From e199b19c6c5932a6d9f83c18d3bbd04456471cb0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 00:21:08 +0000 Subject: [PATCH] generated content from 2024-09-09 --- mapping.csv | 29 +++++++++++++++++++ ...-0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json | 22 ++++++++++++++ ...-0e774f44-712e-417b-be4d-997ddd06574f.json | 22 ++++++++++++++ ...-0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json | 22 ++++++++++++++ ...-184e380c-d769-48fa-a65b-462ace737e76.json | 22 ++++++++++++++ ...-2b8311eb-37d3-4481-9e8b-b60349009adb.json | 22 ++++++++++++++ ...-49bb70fa-17c3-42c8-8efb-5c750529350b.json | 22 ++++++++++++++ ...-580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json | 22 ++++++++++++++ ...-60469a7c-1948-417d-a520-7e0303836256.json | 22 ++++++++++++++ ...-654d2e6e-2328-46c9-9571-79d4502b85bc.json | 22 ++++++++++++++ ...-6c0c2025-8448-493d-9bdb-4f3374883b10.json | 22 ++++++++++++++ ...-71b37319-0eab-4446-a49f-fb705f764f87.json | 22 ++++++++++++++ ...-75ba8ace-b0f3-496f-91f6-7b06a724d72a.json | 22 ++++++++++++++ ...-813b77c5-8bee-4f7a-8501-585c2debbf23.json | 22 ++++++++++++++ ...-8c5a2815-85bc-41cf-b601-a6a164e98da2.json | 22 ++++++++++++++ ...-8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json | 22 ++++++++++++++ ...-91c1a6e7-ca41-4797-bdcb-12a70bd7de02.json | 22 ++++++++++++++ ...-9e5771bb-8976-4d31-82aa-939a11ba49ca.json | 22 ++++++++++++++ ...-a3761c1a-dad2-4ede-81ca-be32c7665e17.json | 22 ++++++++++++++ ...-b2705eda-75bb-4ce4-8f4d-51c8a2a04f56.json | 22 ++++++++++++++ ...-b96e5433-e7c7-44ac-bc3b-6f745667ce85.json | 22 ++++++++++++++ ...-d679301a-ad3a-4a80-a43a-14d05d47fc1c.json | 22 ++++++++++++++ ...-d71a5687-f66f-4cdb-a990-d7619469c1e4.json | 22 ++++++++++++++ ...-d8ddc0f8-6085-401b-bc02-d81aa6f8985f.json | 22 ++++++++++++++ ...-db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6.json | 22 ++++++++++++++ ...-dc8f4703-5367-458e-8c83-7cd65be7ec27.json | 22 ++++++++++++++ ...-e50c1750-59c3-4124-84d2-81ff1d6adf44.json | 22 ++++++++++++++ ...-e7820d16-0f12-4507-919b-a50aad758d4f.json | 22 ++++++++++++++ ...-fbfd602f-4715-440e-a925-a439f5e2369f.json | 22 ++++++++++++++ ...-fef8837d-e3bb-4de8-bb11-67eee7aca618.json | 22 ++++++++++++++ 30 files changed, 667 insertions(+) create mode 100644 objects/vulnerability/vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json create mode 100644 objects/vulnerability/vulnerability--0e774f44-712e-417b-be4d-997ddd06574f.json create mode 100644 objects/vulnerability/vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json create mode 100644 objects/vulnerability/vulnerability--184e380c-d769-48fa-a65b-462ace737e76.json create mode 100644 objects/vulnerability/vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb.json create mode 100644 objects/vulnerability/vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b.json create mode 100644 objects/vulnerability/vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json create mode 100644 objects/vulnerability/vulnerability--60469a7c-1948-417d-a520-7e0303836256.json create mode 100644 objects/vulnerability/vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc.json create mode 100644 objects/vulnerability/vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10.json create mode 100644 objects/vulnerability/vulnerability--71b37319-0eab-4446-a49f-fb705f764f87.json create mode 100644 objects/vulnerability/vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a.json create mode 100644 objects/vulnerability/vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23.json create mode 100644 objects/vulnerability/vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2.json create mode 100644 objects/vulnerability/vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json create mode 100644 objects/vulnerability/vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02.json create mode 100644 objects/vulnerability/vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca.json create mode 100644 objects/vulnerability/vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17.json create mode 100644 objects/vulnerability/vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56.json create mode 100644 objects/vulnerability/vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85.json create mode 100644 objects/vulnerability/vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c.json create mode 100644 objects/vulnerability/vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4.json create mode 100644 objects/vulnerability/vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f.json create mode 100644 objects/vulnerability/vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6.json create mode 100644 objects/vulnerability/vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27.json create mode 100644 objects/vulnerability/vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44.json create mode 100644 objects/vulnerability/vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f.json create mode 100644 objects/vulnerability/vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f.json create mode 100644 objects/vulnerability/vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618.json diff --git a/mapping.csv b/mapping.csv index 1d14207bed3..491065387ef 100644 --- a/mapping.csv +++ b/mapping.csv @@ -248511,3 +248511,32 @@ vulnerability,CVE-2023-30582,vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650 vulnerability,CVE-2023-30587,vulnerability--6224293e-36ec-4199-a626-932d5acb7e33 vulnerability,CVE-2023-30584,vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3 vulnerability,CVE-2023-39333,vulnerability--298907cf-485f-4874-8989-84e1418adcb7 +vulnerability,CVE-2024-6855,vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6 +vulnerability,CVE-2024-6852,vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a +vulnerability,CVE-2024-6856,vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f +vulnerability,CVE-2024-6928,vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17 +vulnerability,CVE-2024-6859,vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10 +vulnerability,CVE-2024-6924,vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b +vulnerability,CVE-2024-6925,vulnerability--184e380c-d769-48fa-a65b-462ace737e76 +vulnerability,CVE-2024-6853,vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23 +vulnerability,CVE-2024-42341,vulnerability--0e774f44-712e-417b-be4d-997ddd06574f +vulnerability,CVE-2024-42343,vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256 +vulnerability,CVE-2024-42342,vulnerability--60469a7c-1948-417d-a520-7e0303836256 +vulnerability,CVE-2024-8577,vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca +vulnerability,CVE-2024-8580,vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02 +vulnerability,CVE-2024-8570,vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4 +vulnerability,CVE-2024-8574,vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618 +vulnerability,CVE-2024-8569,vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc +vulnerability,CVE-2024-8576,vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf +vulnerability,CVE-2024-8578,vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8 +vulnerability,CVE-2024-8571,vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4 +vulnerability,CVE-2024-8573,vulnerability--71b37319-0eab-4446-a49f-fb705f764f87 +vulnerability,CVE-2024-8572,vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f +vulnerability,CVE-2024-8568,vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44 +vulnerability,CVE-2024-8567,vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2 +vulnerability,CVE-2024-8583,vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56 +vulnerability,CVE-2024-8575,vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c +vulnerability,CVE-2024-8579,vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb +vulnerability,CVE-2024-8582,vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27 +vulnerability,CVE-2024-43835,vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85 +vulnerability,CVE-2024-43859,vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f diff --git a/objects/vulnerability/vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json b/objects/vulnerability/vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json new file mode 100644 index 00000000000..52139bff6a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aca9b697-2897-42b8-bf9f-c22504a43edc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.662408Z", + "modified": "2024-09-09T00:20:45.662408Z", + "name": "CVE-2024-8571", + "description": "A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e774f44-712e-417b-be4d-997ddd06574f.json b/objects/vulnerability/vulnerability--0e774f44-712e-417b-be4d-997ddd06574f.json new file mode 100644 index 00000000000..f57dcea297b --- /dev/null +++ b/objects/vulnerability/vulnerability--0e774f44-712e-417b-be4d-997ddd06574f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db4235c3-9eca-4e66-9c4e-acbc77fc6708", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e774f44-712e-417b-be4d-997ddd06574f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.097135Z", + "modified": "2024-09-09T00:20:45.097135Z", + "name": "CVE-2024-42341", + "description": "Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json b/objects/vulnerability/vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json new file mode 100644 index 00000000000..21d29301812 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d366c41-3048-45eb-904e-81ef42a6575c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.102328Z", + "modified": "2024-09-09T00:20:45.102328Z", + "name": "CVE-2024-42343", + "description": "Loway - CWE-204: Observable Response Discrepancy", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42343" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--184e380c-d769-48fa-a65b-462ace737e76.json b/objects/vulnerability/vulnerability--184e380c-d769-48fa-a65b-462ace737e76.json new file mode 100644 index 00000000000..53664c50898 --- /dev/null +++ b/objects/vulnerability/vulnerability--184e380c-d769-48fa-a65b-462ace737e76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--678503fc-2be2-4495-aae6-861445a4e748", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--184e380c-d769-48fa-a65b-462ace737e76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.06936Z", + "modified": "2024-09-09T00:20:45.06936Z", + "name": "CVE-2024-6925", + "description": "The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb.json b/objects/vulnerability/vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb.json new file mode 100644 index 00000000000..dbed5e5b558 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58e81f46-96df-423a-88f2-9751b851c9ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.687225Z", + "modified": "2024-09-09T00:20:45.687225Z", + "name": "CVE-2024-8579", + "description": "A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8579" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b.json b/objects/vulnerability/vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b.json new file mode 100644 index 00000000000..59dc793024e --- /dev/null +++ b/objects/vulnerability/vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4ab62a0-12d6-4bc9-aa4e-7ded95988030", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.065913Z", + "modified": "2024-09-09T00:20:45.065913Z", + "name": "CVE-2024-6924", + "description": "The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6924" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json b/objects/vulnerability/vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json new file mode 100644 index 00000000000..271801865da --- /dev/null +++ b/objects/vulnerability/vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b43c44c5-cc90-49a2-bd2e-10e1a1704f6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.659704Z", + "modified": "2024-09-09T00:20:45.659704Z", + "name": "CVE-2024-8578", + "description": "A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8578" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60469a7c-1948-417d-a520-7e0303836256.json b/objects/vulnerability/vulnerability--60469a7c-1948-417d-a520-7e0303836256.json new file mode 100644 index 00000000000..d67ea728ffc --- /dev/null +++ b/objects/vulnerability/vulnerability--60469a7c-1948-417d-a520-7e0303836256.