f586.json | 22 +++++++ 63 files changed, 1426 insertions(+) create mode 100644 objects/vulnerability/vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968.json create mode 100644 objects/vulnerability/vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672.json create mode 100644 objects/vulnerability/vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920.json create mode 100644 objects/vulnerability/vulnerability--128bdb2f-c568-4e84-87a8-950578394902.json create mode 100644 objects/vulnerability/vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d.json create mode 100644 objects/vulnerability/vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e.json create mode 100644 objects/vulnerability/vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7.json create mode 100644 objects/vulnerability/vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8.json create mode 100644 objects/vulnerability/vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab.json create mode 100644 objects/vulnerability/vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8.json create mode 100644 objects/vulnerability/vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50.json create mode 100644 objects/vulnerability/vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476.json create mode 100644 objects/vulnerability/vulnerability--26871db3-9062-49ce-8260-d12a7e12c484.json create mode 100644 objects/vulnerability/vulnerability--26f230a3-d229-4158-bacc-010d50aa3719.json create mode 100644 objects/vulnerability/vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180.json create mode 100644 objects/vulnerability/vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e.json create mode 100644 objects/vulnerability/vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c.json create mode 100644 objects/vulnerability/vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6.json create mode 100644 objects/vulnerability/vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890.json create mode 100644 objects/vulnerability/vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676.json create mode 100644 objects/vulnerability/vulnerability--408e2af4-5875-4b77-9eae-5095329463f6.json create mode 100644 objects/vulnerability/vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49.json create mode 100644 objects/vulnerability/vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e.json create mode 100644 objects/vulnerability/vulnerability--46291480-c087-455d-9b66-998bf3052b7b.json create mode 100644 objects/vulnerability/vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350.json create mode 100644 objects/vulnerability/vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8.json create mode 100644 objects/vulnerability/vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b.json create mode 100644 objects/vulnerability/vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e.json create mode 100644 objects/vulnerability/vulnerability--57c526ee-7673-4700-ae4b-be951f105bca.json create mode 100644 objects/vulnerability/vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148.json create mode 100644 objects/vulnerability/vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8.json create mode 100644 objects/vulnerability/vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a.json create mode 100644 objects/vulnerability/vulnerability--65d73fda-500d-4854-8227-3ab016c48239.json create mode 100644 objects/vulnerability/vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d.json create mode 100644 objects/vulnerability/vulnerability--6755826a-b169-4968-83a6-c264c50a2538.json create mode 100644 objects/vulnerability/vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128.json create mode 100644 objects/vulnerability/vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a.json create mode 100644 objects/vulnerability/vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8.json create mode 100644 objects/vulnerability/vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2.json create mode 100644 objects/vulnerability/vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9.json create mode 100644 objects/vulnerability/vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca.json create mode 100644 objects/vulnerability/vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41.json create mode 100644 objects/vulnerability/vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8.json create mode 100644 objects/vulnerability/vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f.json create mode 100644 objects/vulnerability/vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7.json create mode 100644 objects/vulnerability/vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891.json create mode 100644 objects/vulnerability/vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d.json create mode 100644 objects/vulnerability/vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b.json create mode 100644 objects/vulnerability/vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b.json create mode 100644 objects/vulnerability/vulnerability--bea095a9-845d-4c46-8556-8910699a5af3.json create mode 100644 objects/vulnerability/vulnerability--c0228721-f485-41b6-9072-61e3c2b08021.json create mode 100644 objects/vulnerability/vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362.json create mode 100644 objects/vulnerability/vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64.json create mode 100644 objects/vulnerability/vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283.json create mode 100644 objects/vulnerability/vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa.json create mode 100644 objects/vulnerability/vulnerability--df481a05-1097-44fa-932a-084045cf1002.json create mode 100644 objects/vulnerability/vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda.json create mode 100644 objects/vulnerability/vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202.json create mode 100644 objects/vulnerability/vulnerability--ef617e45-2767-4427-84ba-249a5036383f.json create mode 100644 objects/vulnerability/vulnerability--f3583055-669c-40e6-93d0-fb84579473be.json create mode 100644 objects/vulnerability/vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2.json create mode 100644 