diff --git a/mapping.csv b/mapping.csv index ae165f3bbfd..7de2ef58943 100644 --- a/mapping.csv +++ b/mapping.csv @@ -251064,3 +251064,111 @@ vulnerability,CVE-2024-47342,vulnerability--1b6ad094-0ede-428a-82ba-366ceee4ba1b vulnerability,CVE-2024-47327,vulnerability--e187abce-1460-4e94-8a0f-f4489d44d24c vulnerability,CVE-2024-47352,vulnerability--a10517dd-6e20-4ea2-9cf6-3014cfb48d3a vulnerability,CVE-2024-47339,vulnerability--519f7658-c32b-47e9-97f5-b7a16ca8deea +vulnerability,CVE-2024-45873,vulnerability--2290c864-9fc1-457c-b9a3-3eb2d4307292 +vulnerability,CVE-2024-45293,vulnerability--2afb9a5e-ea03-4267-8a22-a20797c8598b +vulnerability,CVE-2024-45060,vulnerability--70d406a5-c352-41e6-a316-a3e981bdcdfe +vulnerability,CVE-2024-45933,vulnerability--61fed9ec-7415-444e-ad81-79fcf9f6f2b4 +vulnerability,CVE-2024-45051,vulnerability--09fe3bdb-9a54-4e15-a35f-1358ccd2cdce +vulnerability,CVE-2024-45919,vulnerability--cfe5403c-dcb9-4e57-a6b9-1ac392b5565a +vulnerability,CVE-2024-45932,vulnerability--39e0704c-6879-43f7-8be7-f673655dcb18 +vulnerability,CVE-2024-45297,vulnerability--3f94cb6b-b9c5-46bc-9bf1-6f0393ae0643 +vulnerability,CVE-2024-45292,vulnerability--ce5d6de7-b760-4037-885e-89abdc1d0166 +vulnerability,CVE-2024-45290,vulnerability--053b6985-321b-41d8-bdb2-0060ccc5e8d2 +vulnerability,CVE-2024-45894,vulnerability--810574e7-8f85-4016-84d6-3041d4112323 +vulnerability,CVE-2024-45153,vulnerability--259cf6c8-0be1-4c0c-a08f-587d92a70b40 +vulnerability,CVE-2024-45291,vulnerability--1042f9d4-829e-4d85-b1e1-ad6a9f5605fa +vulnerability,CVE-2024-45874,vulnerability--cc339f92-6815-4aeb-9b2f-e5d10cf1cb15 +vulnerability,CVE-2024-9566,vulnerability--d6dc205c-09b5-41d2-976d-10d8fac4982c +vulnerability,CVE-2024-9576,vulnerability--84fb243a-e570-4322-bfb5-314d0fc90cd0 +vulnerability,CVE-2024-9567,vulnerability--073ee2fa-f72a-4fea-b6a9-a221e39669ab +vulnerability,CVE-2024-9565,vulnerability--d17fc2ba-1091-42d1-863b-d225b4743583 +vulnerability,CVE-2024-9569,vulnerability--686ce635-f690-4360-aaf5-8abbbde84ab4 +vulnerability,CVE-2024-9572,vulnerability--cbdab172-fec5-4e97-9e47-13aec442b33d +vulnerability,CVE-2024-9573,vulnerability--8597ee95-6463-472d-be8b-b10e0bb5d6f6 +vulnerability,CVE-2024-9571,vulnerability--6d30b9de-94ef-491e-9845-239b66a82575 +vulnerability,CVE-2024-9574,vulnerability--ec00cb9e-c2f0-4c1a-9f09-633484979674 +vulnerability,CVE-2024-9570,vulnerability--682fc019-c0be-4182-ad71-4df069465dce +vulnerability,CVE-2024-9564,vulnerability--572e6c53-59ca-4ada-8125-fec3e37956a8 +vulnerability,CVE-2024-9568,vulnerability--6147e57b-113d-48f3-9497-a59e7a8e1e42 +vulnerability,CVE-2024-47968,vulnerability--688b4102-4a46-41be-ae69-9c2c4130f66f +vulnerability,CVE-2024-47558,vulnerability--74ba7c74-72ed-474a-876a-0e6a3c40a015 +vulnerability,CVE-2024-47781,vulnerability--b42082f9-ff85-4680-a504-812d321f777d +vulnerability,CVE-2024-47973,vulnerability--dff8e74b-95b2-4471-a473-4a5d037d727e +vulnerability,CVE-2024-47557,vulnerability--bafcfc19-9290-4168-9c12-d6cf7a8d289d +vulnerability,CVE-2024-47559,vulnerability--f81c0dab-1904-47ce-9dff-308f97539be6 +vulnerability,CVE-2024-47814,vulnerability--7633eee5-565b-4139-a5a3-91917e111943 +vulnerability,CVE-2024-47971,vulnerability--9c102962-1bea-47ca-810b-67a99cacce0e +vulnerability,CVE-2024-47079,vulnerability--d678eb92-77fe-475f-b58a-2fc8b515c3ba +vulnerability,CVE-2024-47972,vulnerability--c2a88a1e-8c16-46d3-b52c-fa6bec03d748 +vulnerability,CVE-2024-47967,vulnerability--e9555de0-f42d-41b9-a192-8ed5a798e284 +vulnerability,CVE-2024-47610,vulnerability--a489275a-5fd6-46ae-8cbc-5c0bdf7ef540 +vulnerability,CVE-2024-47344,vulnerability--ea3b2f9d-c04a-4b23-88f8-25294a46eca1 +vulnerability,CVE-2024-47556,vulnerability--290bab71-760d-46ca-af2c-08c6c7ccded1 +vulnerability,CVE-2024-47772,vulnerability--1a3e5c37-f4c0-4cd3-ad42-58a9b08f3a59 +vulnerability,CVE-2024-47976,vulnerability--508ed748-e8f9-4649-81a0-732491494962 +vulnerability,CVE-2024-47817,vulnerability--431c7856-5905-48a4-81d8-2dfc9af46830 +vulnerability,CVE-2024-47335,vulnerability--a221efd7-b878-4ff7-92ac-f355632aab05 +vulnerability,CVE-2024-47975,vulnerability--31753c48-19bc-48e4-a082-89175c1cf4aa +vulnerability,CVE-2024-47969,vulnerability--8c8cdb20-dc66-434a-bb8f-f51b41817cd8 +vulnerability,CVE-2024-47818,vulnerability--89f111aa-b9da-416d-aca1-06c45bf00d05 +vulnerability,CVE-2024-47555,vulnerability--d6d39503-cc55-4767-8bfa-6d4925085b71 +vulnerability,CVE-2024-47974,vulnerability--48e49591-dd2c-4411-a1e6-58c88e649260 +vulnerability,CVE-2024-47782,vulnerability--b1b3061b-b837-4824-bfa7-d92455e6e571 +vulnerability,CVE-2024-44068,vulnerability--017bebce-b7fe-42d0-8e2f-1d3933848e91 +vulnerability,CVE-2024-44674,vulnerability--881ada79-dc03-461d-a08e-d40f32e70b0d +vulnerability,CVE-2024-33065,vulnerability--76fc583d-8669-4379-8593-50fb75ad6d1b +vulnerability,CVE-2024-33070,vulnerability--d24c7798-296c-4fb0-8995-9095ae22ec16 +vulnerability,CVE-2024-33066,vulnerability--baddbe05-c786-45e0-817d-5f7895933d19 +vulnerability,CVE-2024-33049,vulnerability--2f081804-fdcc-4387-9bd2-57d3940d08da +vulnerability,CVE-2024-33064,vulnerability--5227fcea-dce6-4acb-84d3-fc99672e5d21 +vulnerability,CVE-2024-33071,vulnerability--5c8764b0-2dcb-48e2-a187-81bd5a995fdd +vulnerability,CVE-2024-33073,vulnerability--7d2ed6a5-1039-4bba-a2d7-fe88d2c3075f +vulnerability,CVE-2024-33069,vulnerability--0728d000-6810-4890-b62a-95c3f7713e67 +vulnerability,CVE-2024-38425,vulnerability--49eef9b8-bf7a-452f-87d1-5e514442f36e +vulnerability,CVE-2024-38397,vulnerability--d7f21ab1-399f-4eb3-9d3e-af9d3ff2d35a +vulnerability,CVE-2024-38399,vulnerability--8fb2bc1d-49c8-402f-acf9-8ba11c0c2c73 +vulnerability,CVE-2024-31227,vulnerability--4710016c-f31b-45f5-b25e-ad620d926c4f +vulnerability,CVE-2024-31228,vulnerability--2761cbfe-5110-4ff6-bcd0-dd4ef55ece4c +vulnerability,CVE-2024-31449,vulnerability--b13ea625-c5ce-4935-9bcd-521d0f1c7639 +vulnerability,CVE-2024-21455,vulnerability--a16afd5f-a0c6-4df7-87c0-f8dd166524e3 +vulnerability,CVE-2024-20094,vulnerability--6ed57efe-0f83-4151-a8e5-fbb335d376f3 +vulnerability,CVE-2024-20092,vulnerability--486305a5-e2ed-4751-9c60-a7f73eb58e04 +vulnerability,CVE-2024-20096,vulnerability--7d5989ef-cc7f-4c3f-8c54-9c6d197a576a +vulnerability,CVE-2024-20099,vulnerability--fd844f0a-ef76-470e-9c78-4f2fe27c1eec +vulnerability,CVE-2024-20098,vulnerability--f8b4e837-d81e-4a8e-8345-3d03130dcab7 +vulnerability,CVE-2024-20091,vulnerability--8a61809a-9e77-4116-8b87-8127d7972c1e +vulnerability,CVE-2024-20095,vulnerability--b3a5a903-a67c-4416-aa0a-e650c2bb6ba3 +vulnerability,CVE-2024-20090,vulnerability--111d7178-e333-4907-84b6-93bd3e140e57 +vulnerability,CVE-2024-20101,vulnerability--0f4134c8-5188-406c-bcf0-e397662c4e79 +vulnerability,CVE-2024-20097,vulnerability--0cf3cf97-a1fb-4b5f-8713-8b74d81c7578 +vulnerability,CVE-2024-20103,vulnerability--c0c8b4cf-3dd3-4c73-8763-2d06abce2879 +vulnerability,CVE-2024-20093,vulnerability--dc3b8a20-31f3-4fbd-bcc7-3cad9816c074 +vulnerability,CVE-2024-20102,vulnerability--edba0f99-4436-4fb3-8af2-7ec5d4ada9a3 +vulnerability,CVE-2024-20100,vulnerability--f33323bf-dbb8-42e0-bd7c-99e093d76c66 +vulnerability,CVE-2024-23374,vulnerability--7ba83fd4-3410-4a79-b4f0-5e43a4349e11 +vulnerability,CVE-2024-23370,vulnerability--c4e47816-a8fe-48a5-b1b8-9f9ebbc430aa +vulnerability,CVE-2024-23376,vulnerability--e1911a5b-3379-4725-bea9-846590b00b5a +vulnerability,CVE-2024-23379,vulnerability--b89c73f7-f100-457d-a1cf-3169c6c7db4c +vulnerability,CVE-2024-23369,vulnerability--3f27e4b2-6de2-4e31-8559-f04fce208b79 +vulnerability,CVE-2024-23378,vulnerability--deda5bc3-ef17-4b61-bc96-211d2a05238f +vulnerability,CVE-2024-23375,vulnerability--7d2da7d1-862c-4fd1-8df5-d2a45db7402e +vulnerability,CVE-2024-46325,vulnerability--ad77334d-8834-4611-9eae-b73b2d592bc2 +vulnerability,CVE-2024-46278,vulnerability--0b5ecd6e-d45a-4d18-a42e-a7acd38f2f64 +vulnerability,CVE-2024-46041,vulnerability--9fd3c846-eafc-4dbb-aa24-a33ebd582608 +vulnerability,CVE-2024-46040,vulnerability--f468a305-4460-4e56-bfbb-31cf2978b336 +vulnerability,CVE-2024-46446,vulnerability--ab9b4c85-cacf-4755-a3ca-063b95263ae6 +vulnerability,CVE-2024-46300,vulnerability--ad6f973f-ee2a-4f6d-bc50-26b9528f29e9 +vulnerability,CVE-2024-46076,vulnerability--ae56355c-92ac-4bb8-a805-e92f695d02a2 +vulnerability,CVE-2024-42027,vulnerability--4131cf07-0000-4df1-9cef-e77edf620a73 +vulnerability,CVE-2024-42831,vulnerability--748264ca-0883-42dc-ade4-a335069b0b43 +vulnerability,CVE-2024-28709,vulnerability--dd2003e3-ded4-4d0e-a26e-c3881d272305 +vulnerability,CVE-2024-28710,vulnerability--8162c684-bc8c-4548-9233-201c310233c3 +vulnerability,CVE-2024-27458,vulnerability--01eeb233-d1b9-45b6-8699-729e5c89ae4c +vulnerability,CVE-2024-43047,vulnerability--ffc79d7d-b51b-4d9f-924e-7fc12fcba946 +vulnerability,CVE-2024-43789,vulnerability--e693f7b2-4dbf-4ed9-a7b3-48d1aef2ff50 +vulnerability,CVE-2024-43363,vulnerability--41c7de25-f203-4e66-8020-029043c858ec +vulnerability,CVE-2024-43364,vulnerability--e9ecfb48-ed97-4299-8ed9-a3398b4fa8ef +vulnerability,CVE-2024-43362,vulnerability--5800001c-97da-44c1-b595-e40e8dab4e43 +vulnerability,CVE-2024-43365,vulnerability--f85467e1-b171-4992-ace1-8d026a63b151 +vulnerability,CVE-2023-6361,vulnerability--8afdd32c-b191-4434-b553-d89a857b8fd7 +vulnerability,CVE-2023-6362,vulnerability--543dead3-db48-42d3-bdcd-3f38427ce6a0 diff --git a/objects/vulnerability/vulnerability--017bebce-b7fe-42d0-8e2f-1d3933848e91.json b/objects/vulnerability/vulnerability--017bebce-b7fe-42d0-8e2f-1d3933848e91.json new file mode 100644 index 00000000000..bcb34fc11a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--017bebce-b7fe-42d0-8e2f-1d3933848e91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc7fe3a3-3e6c-44e0-96b2-63482af74d5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--017bebce-b7fe-42d0-8e2f-1d3933848e91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.634939Z", + "modified": "2024-10-08T00:20:12.634939Z", + "name": "CVE-2024-44068", + "description": "An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01eeb233-d1b9-45b6-8699-729e5c89ae4c.json b/objects/vulnerability/vulnerability--01eeb233-d1b9-45b6-8699-729e5c89ae4c.json new file mode 100644 index 00000000000..3401b2caa5b --- /dev/null +++ b/objects/vulnerability/vulnerability--01eeb233-d1b9-45b6-8699-729e5c89ae4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39b11bb6-10cd-4cad-a7b7-dba8627ee5cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01eeb233-d1b9-45b6-8699-729e5c89ae4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.1773Z", + "modified": "2024-10-08T00:20:14.1773Z", + "name": "CVE-2024-27458", + "description": "A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--053b6985-321b-41d8-bdb2-0060ccc5e8d2.json b/objects/vulnerability/vulnerability--053b6985-321b-41d8-bdb2-0060ccc5e8d2.json new file mode 100644 index 00000000000..eb1542dae51 --- /dev/null +++ b/objects/vulnerability/vulnerability--053b6985-321b-41d8-bdb2-0060ccc5e8d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--268a22d9-5234-40f9-8573-e5b26f9cdfd4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--053b6985-321b-41d8-bdb2-0060ccc5e8d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.152163Z", + "modified": "2024-10-08T00:20:12.152163Z", + "name": "CVE-2024-45290", + "description": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0728d000-6810-4890-b62a-95c3f7713e67.json b/objects/vulnerability/vulnerability--0728d000-6810-4890-b62a-95c3f7713e67.json new file mode 100644 index 00000000000..3c5bbbf42e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--0728d000-6810-4890-b62a-95c3f7713e67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3235cc8b-7cdf-4213-931b-4559f6c50d21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0728d000-6810-4890-b62a-95c3f7713e67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.77418Z", + "modified": "2024-10-08T00:20:12.77418Z", + "name": "CVE-2024-33069", + "description": "Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33069" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--073ee2fa-f72a-4fea-b6a9-a221e39669ab.json b/objects/vulnerability/vulnerability--073ee2fa-f72a-4fea-b6a9-a221e39669ab.json new file mode 100644 index 00000000000..7f34ee7e023 --- /dev/null +++ b/objects/vulnerability/vulnerability--073ee2fa-f72a-4fea-b6a9-a221e39669ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2188860-f3eb-4225-bf43-1894de3a87c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--073ee2fa-f72a-4fea-b6a9-a221e39669ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.182758Z", + "modified": "2024-10-08T00:20:12.182758Z", + "name": "CVE-2024-9567", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9567" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09fe3bdb-9a54-4e15-a35f-1358ccd2cdce.json b/objects/vulnerability/vulnerability--09fe3bdb-9a54-4e15-a35f-1358ccd2cdce.json new file mode 100644 index 00000000000..4410e076ca9 --- /dev/null +++ b/objects/vulnerability/vulnerability--09fe3bdb-9a54-4e15-a35f-1358ccd2cdce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--365b2fc3-589b-414c-b077-319b8d180f9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09fe3bdb-9a54-4e15-a35f-1358ccd2cdce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.126455Z", + "modified": "2024-10-08T00:20:12.126455Z", + "name": "CVE-2024-45051", + "description": "Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45051" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b5ecd6e-d45a-4d18-a42e-a7acd38f2f64.json b/objects/vulnerability/vulnerability--0b5ecd6e-d45a-4d18-a42e-a7acd38f2f64.json new file mode 100644 index 00000000000..96dad665c71 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b5ecd6e-d45a-4d18-a42e-a7acd38f2f64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfb00b9d-d3a1-4f5e-8e76-4df7ea5a673e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b5ecd6e-d45a-4d18-a42e-a7acd38f2f64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.540769Z", + "modified": "2024-10-08T00:20:13.540769Z", + "name": "CVE-2024-46278", + "description": "Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0cf3cf97-a1fb-4b5f-8713-8b74d81c7578.json b/objects/vulnerability/vulnerability--0cf3cf97-a1fb-4b5f-8713-8b74d81c7578.json new file mode 100644 index 00000000000..76b32208a55 --- /dev/null +++ b/objects/vulnerability/vulnerability--0cf3cf97-a1fb-4b5f-8713-8b74d81c7578.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddfeab7b-4ae4-450a-bdf1-71dc075028b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0cf3cf97-a1fb-4b5f-8713-8b74d81c7578", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.217786Z", + "modified": "2024-10-08T00:20:13.217786Z", + "name": "CVE-2024-20097", + "description": "In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20097" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f4134c8-5188-406c-bcf0-e397662c4e79.json b/objects/vulnerability/vulnerability--0f4134c8-5188-406c-bcf0-e397662c4e79.json new file mode 100644 index 00000000000..7b300369689 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f4134c8-5188-406c-bcf0-e397662c4e79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f684055b-d2fd-430a-8edf-f96e98262fe8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f4134c8-5188-406c-bcf0-e397662c4e79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.207236Z", + "modified": "2024-10-08T00:20:13.207236Z", + "name": "CVE-2024-20101", + "description": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20101" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1042f9d4-829e-4d85-b1e1-ad6a9f5605fa.json b/objects/vulnerability/vulnerability--1042f9d4-829e-4d85-b1e1-ad6a9f5605fa.json new file mode 100644 index 00000000000..4f12aed63e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--1042f9d4-829e-4d85-b1e1-ad6a9f5605fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4cd9827-e338-4ded-b807-df5f8efe306f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1042f9d4-829e-4d85-b1e1-ad6a9f5605fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.168541Z", + "modified": "2024-10-08T00:20:12.168541Z", + "name": "CVE-2024-45291", + "description": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45291" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--111d7178-e333-4907-84b6-93bd3e140e57.json b/objects/vulnerability/vulnerability--111d7178-e333-4907-84b6-93bd3e140e57.json new file mode 100644 index 00000000000..64a182ede69 --- /dev/null +++ b/objects/vulnerability/vulnerability--111d7178-e333-4907-84b6-93bd3e140e57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22dd8e71-c7ef-47d3-96f9-71f21dd5314d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--111d7178-e333-4907-84b6-93bd3e140e57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.20502Z", + "modified": "2024-10-08T00:20:13.20502Z", + "name": "CVE-2024-20090", + "description": "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20090" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a3e5c37-f4c0-4cd3-ad42-58a9b08f3a59.json b/objects/vulnerability/vulnerability--1a3e5c37-f4c0-4cd3-ad42-58a9b08f3a59.json new file mode 100644 index 00000000000..987049e2b7e --- /dev/null +++ b/objects/vulnerability/vulnerability--1a3e5c37-f4c0-4cd3-ad42-58a9b08f3a59.