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ee23715-dddf-4309-b41a-217e4ce00603", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60469a7c-1948-417d-a520-7e0303836256", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.110114Z", + "modified": "2024-09-09T00:20:45.110114Z", + "name": "CVE-2024-42342", + "description": "Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc.json b/objects/vulnerability/vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc.json new file mode 100644 index 00000000000..05360f1e8b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90acb835-a77a-4562-aca3-4463a704515c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.651791Z", + "modified": "2024-09-09T00:20:45.651791Z", + "name": "CVE-2024-8569", + "description": "A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10.json b/objects/vulnerability/vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10.json new file mode 100644 index 00000000000..054089c9c50 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19349ce3-7671-41cb-98b4-e6c1b7a48148", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.059532Z", + "modified": "2024-09-09T00:20:45.059532Z", + "name": "CVE-2024-6859", + "description": "The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71b37319-0eab-4446-a49f-fb705f764f87.json b/objects/vulnerability/vulnerability--71b37319-0eab-4446-a49f-fb705f764f87.json new file mode 100644 index 00000000000..b9a6570d07b --- /dev/null +++ b/objects/vulnerability/vulnerability--71b37319-0eab-4446-a49f-fb705f764f87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6cfe0c6-0c9f-4524-b59d-f749b725420e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71b37319-0eab-4446-a49f-fb705f764f87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.667218Z", + "modified": "2024-09-09T00:20:45.667218Z", + "name": "CVE-2024-8573", + "description": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8573" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a.json b/objects/vulnerability/vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a.json new file mode 100644 index 00000000000..c94342cac45 --- /dev/null +++ b/objects/vulnerability/vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad353d87-ebf5-4d77-a22c-241fc65afc21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.020435Z", + "modified": "2024-09-09T00:20:45.020435Z", + "name": "CVE-2024-6852", + "description": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23.json b/objects/vulnerability/vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23.json new file mode 100644 index 00000000000..fb79676af9e --- /dev/null +++ b/objects/vulnerability/vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1305fa25-9656-4c34-8f5b-3c1be12d34d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.071091Z", + "modified": "2024-09-09T00:20:45.071091Z", + "name": "CVE-2024-6853", + "description": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6853" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2.json b/objects/vulnerability/vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2.json new file mode 100644 index 00000000000..ef313a4f481 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7d2d4f7-8ed3-498f-9c3e-a8a1fdaa2a20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.680721Z", + "modified": "2024-09-09T00:20:45.680721Z", + "name": "CVE-2024-8567", + "description": "A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8567" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json b/objects/vulnerability/vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json new file mode 100644 index 00000000000..970772abbac --- /dev/null +++ b/objects/vulnerability/vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53afe930-c53e-465a-8dfb-1898e0f3638b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.657487Z", + "modified": "2024-09-09T00:20:45.657487Z", + "name": "CVE-2024-8576", + "description": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02.json b/objects/vulnerability/vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02.json new file mode 100644 index 00000000000..195e4c59b58 --- /dev/null +++ b/objects/vulnerability/vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8445c0bd-3770-4318-b70e-c58de5d4bb97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.646087Z", + "modified": "2024-09-09T00:20:45.646087Z", + "name": "CVE-2024-8580", + "description": "A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8580" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca.json b/objects/vulnerability/vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca.json new file mode 100644 index 00000000000..f22809b64d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38fd07f9-dadf-477f-829f-e5e9a8ad6d83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.643412Z", + "modified": "2024-09-09T00:20:45.643412Z", + "name": "CVE-2024-8577", + "description": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8577" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17.json b/objects/vulnerability/vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17.json new file mode 100644 index 00000000000..7e3679facde --- /dev/null +++ b/objects/vulnerability/vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08362288-bb1b-4996-85a6-bd1fed3b1f38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.051539Z", + "modified": "2024-09-09T00:20:45.051539Z", + "name": "CVE-2024-6928", + "description": "The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6928" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56.json b/objects/vulnerability/vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56.json new file mode 100644 index 00000000000..257e46c111f --- /dev/null +++ b/objects/vulnerability/vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5b5a831-980f-400e-804b-03d121f4c9ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.681777Z", + "modified": "2024-09-09T00:20:45.681777Z", + "name": "CVE-2024-8583", + "description": "A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects an unknown part of the file /mfeedback.php of the component Feedback Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85.json b/objects/vulnerability/vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85.json new file mode 100644 index 00000000000..030afb09cbe --- /dev/null +++ b/objects/vulnerability/vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1097347-d976-4d6d-8d18-29b93bbad660", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:46.25066Z", + "modified": "2024-09-09T00:20:46.25066Z", + "name": "CVE-2024-43835", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 (\"net: Use nested-BH locking for\nnapi_alloc_cache.\") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t __warn+0x12f/0x340\n\t napi_skb_cache_put+0x82/0x4b0\n\t napi_skb_cache_put+0x82/0x4b0\n\t report_bug+0x165/0x370\n\t handle_bug+0x3d/0x80\n\t exc_invalid_op+0x1a/0x50\n\t asm_exc_invalid_op+0x1a/0x20\n\t __free_old_xmit+0x1c8/0x510\n\t napi_skb_cache_put+0x82/0x4b0\n\t __free_old_xmit+0x1c8/0x510\n\t __free_old_xmit+0x1c8/0x510\n\t __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it's running in NAPI context\neven when it's not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43835" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c.json b/objects/vulnerability/vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c.json new file mode 100644 index 00000000000..0da89cf00be --- /dev/null +++ b/objects/vulnerability/vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9257e76e-c139-4823-bbdb-427334577ac6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.684761Z", + "modified": "2024-09-09T00:20:45.684761Z", + "name": "CVE-2024-8575", + "description": "A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8575" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4.json b/objects/vulnerability/vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4.json new file mode 100644 index 00000000000..303d71a4afa --- /dev/null +++ b/objects/vulnerability/vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--148c6bba-2b9a-45fe-82f1-12655c912994", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.647848Z", + "modified": "2024-09-09T00:20:45.647848Z", + "name": "CVE-2024-8570", + "description": "A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8570" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f.json b/objects/vulnerability/vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f.json new file mode 100644 index 00000000000..f54beb9bfd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b8f2ef2-ae76-46a4-8154-6629e958dffa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.668907Z", + "modified": "2024-09-09T00:20:45.668907Z", + "name": "CVE-2024-8572", + "description": "A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6.json b/objects/vulnerability/vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6.json new file mode 100644 index 00000000000..b673c5fd6fb --- /dev/null +++ b/objects/vulnerability/vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c832f2e7-143d-434a-970c-5258cf42078c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.009369Z", + "modified": "2024-09-09T00:20:45.009369Z", + "name": "CVE-2024-6855", + "description": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6855" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27.json b/objects/vulnerability/vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27.json new file mode 100644 index 00000000000..17e85641725 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afea6d99-6e42-43f1-9bb1-c631b2ef5f09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.68936Z", + "modified": "2024-09-09T00:20:45.68936Z", + "name": "CVE-2024-8582", + "description": "A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44.json b/objects/vulnerability/vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44.json new file mode 100644 index 00000000000..58345deee94 --- /dev/null +++ b/objects/vulnerability/vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c9159b9-6fec-4c9f-9d98-f5872ab66cce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.678664Z", + "modified": "2024-09-09T00:20:45.678664Z", + "name": "CVE-2024-8568", + "description": "A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f.json b/objects/vulnerability/vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f.json new file mode 100644 index 00000000000..8361fda8a18 --- /dev/null +++ b/objects/vulnerability/vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7aa4be6-5d15-45ad-a6c5-e9d15821adfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.026294Z", + "modified": "2024-09-09T00:20:45.026294Z", + "name": "CVE-2024-6856", + "description": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f.json b/objects/vulnerability/vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f.json new file mode 100644 index 00000000000..a53dbb7d4ff --- /dev/null +++ b/objects/vulnerability/vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd2b57cc-f41e-4e07-9cda-b96e2653eb72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:46.253158Z", + "modified": "2024-09-09T00:20:46.253158Z", + "name": "CVE-2024-43859", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n - f2fs_disable_checkpoint\n - f2fs_gc\n - f2fs_iget\n - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618.json b/objects/vulnerability/vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618.json new file mode 100644 index 00000000000..39165608d38 --- /dev/null +++ b/objects/vulnerability/vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72b736f7-3e94-4fd7-a991-57c12f348141", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-09T00:20:45.649865Z", + "modified": "2024-09-09T00:20:45.649865Z", + "name": "CVE-2024-8574", + "description": "A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8574" + } + ] + } + ] +} \ No newline at end of file