objects/vulnerability/vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586.json diff --git a/mapping.csv b/mapping.csv index 244ffa86592..8ed29ab57e8 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247909,3 +247909,65 @@ vulnerability,CVE-2024-6672,vulnerability--63aa2838-6c7e-4153-981b-5696c17060a4 vulnerability,CVE-2024-6671,vulnerability--09b0d7c6-30ba-4697-ae58-4dbf214ff3ef vulnerability,CVE-2024-35118,vulnerability--216adadb-f9b9-45d6-9eb3-433d4e519e8b vulnerability,CVE-2024-35133,vulnerability--2f67c5b0-b070-459d-9bbb-e4a85d64a525 +vulnerability,CVE-2022-48944,vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca +vulnerability,CVE-2024-44916,vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49 +vulnerability,CVE-2024-44683,vulnerability--bea095a9-845d-4c46-8556-8910699a5af3 +vulnerability,CVE-2024-44918,vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676 +vulnerability,CVE-2024-44684,vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e +vulnerability,CVE-2024-44944,vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8 +vulnerability,CVE-2024-44682,vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e +vulnerability,CVE-2024-34577,vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180 +vulnerability,CVE-2024-2694,vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d +vulnerability,CVE-2024-42412,vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d +vulnerability,CVE-2024-38868,vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7 +vulnerability,CVE-2024-7122,vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c +vulnerability,CVE-2024-7858,vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8 +vulnerability,CVE-2024-39300,vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e +vulnerability,CVE-2024-5061,vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350 +vulnerability,CVE-2024-5024,vulnerability--57c526ee-7673-4700-ae4b-be951f105bca +vulnerability,CVE-2024-5879,vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f +vulnerability,CVE-2024-5784,vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8 +vulnerability,CVE-2024-21658,vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920 +vulnerability,CVE-2024-4401,vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968 +vulnerability,CVE-2024-8319,vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891 +vulnerability,CVE-2024-8330,vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50 +vulnerability,CVE-2024-8347,vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476 +vulnerability,CVE-2024-8328,vulnerability--26871db3-9062-49ce-8260-d12a7e12c484 +vulnerability,CVE-2024-8334,vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7 +vulnerability,CVE-2024-8340,vulnerability--128bdb2f-c568-4e84-87a8-950578394902 +vulnerability,CVE-2024-8331,vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8 +vulnerability,CVE-2024-8346,vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d +vulnerability,CVE-2024-8345,vulnerability--f3583055-669c-40e6-93d0-fb84579473be +vulnerability,CVE-2024-8339,vulnerability--df481a05-1097-44fa-932a-084045cf1002 +vulnerability,CVE-2024-8342,vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148 +vulnerability,CVE-2024-8343,vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e +vulnerability,CVE-2024-8329,vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a +vulnerability,CVE-2024-8016,vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa +vulnerability,CVE-2024-8336,vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41 +vulnerability,CVE-2024-8332,vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2 +vulnerability,CVE-2024-8338,vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202 +vulnerability,CVE-2024-8341,vulnerability--6755826a-b169-4968-83a6-c264c50a2538 +vulnerability,CVE-2024-8327,vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a +vulnerability,CVE-2024-8348,vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b +vulnerability,CVE-2024-8006,vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9 +vulnerability,CVE-2024-8235,vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672 +vulnerability,CVE-2024-8335,vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b +vulnerability,CVE-2024-8344,vulnerability--65d73fda-500d-4854-8227-3ab016c48239 +vulnerability,CVE-2024-8252,vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda +vulnerability,CVE-2024-8285,vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6 +vulnerability,CVE-2024-8234,vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362 +vulnerability,CVE-2024-8337,vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64 +vulnerability,CVE-2024-8274,vulnerability--408e2af4-5875-4b77-9eae-5095329463f6 +vulnerability,CVE-2024-8260,vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b +vulnerability,CVE-2024-3673,vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283 +vulnerability,CVE-2024-3998,vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8 +vulnerability,CVE-2024-45491,vulnerability--46291480-c087-455d-9b66-998bf3052b7b +vulnerability,CVE-2024-45304,vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2 +vulnerability,CVE-2024-45488,vulnerability--c0228721-f485-41b6-9072-61e3c2b08021 +vulnerability,CVE-2024-45490,vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128 +vulnerability,CVE-2024-45492,vulnerability--ef617e45-2767-4427-84ba-249a5036383f +vulnerability,CVE-2024-45047,vulnerability--26f230a3-d229-4158-bacc-010d50aa3719 +vulnerability,CVE-2024-6585,vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586 +vulnerability,CVE-2024-6586,vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8 +vulnerability,CVE-2024-6204,vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890 +vulnerability,CVE-2023-7256,vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab diff --git a/objects/vulnerability/vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968.json b/objects/vulnerability/vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968.json new file mode 100644 index 00000000000..4e058c5b26d --- /dev/null +++ b/objects/vulnerability/vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae3f880f-32bd-45ba-9802-2d00f6ea3c6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--016903f3-df45-464f-b5f8-e9104b9c1968", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.881256Z", + "modified": "2024-08-31T00:19:15.881256Z", + "name": "CVE-2024-4401", + "description": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672.json