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f761dbbf-f25b-4098-a1b8-57ffea38b3dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a3e5c37-f4c0-4cd3-ad42-58a9b08f3a59", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.36111Z", + "modified": "2024-10-08T00:20:12.36111Z", + "name": "CVE-2024-47772", + "description": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47772" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2290c864-9fc1-457c-b9a3-3eb2d4307292.json b/objects/vulnerability/vulnerability--2290c864-9fc1-457c-b9a3-3eb2d4307292.json new file mode 100644 index 00000000000..fdcf1708533 --- /dev/null +++ b/objects/vulnerability/vulnerability--2290c864-9fc1-457c-b9a3-3eb2d4307292.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6890771-a92d-42ce-a97c-911968ad9914", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2290c864-9fc1-457c-b9a3-3eb2d4307292", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.107495Z", + "modified": "2024-10-08T00:20:12.107495Z", + "name": "CVE-2024-45873", + "description": "A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45873" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--259cf6c8-0be1-4c0c-a08f-587d92a70b40.json b/objects/vulnerability/vulnerability--259cf6c8-0be1-4c0c-a08f-587d92a70b40.json new file mode 100644 index 00000000000..c3654051fac --- /dev/null +++ b/objects/vulnerability/vulnerability--259cf6c8-0be1-4c0c-a08f-587d92a70b40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a04a9443-f731-4a51-bee1-babfa2873611", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--259cf6c8-0be1-4c0c-a08f-587d92a70b40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.159177Z", + "modified": "2024-10-08T00:20:12.159177Z", + "name": "CVE-2024-45153", + "description": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45153" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2761cbfe-5110-4ff6-bcd0-dd4ef55ece4c.json b/objects/vulnerability/vulnerability--2761cbfe-5110-4ff6-bcd0-dd4ef55ece4c.json new file mode 100644 index 00000000000..f24e394bfb0 --- /dev/null +++ b/objects/vulnerability/vulnerability--2761cbfe-5110-4ff6-bcd0-dd4ef55ece4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8d116a0-ee49-4b5f-9bed-c917db65f574", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2761cbfe-5110-4ff6-bcd0-dd4ef55ece4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.049233Z", + "modified": "2024-10-08T00:20:13.049233Z", + "name": "CVE-2024-31228", + "description": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--290bab71-760d-46ca-af2c-08c6c7ccded1.json b/objects/vulnerability/vulnerability--290bab71-760d-46ca-af2c-08c6c7ccded1.json new file mode 100644 index 00000000000..f9639809a95 --- /dev/null +++ b/objects/vulnerability/vulnerability--290bab71-760d-46ca-af2c-08c6c7ccded1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a85b75fb-baf1-46fc-8b7d-dc78b9f5bbe0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--290bab71-760d-46ca-af2c-08c6c7ccded1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.360084Z", + "modified": "2024-10-08T00:20:12.360084Z", + "name": "CVE-2024-47556", + "description": "Pre-Auth RCE via Path Traversal", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47556" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2afb9a5e-ea03-4267-8a22-a20797c8598b.json b/objects/vulnerability/vulnerability--2afb9a5e-ea03-4267-8a22-a20797c8598b.json new file mode 100644 index 00000000000..fe461224d14 --- /dev/null +++ b/objects/vulnerability/vulnerability--2afb9a5e-ea03-4267-8a22-a20797c8598b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0793c28-6269-4d13-bf8a-4294757e0c49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2afb9a5e-ea03-4267-8a22-a20797c8598b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.111378Z", + "modified": "2024-10-08T00:20:12.111378Z", + "name": "CVE-2024-45293", + "description": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML encoding check to retrieve the input file's XML encoding in the toUtf8 function. The function searches for the XML encoding through a defined regex which looks for `encoding=\"*\"` and/or `encoding='*'`, if not found, it defaults to the UTF-8 encoding which bypasses the conversion logic. This logic can be used to pass a UTF-7 encoded XXE payload, by utilizing a whitespace before or after the = in the attribute definition. Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. This issue has been addressed in release versions 1.29.1, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45293" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f081804-fdcc-4387-9bd2-57d3940d08da.json b/objects/vulnerability/vulnerability--2f081804-fdcc-4387-9bd2-57d3940d08da.json new file mode 100644 index 00000000000..e61e25ced1a --- /dev/null +++ b/objects/vulnerability/vulnerability--2f081804-fdcc-4387-9bd2-57d3940d08da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--229fcc05-87cd-40e3-a88b-f84ae040e241", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f081804-fdcc-4387-9bd2-57d3940d08da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.747796Z", + "modified": "2024-10-08T00:20:12.747796Z", + "name": "CVE-2024-33049", + "description": "Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33049" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31753c48-19bc-48e4-a082-89175c1cf4aa.json b/objects/vulnerability/vulnerability--31753c48-19bc-48e4-a082-89175c1cf4aa.json new file mode 100644 index 00000000000..b45a54f6bad --- /dev/null +++ b/objects/vulnerability/vulnerability--31753c48-19bc-48e4-a082-89175c1cf4aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63561653-34be-421b-af54-45f8e63db297", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31753c48-19bc-48e4-a082-89175c1cf4aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.369675Z", + "modified": "2024-10-08T00:20:12.369675Z", + "name": "CVE-2024-47975", + "description": "Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47975" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39e0704c-6879-43f7-8be7-f673655dcb18.json b/objects/vulnerability/vulnerability--39e0704c-6879-43f7-8be7-f673655dcb18.json new file mode 100644 index 00000000000..77f5df3dbe9 --- /dev/null +++ b/objects/vulnerability/vulnerability--39e0704c-6879-43f7-8be7-f673655dcb18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fbb0586-dc31-4c45-b551-2c5ab8289b06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39e0704c-6879-43f7-8be7-f673655dcb18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.135028Z", + "modified": "2024-10-08T00:20:12.135028Z", + "name": "CVE-2024-45932", + "description": "Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45932" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f27e4b2-6de2-4e31-8559-f04fce208b79.json b/objects/vulnerability/vulnerability--3f27e4b2-6de2-4e31-8559-f04fce208b79.json new file mode 100644 index 00000000000..ad0182ccb1a --- /dev/null +++ b/objects/vulnerability/vulnerability--3f27e4b2-6de2-4e31-8559-f04fce208b79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc1bccfe-ac53-4df7-9093-1ad0971ecec0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f27e4b2-6de2-4e31-8559-f04fce208b79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.401612Z", + "modified": "2024-10-08T00:20:13.401612Z", + "name": "CVE-2024-23369", + "description": "Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f94cb6b-b9c5-46bc-9bf1-6f0393ae0643.json b/objects/vulnerability/vulnerability--3f94cb6b-b9c5-46bc-9bf1-6f0393ae0643.json new file mode 100644 index 00000000000..417d987b207 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f94cb6b-b9c5-46bc-9bf1-6f0393ae0643.