b/objects/vulnerability/vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672.json new file mode 100644 index 00000000000..cdf520cd348 --- /dev/null +++ b/objects/vulnerability/vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15e6354e-b7e1-4446-9ebd-6ab2b979ae07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01c6f1e7-5678-4f40-858c-0a6d86428672", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.950705Z", + "modified": "2024-08-31T00:19:15.950705Z", + "name": "CVE-2024-8235", + "description": "A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920.json b/objects/vulnerability/vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920.json new file mode 100644 index 00000000000..7c7838f23aa --- /dev/null +++ b/objects/vulnerability/vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28a17591-1da2-4301-9251-85816ea6b3f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07c4aab1-a418-48a7-8898-dbfb5cb41920", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.754739Z", + "modified": "2024-08-31T00:19:15.754739Z", + "name": "CVE-2024-21658", + "description": "discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--128bdb2f-c568-4e84-87a8-950578394902.json b/objects/vulnerability/vulnerability--128bdb2f-c568-4e84-87a8-950578394902.json new file mode 100644 index 00000000000..d86e248c8eb --- /dev/null +++ b/objects/vulnerability/vulnerability--128bdb2f-c568-4e84-87a8-950578394902.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ac839e2-08ed-420e-a7aa-347521f1a5a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--128bdb2f-c568-4e84-87a8-950578394902", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.928553Z", + "modified": "2024-08-31T00:19:15.928553Z", + "name": "CVE-2024-8340", + "description": "A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8340" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d.json b/objects/vulnerability/vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d.json new file mode 100644 index 00000000000..e4b42625544 --- /dev/null +++ b/objects/vulnerability/vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66e9d9e9-46e0-4ab8-85ea-98336a466bef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15aee1c6-24c9-4286-8a00-d6cb1ad9121d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.722707Z", + "modified": "2024-08-31T00:19:14.722707Z", + "name": "CVE-2024-42412", + "description": "Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e.json b/objects/vulnerability/vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e.json new file mode 100644 index 00000000000..c14e80763e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--546fcf48-a2dc-4f0d-a7e9-966aa0c7d4d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19052056-8bfc-4985-9d7c-2c6df24ef46e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.290954Z", + "modified": "2024-08-31T00:19:14.290954Z", + "name": "CVE-2024-44684", + "description": "TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the \"Title,\" \"Images,\" and \"Content\" fields.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7.json b/objects/vulnerability/vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7.json new file mode 100644 index 00000000000..53141638adb --- /dev/null +++ b/objects/vulnerability/vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb2f96f3-e993-4d40-91a8-548cc9fba2da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1994ce87-63d6-44de-b67d-82d27c09fbb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.843399Z", + "modified": "2024-08-31T00:19:14.843399Z", + "name": "CVE-2024-38868", + "description": "Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38868" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8.json b/objects/vulnerability/vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8.json new file mode 100644 index 00000000000..30457fe2108 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e25bee74-3942-4dc5-88d7-332a96cfec9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ca6b75c-a476-4584-b7bd-76dce51bb6f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.116961Z", + "modified": "2024-08-31T00:19:15.116961Z", + "name": "CVE-2024-7858", + "description": "The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7858" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab.json b/objects/vulnerability/vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab.json new file mode 100644 index 00000000000..20f12aa031a --- /dev/null +++ b/objects/vulnerability/vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9f29d16-cb49-45d1-98f0-39efe3eebaed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:17.21439Z", + "modified": "2024-08-31T00:19:17.21439Z", + "name": "CVE-2023-7256", + "description": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8.json b/objects/vulnerability/vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8.json new file mode 100644 index 00000000000..c2a750ea453 --- /dev/null +++ b/objects/vulnerability/vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0275665-ec0b-460e-8ec8-34f6d7d4242a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21249973-c182-41bf-af8b-fcd24fcb78d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.985248Z", + "modified": "2024-08-31T00:19:15.985248Z", + "name": "CVE-2024-3998", + "description": "The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3998" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50.json b/objects/vulnerability/vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50.json new file mode 100644 index 00000000000..545879b2856 --- /dev/null +++ b/objects/vulnerability/vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01e6919a-0269-437f-b120-bcab9a80e308", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23897315-08a9-428b-b4e7-4ac3bacb3e50", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.918921Z", + "modified": "2024-08-31T00:19:15.918921Z", + "name": "CVE-2024-8330", + "description": "6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476.json b/objects/vulnerability/vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476.json new file mode 100644 index 00000000000..bbf152fc9e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b34f468-4c1b-4989-ba54-6d577c3cc27c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2494adcc-fbaa-460e-9f2a-4f5a9f5f6476", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.920425Z", + "modified": "2024-08-31T00:19:15.920425Z", + "name": "CVE-2024-8347", + "description": "A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8347" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26871db3-9062-49ce-8260-d12a7e12c484.json b/objects/vulnerability/vulnerability--26871db3-9062-49ce-8260-d12a7e12c484.json new file mode 100644 index 00000000000..90cbf47af0b --- /dev/null +++ b/objects/vulnerability/vulnerability--26871db3-9062-49ce-8260-d12a7e12c484.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfae4aea-c299-4c3c-b92b-6baa40ccb119", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26871db3-9062-49ce-8260-d12a7e12c484", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.923605Z", + "modified": "2024-08-31T00:19:15.923605Z", + "name": "CVE-2024-8328", + "description": "Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26f230a3-d229-4158-bacc-010d50aa3719.json b/objects/vulnerability/vulnerability--26f230a3-d229-4158-bacc-010d50aa3719.json new file mode 100644 index 00000000000..daeae314437 --- /dev/null +++ b/objects/vulnerability/vulnerability--26f230a3-d229-4158-bacc-010d50aa3719.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67bc65af-2f3c-414e-ae28-a5bc2b0f4508", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26f230a3-d229-4158-bacc-010d50aa3719", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.04231Z", + "modified": "2024-08-31T00:19:16.04231Z", + "name": "CVE-2024-45047", + "description": "svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). More specifically, this can occur when injecting malicious content into an attribute within a `noscript` tag. This issue has been addressed in release version 4.2.19. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45047" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180.json b/objects/vulnerability/vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180.json new file mode 100644 index 00000000000..e02957a85af --- /dev/null +++ b/objects/vulnerability/vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee7c1b45-810e-43ae-962c-eab376edfa36", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28552071-ad50-4dd4-9e96-b0b8a6aeb180", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.335394Z", + "modified": "2024-08-31T00:19:14.335394Z", + "name": "CVE-2024-34577", + "description": "Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34577" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e.json b/objects/vulnerability/vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e.json new file mode 100644 index 00000000000..a612bec74f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eba77c20-d641-422c-83c1-d976fc3d03a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2bf38061-5ade-400e-a348-0ba6debd728e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.302437Z", + "modified": "2024-08-31T00:19:14.302437Z", + "name": "CVE-2024-44682", + "description": "ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c.json b/objects/vulnerability/vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c.json new file mode 100644 index 00000000000..de858c3c04d --- /dev/null +++ b/objects/vulnerability/vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2422f1ed-d16f-4469-9fbe-bebdda2007d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31d0a008-dfc9-4b5b-ba38-6088cc1f743c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.0782Z", + "modified": "2024-08-31T00:19:15.0782Z", + "name": "CVE-2024-7122", + "description": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7122" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6.json b/objects/vulnerability/vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6.json new file mode 100644 index 00000000000..a1a0bc707dc --- /dev/null +++ b/objects/vulnerability/vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28e2da3c-bc73-4615-bcab-04fa95ede68e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39da29d7-b9a0-4e0f-99b1-752ac80429e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.957882Z", + "modified": "2024-08-31T00:19:15.957882Z", + "name": "CVE-2024-8285", + "description": "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8285" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890.json b/objects/vulnerability/vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890.json new file mode 100644 index 00000000000..21c99c868eb --- /dev/null +++ b/objects/vulnerability/vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7903e1ae-ec60-4d8b-b38b-3bd47030b06a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.087053Z", + "modified": "2024-08-31T00:19:16.087053Z", + "name": "CVE-2024-6204", + "description": "Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676.json b/objects/vulnerability/vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676.json new file mode 100644 index 00000000000..8b33997122d --- /dev/null +++ b/objects/vulnerability/vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b75ca24a-cea0-4bd8-a8aa-28c99ecaf0be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3fb8d3f1-cf63-4107-a793-08c6ce409676", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.284533Z", + "modified": "2024-08-31T00:19:14.284533Z", + "name": "CVE-2024-44918", + "description": "A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--408e2af4-5875-4b77-9eae-5095329463f6.json b/objects/vulnerability/vulnerability--408e2af4-5875-4b77-9eae-5095329463f6.json new file mode 100644 index 00000000000..dca244a8e7a --- /dev/null +++ b/objects/vulnerability/vulnerability--408e2af4-5875-4b77-9eae-5095329463f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3677469b-c2c8-4be7-84ba-9fdb39a44b26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--408e2af4-5875-4b77-9eae-5095329463f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.963594Z", + "modified": "2024-08-31T00:19:15.963594Z", + "name": "CVE-2024-8274", + "description": "The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49.json b/objects/vulnerability/vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49.json new file mode 100644 index 00000000000..4f608dc2622 --- /dev/null +++ b/objects/vulnerability/vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cdc94395-1a0c-47ae-b6fc-42898e5c4166", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41ad692d-3db0-41f0-8d22-893d34a35d49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.267578Z", + "modified": "2024-08-31T00:19:14.267578Z", + "name": "CVE-2024-44916", + "description": "Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44916" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e.json b/objects/vulnerability/vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e.json new file mode 100644 index 00000000000..efb6ccbe527 --- /dev/null +++ b/objects/vulnerability/vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83e8eb89-5f40-4ec7-9ca4-f6442fad4f3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45bf86ef-e7ec-4c89-958b-35a92d97534e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.198044Z", + "modified": "2024-08-31T00:19:15.198044Z", + "name": "CVE-2024-39300", + "description": "Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46291480-c087-455d-9b66-998bf3052b7b.json b/objects/vulnerability/vulnerability--46291480-c087-455d-9b66-998bf3052b7b.json new file mode 100644 index 00000000000..8177194b6d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--46291480-c087-455d-9b66-998bf3052b7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e3980c8-8ea4-4f26-9cd8-02d108b5c0a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46291480-c087-455d-9b66-998bf3052b7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.026936Z", + "modified": "2024-08-31T00:19:16.026936Z", + "name": "CVE-2024-45491", + "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350.json b/objects/vulnerability/vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350.json new file mode 100644 index 00000000000..5f090200013 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3e99011-45d5-44b7-a071-452940722b8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b79afb3-9d0c-44c5-9895-d66d9404c350", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.643168Z", + "modified": "2024-08-31T00:19:15.643168Z", + "name": "CVE-2024-5061", + "description": "The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8.json b/objects/vulnerability/vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8.json new file mode 100644 index 00000000000..2e7de86dbed --- /dev/null +++ b/objects/vulnerability/vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec2d8f61-0c7d-4ea7-8fe2-d8e70d398e94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ef1c767-1971-46fd-8276-a68c1c9051d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.300715Z", + "modified": "2024-08-31T00:19:14.300715Z", + "name": "CVE-2024-44944", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44944" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b.json b/objects/vulnerability/vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b.json new file mode 100644 index 00000000000..c2d051d647a --- /dev/null +++ b/objects/vulnerability/vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f62855ff-f23a-4370-94c4-c1c68e68db63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52b7a877-4bf0-4d27-a2c0-7f7182ca090b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.964664Z", + "modified": "2024-08-31T00:19:15.964664Z", + "name": "CVE-2024-8260", + "description": "A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e.json b/objects/vulnerability/vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e.json new file mode 100644 index 00000000000..6b45565f8f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e07a01f0-c532-462d-aad3-ae79c4ac53f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--568a9e1d-61a0-42c7-ac8f-002ae7c6196e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.937092Z", + "modified": "2024-08-31T00:19:15.937092Z", + "name": "CVE-2024-8343", + "description": "A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8343" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57c526ee-7673-4700-ae4b-be951f105bca.json b/objects/vulnerability/vulnerability--57c526ee-7673-4700-ae4b-be951f105bca.json new file mode 100644 index 00000000000..aba496363eb --- /dev/null +++ b/objects/vulnerability/vulnerability--57c526ee-7673-4700-ae4b-be951f105bca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--183ff787-9384-416f-b738-14a7932c4d82", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57c526ee-7673-4700-ae4b-be951f105bca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.648494Z", + "modified": "2024-08-31T00:19:15.648494Z", + "name": "CVE-2024-5024", + "description": "The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148.json b/objects/vulnerability/vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148.json new file mode 100644 index 00000000000..00b2792f013 --- /dev/null +++ b/objects/vulnerability/vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad0b105e-fd5b-46bc-9a48-858e089d5543", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5cbc4583-e5b7-4752-b9bc-03e32c279148", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.935134Z", + "modified": "2024-08-31T00:19:15.935134Z", + "name": "CVE-2024-8342", + "description": "A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8.json b/objects/vulnerability/vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8.json new file mode 100644 index 00000000000..7b6d1258155 --- /dev/null +++ b/objects/vulnerability/vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f054e5ea-b76a-474d-9915-c39dd1026d78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.077831Z", + "modified": "2024-08-31T00:19:16.077831Z", + "name": "CVE-2024-6586", + "description": "Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6586" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a.json b/objects/vulnerability/vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a.json new file mode 100644 index 00000000000..404182a2551 --- /dev/null +++ b/objects/vulnerability/vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bef3765-b0c8-4bf7-804e-e641b6f902e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62dbfd15-4a3d-472a-b59c-706995aa2f1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.946932Z", + "modified": "2024-08-31T00:19:15.946932Z", + "name": "CVE-2024-8327", + "description": "Easy test\n\nOnline Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65d73fda-500d-4854-8227-3ab016c48239.json b/objects/vulnerability/vulnerability--65d73fda-500d-4854-8227-3ab016c48239.json new file mode 100644 index 00000000000..60ebe05a9b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--65d73fda-500d-4854-8227-3ab016c48239.