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6972e65-823f-4cae-afb1-042b9b5f509e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f94cb6b-b9c5-46bc-9bf1-6f0393ae0643", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.141677Z", + "modified": "2024-10-08T00:20:12.141677Z", + "name": "CVE-2024-45297", + "description": "Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4131cf07-0000-4df1-9cef-e77edf620a73.json b/objects/vulnerability/vulnerability--4131cf07-0000-4df1-9cef-e77edf620a73.json new file mode 100644 index 00000000000..fd1a741538d --- /dev/null +++ b/objects/vulnerability/vulnerability--4131cf07-0000-4df1-9cef-e77edf620a73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a5beb48-da5f-44cd-8e80-eb28f277bf9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4131cf07-0000-4df1-9cef-e77edf620a73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.590655Z", + "modified": "2024-10-08T00:20:13.590655Z", + "name": "CVE-2024-42027", + "description": "The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42027" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41c7de25-f203-4e66-8020-029043c858ec.json b/objects/vulnerability/vulnerability--41c7de25-f203-4e66-8020-029043c858ec.json new file mode 100644 index 00000000000..9d8cdfb93d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--41c7de25-f203-4e66-8020-029043c858ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78dbfb37-c0e7-436e-81a5-e6b32cb9a9fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41c7de25-f203-4e66-8020-029043c858ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.208246Z", + "modified": "2024-10-08T00:20:14.208246Z", + "name": "CVE-2024-43363", + "description": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43363" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--431c7856-5905-48a4-81d8-2dfc9af46830.json b/objects/vulnerability/vulnerability--431c7856-5905-48a4-81d8-2dfc9af46830.json new file mode 100644 index 00000000000..65c45c290dd --- /dev/null +++ b/objects/vulnerability/vulnerability--431c7856-5905-48a4-81d8-2dfc9af46830.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d12ce309-e06a-4d76-ba3d-3ecd20883a3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--431c7856-5905-48a4-81d8-2dfc9af46830", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.365957Z", + "modified": "2024-10-08T00:20:12.365957Z", + "name": "CVE-2024-47817", + "description": "Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47817" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4710016c-f31b-45f5-b25e-ad620d926c4f.json b/objects/vulnerability/vulnerability--4710016c-f31b-45f5-b25e-ad620d926c4f.json new file mode 100644 index 00000000000..0366a79d594 --- /dev/null +++ b/objects/vulnerability/vulnerability--4710016c-f31b-45f5-b25e-ad620d926c4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5aa4978b-dd75-4bf2-bf12-c29e6227273e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4710016c-f31b-45f5-b25e-ad620d926c4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.030815Z", + "modified": "2024-10-08T00:20:13.030815Z", + "name": "CVE-2024-31227", + "description": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--486305a5-e2ed-4751-9c60-a7f73eb58e04.json b/objects/vulnerability/vulnerability--486305a5-e2ed-4751-9c60-a7f73eb58e04.json new file mode 100644 index 00000000000..c527546e8ff --- /dev/null +++ b/objects/vulnerability/vulnerability--486305a5-e2ed-4751-9c60-a7f73eb58e04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba64c680-a6a4-4b98-8c6d-2c48f21c3781", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--486305a5-e2ed-4751-9c60-a7f73eb58e04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.172644Z", + "modified": "2024-10-08T00:20:13.172644Z", + "name": "CVE-2024-20092", + "description": "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20092" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48e49591-dd2c-4411-a1e6-58c88e649260.json b/objects/vulnerability/vulnerability--48e49591-dd2c-4411-a1e6-58c88e649260.json new file mode 100644 index 00000000000..11f4429fe51 --- /dev/null +++ b/objects/vulnerability/vulnerability--48e49591-dd2c-4411-a1e6-58c88e649260.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c300844-f481-4ecd-b674-327ce3620358", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48e49591-dd2c-4411-a1e6-58c88e649260", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.381018Z", + "modified": "2024-10-08T00:20:12.381018Z", + "name": "CVE-2024-47974", + "description": "Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47974" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49eef9b8-bf7a-452f-87d1-5e514442f36e.json b/objects/vulnerability/vulnerability--49eef9b8-bf7a-452f-87d1-5e514442f36e.json new file mode 100644 index 00000000000..a9bae9b1add --- /dev/null +++ b/objects/vulnerability/vulnerability--49eef9b8-bf7a-452f-87d1-5e514442f36e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--860dfdc0-7bbf-4974-ac3d-df45c5812cda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49eef9b8-bf7a-452f-87d1-5e514442f36e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.845274Z", + "modified": "2024-10-08T00:20:12.845274Z", + "name": "CVE-2024-38425", + "description": "Information disclosure while sending implicit broadcast containing APP launch information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38425" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--508ed748-e8f9-4649-81a0-732491494962.json b/objects/vulnerability/vulnerability--508ed748-e8f9-4649-81a0-732491494962.json new file mode 100644 index 00000000000..af1399ae0be --- /dev/null +++ b/objects/vulnerability/vulnerability--508ed748-e8f9-4649-81a0-732491494962.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82dbde8b-3570-49aa-88b5-c41b9b624068", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--508ed748-e8f9-4649-81a0-732491494962", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.364166Z", + "modified": "2024-10-08T00:20:12.364166Z", + "name": "CVE-2024-47976", + "description": "Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5227fcea-dce6-4acb-84d3-fc99672e5d21.json b/objects/vulnerability/vulnerability--5227fcea-dce6-4acb-84d3-fc99672e5d21.json new file mode 100644 index 00000000000..8ceaea4b5c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5227fcea-dce6-4acb-84d3-fc99672e5d21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d0c832f-2bc1-4b0c-86d9-2c2cf3077a2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5227fcea-dce6-4acb-84d3-fc99672e5d21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.756807Z", + "modified": "2024-10-08T00:20:12.756807Z", + "name": "CVE-2024-33064", + "description": "Information disclosure while parsing the multiple MBSSID IEs from the beacon.