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75228f90-a4b4-4419-880f-f92e49d4b1de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65d73fda-500d-4854-8227-3ab016c48239", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.953607Z", + "modified": "2024-08-31T00:19:15.953607Z", + "name": "CVE-2024-8344", + "description": "A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8344" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d.json b/objects/vulnerability/vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d.json new file mode 100644 index 00000000000..8e8947166c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c64252aa-87cb-4d96-a502-9dfbcc8a50a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66bb8385-4fdb-453a-a90c-648c7aaf441d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.93101Z", + "modified": "2024-08-31T00:19:15.93101Z", + "name": "CVE-2024-8346", + "description": "A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8346" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6755826a-b169-4968-83a6-c264c50a2538.json b/objects/vulnerability/vulnerability--6755826a-b169-4968-83a6-c264c50a2538.json new file mode 100644 index 00000000000..7df45f4029a --- /dev/null +++ b/objects/vulnerability/vulnerability--6755826a-b169-4968-83a6-c264c50a2538.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db54b961-8207-4502-b432-054391371775", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6755826a-b169-4968-83a6-c264c50a2538", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.945946Z", + "modified": "2024-08-31T00:19:15.945946Z", + "name": "CVE-2024-8341", + "description": "A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128.json b/objects/vulnerability/vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128.json new file mode 100644 index 00000000000..bf33964692f --- /dev/null +++ b/objects/vulnerability/vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49f6233f-6404-4d5c-9fec-f3e8257ede54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c783cee-f8a2-4aa4-a945-83af392e8128", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.03617Z", + "modified": "2024-08-31T00:19:16.03617Z", + "name": "CVE-2024-45490", + "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a.json b/objects/vulnerability/vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a.json new file mode 100644 index 00000000000..e25df776dbe --- /dev/null +++ b/objects/vulnerability/vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6eec4ce0-ed68-4f61-9510-0be094e909f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6dc864e0-d35d-4f06-876d-6390e185c87a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.939253Z", + "modified": "2024-08-31T00:19:15.939253Z", + "name": "CVE-2024-8329", + "description": "6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8.json b/objects/vulnerability/vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8.json new file mode 100644 index 00000000000..2714b63449d --- /dev/null +++ b/objects/vulnerability/vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80a2b67a-0ff4-42d7-8fad-0b5c65d21b70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--703e8d32-bc69-464f-b30d-3186a61169f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.680299Z", + "modified": "2024-08-31T00:19:15.680299Z", + "name": "CVE-2024-5784", + "description": "The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2.json b/objects/vulnerability/vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2.json new file mode 100644 index 00000000000..9cc2071d6be --- /dev/null +++ b/objects/vulnerability/vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6de6c280-3d3c-4d14-9cb2-24533d770316", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70701b79-47e5-45c4-ae95-6cf56c4fd5a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.943456Z", + "modified": "2024-08-31T00:19:15.943456Z", + "name": "CVE-2024-8332", + "description": "A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8332" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9.json b/objects/vulnerability/vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9.json new file mode 100644 index 00000000000..fb5f975ca5d --- /dev/null +++ b/objects/vulnerability/vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83fa66f5-0017-47c9-b861-9081aad0e6de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--826112b5-80a7-4e8b-9c8a-bdd2caaa62f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.949644Z", + "modified": "2024-08-31T00:19:15.949644Z", + "name": "CVE-2024-8006", + "description": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8006" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca.json b/objects/vulnerability/vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca.json new file mode 100644 index 00000000000..df8d5d2beab --- /dev/null +++ b/objects/vulnerability/vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--932720e1-e237-4da1-8fb2-c0f9e20f6ab5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--840186d9-d28e-47aa-9460-c56038ff33ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:02.615346Z", + "modified": "2024-08-31T00:19:02.615346Z", + "name": "CVE-2022-48944", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix yet more sched_fork() races\n\nWhere commit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an\ninvalid sched_task_group\") fixed a fork race vs cgroup, it opened up a\nrace vs syscalls by not placing the task on the runqueue before it\ngets exposed through the pidhash.