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--543dead3-db48-42d3-bdcd-3f38427ce6a0.json b/objects/vulnerability/vulnerability--543dead3-db48-42d3-bdcd-3f38427ce6a0.json new file mode 100644 index 00000000000..121a22ebb01 --- /dev/null +++ b/objects/vulnerability/vulnerability--543dead3-db48-42d3-bdcd-3f38427ce6a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab280ac3-11ec-4936-a593-82552864a029", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--543dead3-db48-42d3-bdcd-3f38427ce6a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:23.59702Z", + "modified": "2024-10-08T00:20:23.59702Z", + "name": "CVE-2023-6362", + "description": "A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--572e6c53-59ca-4ada-8125-fec3e37956a8.json b/objects/vulnerability/vulnerability--572e6c53-59ca-4ada-8125-fec3e37956a8.json new file mode 100644 index 00000000000..24598b6a88a --- /dev/null +++ b/objects/vulnerability/vulnerability--572e6c53-59ca-4ada-8125-fec3e37956a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66e61ff4-3162-4378-bd38-50240a92b266", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--572e6c53-59ca-4ada-8125-fec3e37956a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.251575Z", + "modified": "2024-10-08T00:20:12.251575Z", + "name": "CVE-2024-9564", + "description": "A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5800001c-97da-44c1-b595-e40e8dab4e43.json b/objects/vulnerability/vulnerability--5800001c-97da-44c1-b595-e40e8dab4e43.json new file mode 100644 index 00000000000..d014ab476af --- /dev/null +++ b/objects/vulnerability/vulnerability--5800001c-97da-44c1-b595-e40e8dab4e43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d823260-70dc-4967-b062-1870adda997b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5800001c-97da-44c1-b595-e40e8dab4e43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.217092Z", + "modified": "2024-10-08T00:20:14.217092Z", + "name": "CVE-2024-43362", + "description": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c8764b0-2dcb-48e2-a187-81bd5a995fdd.json b/objects/vulnerability/vulnerability--5c8764b0-2dcb-48e2-a187-81bd5a995fdd.json new file mode 100644 index 00000000000..f415b39b828 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c8764b0-2dcb-48e2-a187-81bd5a995fdd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfd39926-efb2-461f-82eb-f4a5ad6d3d5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c8764b0-2dcb-48e2-a187-81bd5a995fdd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.766075Z", + "modified": "2024-10-08T00:20:12.766075Z", + "name": "CVE-2024-33071", + "description": "Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33071" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6147e57b-113d-48f3-9497-a59e7a8e1e42.json b/objects/vulnerability/vulnerability--6147e57b-113d-48f3-9497-a59e7a8e1e42.json new file mode 100644 index 00000000000..3e6f4b45019 --- /dev/null +++ b/objects/vulnerability/vulnerability--6147e57b-113d-48f3-9497-a59e7a8e1e42.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95f13347-9495-4827-ab0a-e89ea70260d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6147e57b-113d-48f3-9497-a59e7a8e1e42", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.253006Z", + "modified": "2024-10-08T00:20:12.253006Z", + "name": "CVE-2024-9568", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61fed9ec-7415-444e-ad81-79fcf9f6f2b4.json b/objects/vulnerability/vulnerability--61fed9ec-7415-444e-ad81-79fcf9f6f2b4.json new file mode 100644 index 00000000000..13c27cebc86 --- /dev/null +++ b/objects/vulnerability/vulnerability--61fed9ec-7415-444e-ad81-79fcf9f6f2b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10331e03-383c-4233-8e80-f986167705e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61fed9ec-7415-444e-ad81-79fcf9f6f2b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.124668Z", + "modified": "2024-10-08T00:20:12.124668Z", + "name": "CVE-2024-45933", + "description": "OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45933" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--682fc019-c0be-4182-ad71-4df069465dce.json b/objects/vulnerability/vulnerability--682fc019-c0be-4182-ad71-4df069465dce.json new file mode 100644 index 00000000000..aefa82057b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--682fc019-c0be-4182-ad71-4df069465dce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1870b2cb-1902-4b6d-a4cc-aaa95b84e200", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--682fc019-c0be-4182-ad71-4df069465dce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.248529Z", + "modified": "2024-10-08T00:20:12.248529Z", + "name": "CVE-2024-9570", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9570" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--686ce635-f690-4360-aaf5-8abbbde84ab4.json b/objects/vulnerability/vulnerability--686ce635-f690-4360-aaf5-8abbbde84ab4.json new file mode 100644 index 00000000000..68c49c72781 --- /dev/null +++ b/objects/vulnerability/vulnerability--686ce635-f690-4360-aaf5-8abbbde84ab4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b460391e-e8da-4210-895e-0c638ec68d39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--686ce635-f690-4360-aaf5-8abbbde84ab4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.187167Z", + "modified": "2024-10-08T00:20:12.187167Z", + "name": "CVE-2024-9569", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--688b4102-4a46-41be-ae69-9c2c4130f66f.json b/objects/vulnerability/vulnerability--688b4102-4a46-41be-ae69-9c2c4130f66f.json new file mode 100644 index 00000000000..6e0c90d9ca5 --- /dev/null +++ b/objects/vulnerability/vulnerability--688b4102-4a46-41be-ae69-9c2c4130f66f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41f8e8c6-4dd9-4eb2-9fa6-3f04f589942a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--688b4102-4a46-41be-ae69-9c2c4130f66f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.318979Z", + "modified": "2024-10-08T00:20:12.318979Z", + "name": "CVE-2024-47968", + "description": "Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d30b9de-94ef-491e-9845-239b66a82575.json b/objects/vulnerability/vulnerability--6d30b9de-94ef-491e-9845-239b66a82575.json new file mode 100644 index 00000000000..201061ba612 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d30b9de-94ef-491e-9845-239b66a82575.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c52a7d44-5b54-4b36-9ba6-9d505458f99a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d30b9de-94ef-491e-9845-239b66a82575", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.23979Z", + "modified": "2024-10-08T00:20:12.23979Z", + "name": "CVE-2024-9571", + "description": "Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ed57efe-0f83-4151-a8e5-fbb335d376f3.json b/objects/vulnerability/vulnerability--6ed57efe-0f83-4151-a8e5-fbb335d376f3.json new file mode 100644 index 00000000000..ee9d26d7746 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ed57efe-0f83-4151-a8e5-fbb335d376f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0b6a84d-7320-43e8-b984-7e00e409ffd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ed57efe-0f83-4151-a8e5-fbb335d376f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.169922Z", + "modified": "2024-10-08T00:20:13.169922Z", + "name": "CVE-2024-20094", + "description": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70d406a5-c352-41e6-a316-a3e981bdcdfe.json b/objects/vulnerability/vulnerability--70d406a5-c352-41e6-a316-a3e981bdcdfe.json new file mode 100644 index 00000000000..eecd39e2167 --- /dev/null +++ b/objects/vulnerability/vulnerability--70d406a5-c352-41e6-a316-a3e981bdcdfe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b08de12-f5fd-4d39-8af0-d958258d8164", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70d406a5-c352-41e6-a316-a3e981bdcdfe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.121531Z", + "modified": "2024-10-08T00:20:12.121531Z", + "name": "CVE-2024-45060", + "description": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in `45_Quadratic_equation_solver.php` concatenates the user supplied parameters directly into spreadsheet formulas. This allows an attacker to take control over the formula and output unsanitized data into the page, resulting in JavaScript execution. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--748264ca-0883-42dc-ade4-a335069b0b43.json b/objects/vulnerability/vulnerability--748264ca-0883-42dc-ade4-a335069b0b43.json new file mode 100644 index 00000000000..8d5da8409e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--748264ca-0883-42dc-ade4-a335069b0b43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--242c3f21-b83d-41e5-89f4-14f13bfb54c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--748264ca-0883-42dc-ade4-a335069b0b43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.594523Z", + "modified": "2024-10-08T00:20:13.594523Z", + "name": "CVE-2024-42831", + "description": "A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74ba7c74-72ed-474a-876a-0e6a3c40a015.json b/objects/vulnerability/vulnerability--74ba7c74-72ed-474a-876a-0e6a3c40a015.json new file mode 100644 index 00000000000..80a88ffa45b --- /dev/null +++ b/objects/vulnerability/vulnerability--74ba7c74-72ed-474a-876a-0e6a3c40a015.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91980b06-4b67-4ff3-9b3c-d58640a781dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74ba7c74-72ed-474a-876a-0e6a3c40a015", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.32414Z", + "modified": "2024-10-08T00:20:12.32414Z", + "name": "CVE-2024-47558", + "description": "Authenticated RCE via Path Traversal", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7633eee5-565b-4139-a5a3-91917e111943.json b/objects/vulnerability/vulnerability--7633eee5-565b-4139-a5a3-91917e111943.json new file mode 100644 index 00000000000..a5730b325e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7633eee5-565b-4139-a5a3-91917e111943.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a01fa0a-3b04-4f0b-a13d-00710fb2de6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7633eee5-565b-4139-a5a3-91917e111943", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.340583Z", + "modified": "2024-10-08T00:20:12.340583Z", + "name": "CVE-2024-47814", + "description": "Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47814" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76fc583d-8669-4379-8593-50fb75ad6d1b.json b/objects/vulnerability/vulnerability--76fc583d-8669-4379-8593-50fb75ad6d1b.json new file mode 100644 index 00000000000..15000ba2cd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--76fc583d-8669-4379-8593-50fb75ad6d1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47b10fc9-7d5b-4753-9718-986bacc73f5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76fc583d-8669-4379-8593-50fb75ad6d1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.720781Z", + "modified": "2024-10-08T00:20:12.720781Z", + "name": "CVE-2024-33065", + "description": "Memory corruption while taking snapshot when an offset variable is set by camera driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33065" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ba83fd4-3410-4a79-b4f0-5e43a4349e11.json b/objects/vulnerability/vulnerability--7ba83fd4-3410-4a79-b4f0-5e43a4349e11.json new file mode 100644 index 00000000000..9400e2e9316 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ba83fd4-3410-4a79-b4f0-5e43a4349e11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1e3beab-364f-4082-bd36-409f35f6aac0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ba83fd4-3410-4a79-b4f0-5e43a4349e11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.362231Z", + "modified": "2024-10-08T00:20:13.362231Z", + "name": "CVE-2024-23374", + "description": "Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d2da7d1-862c-4fd1-8df5-d2a45db7402e.json b/objects/vulnerability/vulnerability--7d2da7d1-862c-4fd1-8df5-d2a45db7402e.json new file mode 100644 index 00000000000..a0ece2d2916 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d2da7d1-862c-4fd1-8df5-d2a45db7402e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7edb543-e89d-4f73-a098-816e64634aac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d2da7d1-862c-4fd1-8df5-d2a45db7402e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.419214Z", + "modified": "2024-10-08T00:20:13.419214Z", + "name": "CVE-2024-23375", + "description": "Memory corruption during the network scan request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23375" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d2ed6a5-1039-4bba-a2d7-fe88d2c3075f.json b/objects/vulnerability/vulnerability--7d2ed6a5-1039-4bba-a2d7-fe88d2c3075f.json new file mode 100644 index 00000000000..307df066f2a --- /dev/null +++ b/objects/vulnerability/vulnerability--7d2ed6a5-1039-4bba-a2d7-fe88d2c3075f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72a03eed-2d10-499e-8b2f-ad4a2f9a91cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d2ed6a5-1039-4bba-a2d7-fe88d2c3075f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.769026Z", + "modified": "2024-10-08T00:20:12.769026Z", + "name": "CVE-2024-33073", + "description": "Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d5989ef-cc7f-4c3f-8c54-9c6d197a576a.json b/objects/vulnerability/vulnerability--7d5989ef-cc7f-4c3f-8c54-9c6d197a576a.json new file mode 100644 index 00000000000..9bd1bbdb92d --- /dev/null +++ b/objects/vulnerability/vulnerability--7d5989ef-cc7f-4c3f-8c54-9c6d197a576a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7cb2101-ba4b-4fdc-ab61-e1e6ab558582", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d5989ef-cc7f-4c3f-8c54-9c6d197a576a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.176802Z", + "modified": "2024-10-08T00:20:13.176802Z", + "name": "CVE-2024-20096", + "description": "In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--810574e7-8f85-4016-84d6-3041d4112323.json b/objects/vulnerability/vulnerability--810574e7-8f85-4016-84d6-3041d4112323.json new file mode 100644 index 00000000000..580facb4b1d --- /dev/null +++ b/objects/vulnerability/vulnerability--810574e7-8f85-4016-84d6-3041d4112323.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--165a11b7-c99a-4e98-8e81-67ccb5640c9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--810574e7-8f85-4016-84d6-3041d4112323", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.154695Z", + "modified": "2024-10-08T00:20:12.154695Z", + "name": "CVE-2024-45894", + "description": "BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45894" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8162c684-bc8c-4548-9233-201c310233c3.json b/objects/vulnerability/vulnerability--8162c684-bc8c-4548-9233-201c310233c3.json new file mode 100644 index 00000000000..1cf93d9d22d --- /dev/null +++ b/objects/vulnerability/vulnerability--8162c684-bc8c-4548-9233-201c310233c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ae96c16-b25f-438a-8f13-ea4aa536ee96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8162c684-bc8c-4548-9233-201c310233c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.924002Z", + "modified": "2024-10-08T00:20:13.924002Z", + "name": "CVE-2024-28710", + "description": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28710" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84fb243a-e570-4322-bfb5-314d0fc90cd0.json b/objects/vulnerability/vulnerability--84fb243a-e570-4322-bfb5-314d0fc90cd0.json new file mode 100644 index 00000000000..2b67d6c9fbd --- /dev/null +++ b/objects/vulnerability/vulnerability--84fb243a-e570-4322-bfb5-314d0fc90cd0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60b926d8-e741-4907-93af-9a8ab40bb2f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84fb243a-e570-4322-bfb5-314d0fc90cd0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.180801Z", + "modified": "2024-10-08T00:20:12.180801Z", + "name": "CVE-2024-9576", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8597ee95-6463-472d-be8b-b10e0bb5d6f6.json b/objects/vulnerability/vulnerability--8597ee95-6463-472d-be8b-b10e0bb5d6f6.json new file mode 100644 index 00000000000..d80c69dfd1e --- /dev/null +++ b/objects/vulnerability/vulnerability--8597ee95-6463-472d-be8b-b10e0bb5d6f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--caf0c63e-b481-4252-883f-c28253669c55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8597ee95-6463-472d-be8b-b10e0bb5d6f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.226467Z", + "modified": "2024-10-08T00:20:12.226467Z", + "name": "CVE-2024-9573", + "description": "SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9573" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--881ada79-dc03-461d-a08e-d40f32e70b0d.json b/objects/vulnerability/vulnerability--881ada79-dc03-461d-a08e-d40f32e70b0d.json new file mode 100644 index 00000000000..9adfa711213 --- /dev/null +++ b/objects/vulnerability/vulnerability--881ada79-dc03-461d-a08e-d40f32e70b0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--703de8fe-ecac-47e7-81ef-9659f8d31291", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--881ada79-dc03-461d-a08e-d40f32e70b0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.650749Z", + "modified": "2024-10-08T00:20:12.650749Z", + "name": "CVE-2024-44674", + "description": "D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89f111aa-b9da-416d-aca1-06c45bf00d05.json b/objects/vulnerability/vulnerability--89f111aa-b9da-416d-aca1-06c45bf00d05.json new file mode 100644 index 00000000000..2f396d17b02 --- /dev/null +++ b/objects/vulnerability/vulnerability--89f111aa-b9da-416d-aca1-06c45bf00d05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91a11072-d89c-44f8-9cc3-bed200d1cc62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89f111aa-b9da-416d-aca1-06c45bf00d05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.375127Z", + "modified": "2024-10-08T00:20:12.375127Z", + "name": "CVE-2024-47818", + "description": "Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a61809a-9e77-4116-8b87-8127d7972c1e.json b/objects/vulnerability/vulnerability--8a61809a-9e77-4116-8b87-8127d7972c1e.json new file mode 100644 index 00000000000..21dbaa01d70 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a61809a-9e77-4116-8b87-8127d7972c1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7c79ca2-203a-4420-a078-9a909a4a22da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a61809a-9e77-4116-8b87-8127d7972c1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.201986Z", + "modified": "2024-10-08T00:20:13.201986Z", + "name": "CVE-2024-20091", + "description": "In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20091" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8afdd32c-b191-4434-b553-d89a857b8fd7.json b/objects/vulnerability/vulnerability--8afdd32c-b191-4434-b553-d89a857b8fd7.json new file mode 100644 index 00000000000..04d69be796a --- /dev/null +++ b/objects/vulnerability/vulnerability--8afdd32c-b191-4434-b553-d89a857b8fd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9624c4ab-12c0-4db1-8bb1-6881ddea92fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8afdd32c-b191-4434-b553-d89a857b8fd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:23.587103Z", + "modified": "2024-10-08T00:20:23.587103Z", + "name": "CVE-2023-6361", + "description": "A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6361" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c8cdb20-dc66-434a-bb8f-f51b41817cd8.json b/objects/vulnerability/vulnerability--8c8cdb20-dc66-434a-bb8f-f51b41817cd8.json new file mode 100644 index 00000000000..e1a258a09d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c8cdb20-dc66-434a-bb8f-f51b41817cd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a5620bf-4d79-4bc4-9072-0216c9e655a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c8cdb20-dc66-434a-bb8f-f51b41817cd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.374128Z", + "modified": "2024-10-08T00:20:12.374128Z", + "name": "CVE-2024-47969", + "description": "Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fb2bc1d-49c8-402f-acf9-8ba11c0c2c73.json b/objects/vulnerability/vulnerability--8fb2bc1d-49c8-402f-acf9-8ba11c0c2c73.json new file mode 100644 index 00000000000..b66d51307cd --- /dev/null +++ b/objects/vulnerability/vulnerability--8fb2bc1d-49c8-402f-acf9-8ba11c0c2c73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c56b522d-b947-4849-b64b-48ad20a6d96b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fb2bc1d-49c8-402f-acf9-8ba11c0c2c73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.858998Z", + "modified": "2024-10-08T00:20:12.858998Z", + "name": "CVE-2024-38399", + "description": "Memory corruption while processing user packets to generate page faults.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38399" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c102962-1bea-47ca-810b-67a99cacce0e.json b/objects/vulnerability/vulnerability--9c102962-1bea-47ca-810b-67a99cacce0e.json new file mode 100644 index 00000000000..9db6f008100 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c102962-1bea-47ca-810b-67a99cacce0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb082d0b-984f-4d71-ac2a-b6730c603936", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c102962-1bea-47ca-810b-67a99cacce0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.342483Z", + "modified": "2024-10-08T00:20:12.342483Z", + "name": "CVE-2024-47971", + "description": "Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fd3c846-eafc-4dbb-aa24-a33ebd582608.json b/objects/vulnerability/vulnerability--9fd3c846-eafc-4dbb-aa24-a33ebd582608.json new file mode 100644 index 00000000000..029085faf92 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fd3c846-eafc-4dbb-aa24-a33ebd582608.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--965d5982-1829-4334-a3b2-af93cd4febe9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fd3c846-eafc-4dbb-aa24-a33ebd582608", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.542832Z", + "modified": "2024-10-08T00:20:13.542832Z", + "name": "CVE-2024-46041", + "description": "IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46041" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a16afd5f-a0c6-4df7-87c0-f8dd166524e3.json b/objects/vulnerability/vulnerability--a16afd5f-a0c6-4df7-87c0-f8dd166524e3.json new file mode 100644 index 00000000000..08dff62cb89 --- /dev/null +++ b/objects/vulnerability/vulnerability--a16afd5f-a0c6-4df7-87c0-f8dd166524e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d95e89c1-f314-41e4-a075-5667f5de7668", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a16afd5f-a0c6-4df7-87c0-f8dd166524e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.146295Z", + "modified": "2024-10-08T00:20:13.146295Z", + "name": "CVE-2024-21455", + "description": "Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21455" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a221efd7-b878-4ff7-92ac-f355632aab05.json b/objects/vulnerability/vulnerability--a221efd7-b878-4ff7-92ac-f355632aab05.json new file mode 100644 index 00000000000..de77c82789f --- /dev/null +++ b/objects/vulnerability/vulnerability--a221efd7-b878-4ff7-92ac-f355632aab05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e490770-b7aa-40dc-af93-c6eb6b8078e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a221efd7-b878-4ff7-92ac-f355632aab05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.367025Z", + "modified": "2024-10-08T00:20:12.367025Z", + "name": "CVE-2024-47335", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a489275a-5fd6-46ae-8cbc-5c0bdf7ef540.json b/objects/vulnerability/vulnerability--a489275a-5fd6-46ae-8cbc-5c0bdf7ef540.json new file mode 100644 index 00000000000..88065040c06 --- /dev/null +++ b/objects/vulnerability/vulnerability--a489275a-5fd6-46ae-8cbc-5c0bdf7ef540.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b98f4d2-00c2-4b64-9c5e-fb6e2089b4bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a489275a-5fd6-46ae-8cbc-5c0bdf7ef540", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.356602Z", + "modified": "2024-10-08T00:20:12.356602Z", + "name": "CVE-2024-47610", + "description": "InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed as follows: 1. HTML sanitization has been enabled in the front-end markdown rendering library - `easymde`. 2. Stored markdown is also validated on the backend, to ensure that malicious markdown is not stored in the database. These changes are available in release versions 0.16.5 and later. All users are advised to upgrade. There are no workarounds, an update is required to get the new validation functions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab9b4c85-cacf-4755-a3ca-063b95263ae6.json b/objects/vulnerability/vulnerability--ab9b4c85-cacf-4755-a3ca-063b95263ae6.json new file mode 100644 index 00000000000..f02e2fa243d --- /dev/null +++ b/objects/vulnerability/vulnerability--ab9b4c85-cacf-4755-a3ca-063b95263ae6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fae6086-0b48-47fd-b44a-305398724c02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab9b4c85-cacf-4755-a3ca-063b95263ae6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.571639Z", + "modified": "2024-10-08T00:20:13.571639Z", + "name": "CVE-2024-46446", + "description": "Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46446" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad6f973f-ee2a-4f6d-bc50-26b9528f29e9.json b/objects/vulnerability/vulnerability--ad6f973f-ee2a-4f6d-bc50-26b9528f29e9.json new file mode 100644 index 00000000000..2e6b12a2463 