\n\nCommit 13765de8148f (\"sched/fair: Fix fault in reweight_entity\") is\ntrying to fix a single instance of this, instead fix the whole class\nof issues, effectively reverting this commit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-48944" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41.json b/objects/vulnerability/vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41.json new file mode 100644 index 00000000000..6fed0ab8462 --- /dev/null +++ b/objects/vulnerability/vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--778feab2-5a1c-4858-9ab5-a28ecc709b5a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86ddf85d-52b7-45d3-86aa-023a52e8cc41", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.942333Z", + "modified": "2024-08-31T00:19:15.942333Z", + "name": "CVE-2024-8336", + "description": "A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8.json b/objects/vulnerability/vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8.json new file mode 100644 index 00000000000..dbd3d027843 --- /dev/null +++ b/objects/vulnerability/vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b445d03-3bb8-4309-919f-598a00f29e96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--880a1359-21a5-448a-ab9f-19b716c3cad8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.929903Z", + "modified": "2024-08-31T00:19:15.929903Z", + "name": "CVE-2024-8331", + "description": "A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f.json b/objects/vulnerability/vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f.json new file mode 100644 index 00000000000..2ad8e89ef07 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d56c72ed-b7a2-46cf-9e79-686c2623391c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2984885-ee3b-475f-99c8-25f0e233968f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.662478Z", + "modified": "2024-08-31T00:19:15.662478Z", + "name": "CVE-2024-5879", + "description": "The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7.json b/objects/vulnerability/vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7.json new file mode 100644 index 00000000000..0724bb65b7f --- /dev/null +++ b/objects/vulnerability/vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06d9c766-6115-4cf3-8317-f1ee0e23316a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3417e69-9531-4ecb-8727-bc0a4b55ccc7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.924811Z", + "modified": "2024-08-31T00:19:15.924811Z", + "name": "CVE-2024-8334", + "description": "A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8334" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891.json b/objects/vulnerability/vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891.json new file mode 100644 index 00000000000..a69352b1415 --- /dev/null +++ b/objects/vulnerability/vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fff2bda0-94d3-4a32-af56-5e1b4cf75f6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a617276b-b9af-4e95-a232-8dc9c600e891", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.916427Z", + "modified": "2024-08-31T00:19:15.916427Z", + "name": "CVE-2024-8319", + "description": "The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8319" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d.json b/objects/vulnerability/vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d.json new file mode 100644 index 00000000000..dd95466ea84 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85f29a1c-9285-4fa6-9abb-b94410820330", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9e529f0-4047-4cec-aff5-f11513813d7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.605949Z", + "modified": "2024-08-31T00:19:14.605949Z", + "name": "CVE-2024-2694", + "description": "The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2694" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b.json b/objects/vulnerability/vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b.json new file mode 100644 index 00000000000..24ef7e4ac59 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29765e69-ba76-4423-931f-0a099b3a9dba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9eb61e6-4236-43b6-b19b-d68c951ea96b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.952162Z", + "modified": "2024-08-31T00:19:15.952162Z", + "name": "CVE-2024-8335", + "description": "A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b.json b/objects/vulnerability/vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b.json new file mode 100644 index 00000000000..2c38817df6f --- /dev/null +++ b/objects/vulnerability/vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94f2415a-2084-4e83-ab11-ca5b334fc278", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab71845d-667e-4e0f-abfa-1befbe8a364b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.948606Z", + "modified": "2024-08-31T00:19:15.948606Z", + "name": "CVE-2024-8348", + "description": "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8348" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bea095a9-845d-4c46-8556-8910699a5af3.json b/objects/vulnerability/vulnerability--bea095a9-845d-4c46-8556-8910699a5af3.json new file mode 100644 index 00000000000..88736a5f15d --- /dev/null +++ b/objects/vulnerability/vulnerability--bea095a9-845d-4c46-8556-8910699a5af3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb63ab2b-1a44-4380-aade-d7c0252623e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bea095a9-845d-4c46-8556-8910699a5af3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:14.277023Z", + "modified": "2024-08-31T00:19:14.277023Z", + "name": "CVE-2024-44683", + "description": "Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0228721-f485-41b6-9072-61e3c2b08021.json b/objects/vulnerability/vulnerability--c0228721-f485-41b6-9072-61e3c2b08021.json new file mode 100644 index 00000000000..880a1e8ff5b --- /dev/null +++ b/objects/vulnerability/vulnerability--c0228721-f485-41b6-9072-61e3c2b08021.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ded9e234-627a-4788-9e1a-533f69e36712", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0228721-f485-41b6-9072-61e3c2b08021", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.031683Z", + "modified": "2024-08-31T00:19:16.031683Z", + "name": "CVE-2024-45488", + "description": "One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362.json b/objects/vulnerability/vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362.json new file mode 100644 index 00000000000..9ed73cd0135 --- /dev/null +++ b/objects/vulnerability/vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b00e720-4d55-4e2a-b477-589acc15f45f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d067a6e4-acf7-4373-b975-c87ec744a362", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.959415Z", + "modified": "2024-08-31T00:19:15.959415Z", + "name": "CVE-2024-8234", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64.json b/objects/vulnerability/vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64.json new file mode 100644 index 00000000000..ab17696d5d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--faf97956-4633-455d-b617-cc0ed2bbd47c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d58bd510-91d9-4060-85d3-fe16e5fc4b64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.96239Z", + "modified": "2024-08-31T00:19:15.96239Z", + "name": "CVE-2024-8337", + "description": "A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283.json b/objects/vulnerability/vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283.json new file mode 100644 index 00000000000..456ccaba735 --- /dev/null +++ b/objects/vulnerability/vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45d1fb04-d0d1-433c-8187-ee1db22bf321", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d71750d8-d437-468b-af3d-c9fe738ac283", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.976087Z", + "modified": "2024-08-31T00:19:15.976087Z", + "name": "CVE-2024-3673", + "description": "The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa.json b/objects/vulnerability/vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa.json new file mode 100644 index 00000000000..f24bc78788c --- /dev/null +++ b/objects/vulnerability/vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62d63550-8dbf-405d-a960-690a3cadf3d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da926a17-7a7d-44ef-abec-038e8eca38fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.940466Z", + "modified": "2024-08-31T00:19:15.940466Z", + "name": "CVE-2024-8016", + "description": "The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely. In certain configurations, this can be exploitable by lower level users. We confirmed that this plugin installed with Elementor makes it possible for users with contributor-level access and above to exploit this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df481a05-1097-44fa-932a-084045cf1002.json b/objects/vulnerability/vulnerability--df481a05-1097-44fa-932a-084045cf1002.json new file mode 100644 index 00000000000..7d245986e7f --- /dev/null +++ b/objects/vulnerability/vulnerability--df481a05-1097-44fa-932a-084045cf1002.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3f8cb7e-244b-4dcd-a939-a56321f86300", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df481a05-1097-44fa-932a-084045cf1002", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.934031Z", + "modified": "2024-08-31T00:19:15.934031Z", + "name": "CVE-2024-8339", + "description": "A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda.json b/objects/vulnerability/vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda.json new file mode 100644 index 00000000000..8bdf78eb4da --- /dev/null +++ b/objects/vulnerability/vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eedacfd0-a3cc-47a7-b80a-e0bc8e6e1647", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e25bb2c9-fc48-48b5-adaa-1ac342b25bda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.954576Z", + "modified": "2024-08-31T00:19:15.954576Z", + "name": "CVE-2024-8252", + "description": "The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8252" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202.json b/objects/vulnerability/vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202.json new file mode 100644 index 00000000000..1d460a8d89d --- /dev/null +++ b/objects/vulnerability/vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e953f6ba-f7d5-44f9-83c5-dbbeb8d506cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ecbcec98-86cb-4bcc-9b02-2c51c4940202", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.944467Z", + "modified": "2024-08-31T00:19:15.944467Z", + "name": "CVE-2024-8338", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8338" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef617e45-2767-4427-84ba-249a5036383f.json b/objects/vulnerability/vulnerability--ef617e45-2767-4427-84ba-249a5036383f.json new file mode 100644 index 00000000000..089b59df03d --- /dev/null +++ b/objects/vulnerability/vulnerability--ef617e45-2767-4427-84ba-249a5036383f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21df9929-2c35-4ab1-bfb4-f431d3ae38f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef617e45-2767-4427-84ba-249a5036383f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.038175Z", + "modified": "2024-08-31T00:19:16.038175Z", + "name": "CVE-2024-45492", + "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3583055-669c-40e6-93d0-fb84579473be.json b/objects/vulnerability/vulnerability--f3583055-669c-40e6-93d0-fb84579473be.json new file mode 100644 index 00000000000..f68f587529e --- /dev/null +++ b/objects/vulnerability/vulnerability--f3583055-669c-40e6-93d0-fb84579473be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6bf16ee-aa03-4fc8-8a52-67bcff2834e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3583055-669c-40e6-93d0-fb84579473be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:15.932468Z", + "modified": "2024-08-31T00:19:15.932468Z", + "name": "CVE-2024-8345", + "description": "A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2.json b/objects/vulnerability/vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2.json new file mode 100644 index 00000000000..779630400e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13982c6e-acb5-4de7-8871-0f818b5fd476", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7f5b8a5-be4a-49bd-a844-dfedf8079fe2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.029095Z", + "modified": "2024-08-31T00:19:16.029095Z", + "name": "CVE-2024-45304", + "description": "Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586.json b/objects/vulnerability/vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586.json new file mode 100644 index 00000000000..d9897dd27fb --- /dev/null +++ b/objects/vulnerability/vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11362875-e03b-4588-a47b-217ffc106c5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-08-31T00:19:16.071494Z", + "modified": "2024-08-31T00:19:16.071494Z", + "name": "CVE-2024-6585", + "description": "Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6585" + } + ] + } + ] +} \ No newline at end of file