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad6f973f-ee2a-4f6d-bc50-26b9528f29e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b30c364-e384-4a45-abee-174562821ed4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad6f973f-ee2a-4f6d-bc50-26b9528f29e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.582362Z", + "modified": "2024-10-08T00:20:13.582362Z", + "name": "CVE-2024-46300", + "description": "itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad77334d-8834-4611-9eae-b73b2d592bc2.json b/objects/vulnerability/vulnerability--ad77334d-8834-4611-9eae-b73b2d592bc2.json new file mode 100644 index 00000000000..40a65858723 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad77334d-8834-4611-9eae-b73b2d592bc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0882e0e5-fc7c-47dd-9e84-47b6ebf12ab7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad77334d-8834-4611-9eae-b73b2d592bc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.536208Z", + "modified": "2024-10-08T00:20:13.536208Z", + "name": "CVE-2024-46325", + "description": "TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae56355c-92ac-4bb8-a805-e92f695d02a2.json b/objects/vulnerability/vulnerability--ae56355c-92ac-4bb8-a805-e92f695d02a2.json new file mode 100644 index 00000000000..f12d2d3f241 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae56355c-92ac-4bb8-a805-e92f695d02a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0968038e-957d-4481-9f06-c5a280ee992b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae56355c-92ac-4bb8-a805-e92f695d02a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.584109Z", + "modified": "2024-10-08T00:20:13.584109Z", + "name": "CVE-2024-46076", + "description": "RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46076" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b13ea625-c5ce-4935-9bcd-521d0f1c7639.json b/objects/vulnerability/vulnerability--b13ea625-c5ce-4935-9bcd-521d0f1c7639.json new file mode 100644 index 00000000000..01055a18eb3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b13ea625-c5ce-4935-9bcd-521d0f1c7639.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93dafa9b-3dc2-4992-a36c-e5b38d100145", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b13ea625-c5ce-4935-9bcd-521d0f1c7639", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.052819Z", + "modified": "2024-10-08T00:20:13.052819Z", + "name": "CVE-2024-31449", + "description": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31449" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1b3061b-b837-4824-bfa7-d92455e6e571.json b/objects/vulnerability/vulnerability--b1b3061b-b837-4824-bfa7-d92455e6e571.json new file mode 100644 index 00000000000..60248972284 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1b3061b-b837-4824-bfa7-d92455e6e571.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d5b303b-7998-4da7-8779-172a2507df4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1b3061b-b837-4824-bfa7-d92455e6e571", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.382954Z", + "modified": "2024-10-08T00:20:12.382954Z", + "name": "CVE-2024-47782", + "description": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3a5a903-a67c-4416-aa0a-e650c2bb6ba3.json b/objects/vulnerability/vulnerability--b3a5a903-a67c-4416-aa0a-e650c2bb6ba3.json new file mode 100644 index 00000000000..178b4ac18c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3a5a903-a67c-4416-aa0a-e650c2bb6ba3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e99e5c43-93eb-404a-87bb-6531a61299e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3a5a903-a67c-4416-aa0a-e650c2bb6ba3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.203061Z", + "modified": "2024-10-08T00:20:13.203061Z", + "name": "CVE-2024-20095", + "description": "In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20095" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b42082f9-ff85-4680-a504-812d321f777d.json b/objects/vulnerability/vulnerability--b42082f9-ff85-4680-a504-812d321f777d.json new file mode 100644 index 00000000000..fe0394b2982 --- /dev/null +++ b/objects/vulnerability/vulnerability--b42082f9-ff85-4680-a504-812d321f777d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8da92548-083e-40e1-9610-19fcf1c8e0bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b42082f9-ff85-4680-a504-812d321f777d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.325757Z", + "modified": "2024-10-08T00:20:12.325757Z", + "name": "CVE-2024-47781", + "description": "CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b89c73f7-f100-457d-a1cf-3169c6c7db4c.json b/objects/vulnerability/vulnerability--b89c73f7-f100-457d-a1cf-3169c6c7db4c.json new file mode 100644 index 00000000000..f0734f2358a --- /dev/null +++ b/objects/vulnerability/vulnerability--b89c73f7-f100-457d-a1cf-3169c6c7db4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7066e346-154f-48ff-8ebd-3f98af4d71fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b89c73f7-f100-457d-a1cf-3169c6c7db4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.385508Z", + "modified": "2024-10-08T00:20:13.385508Z", + "name": "CVE-2024-23379", + "description": "Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23379" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--baddbe05-c786-45e0-817d-5f7895933d19.json b/objects/vulnerability/vulnerability--baddbe05-c786-45e0-817d-5f7895933d19.json new file mode 100644 index 00000000000..8f2bdcef1fb --- /dev/null +++ b/objects/vulnerability/vulnerability--baddbe05-c786-45e0-817d-5f7895933d19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f20e251-5c3d-4f9c-b049-17ec313c3a93", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--baddbe05-c786-45e0-817d-5f7895933d19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.746662Z", + "modified": "2024-10-08T00:20:12.746662Z", + "name": "CVE-2024-33066", + "description": "Memory corruption while redirecting log file to any file location with any file name.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bafcfc19-9290-4168-9c12-d6cf7a8d289d.json b/objects/vulnerability/vulnerability--bafcfc19-9290-4168-9c12-d6cf7a8d289d.json new file mode 100644 index 00000000000..a7a837d654b --- /dev/null +++ b/objects/vulnerability/vulnerability--bafcfc19-9290-4168-9c12-d6cf7a8d289d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fe4aa4f-4702-438d-b064-d919bc4d81e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bafcfc19-9290-4168-9c12-d6cf7a8d289d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.331126Z", + "modified": "2024-10-08T00:20:12.331126Z", + "name": "CVE-2024-47557", + "description": "Pre-Auth RCE via Path Traversal", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0c8b4cf-3dd3-4c73-8763-2d06abce2879.json b/objects/vulnerability/vulnerability--c0c8b4cf-3dd3-4c73-8763-2d06abce2879.json new file mode 100644 index 00000000000..ef72753cdd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0c8b4cf-3dd3-4c73-8763-2d06abce2879.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab36eb8b-5f1f-494d-8981-1f16aac2787a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0c8b4cf-3dd3-4c73-8763-2d06abce2879", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.237355Z", + "modified": "2024-10-08T00:20:13.237355Z", + "name": "CVE-2024-20103", + "description": "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2a88a1e-8c16-46d3-b52c-fa6bec03d748.json b/objects/vulnerability/vulnerability--c2a88a1e-8c16-46d3-b52c-fa6bec03d748.json new file mode 100644 index 00000000000..3e8b934580e --- /dev/null +++ b/objects/vulnerability/vulnerability--c2a88a1e-8c16-46d3-b52c-fa6bec03d748.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40b33edd-d375-40c5-96db-a04594603195", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2a88a1e-8c16-46d3-b52c-fa6bec03d748", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.350547Z", + "modified": "2024-10-08T00:20:12.350547Z", + "name": "CVE-2024-47972", + "description": "Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47972" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4e47816-a8fe-48a5-b1b8-9f9ebbc430aa.json b/objects/vulnerability/vulnerability--c4e47816-a8fe-48a5-b1b8-9f9ebbc430aa.json new file mode 100644 index 00000000000..9f9eab9490b --- /dev/null +++ b/objects/vulnerability/vulnerability--c4e47816-a8fe-48a5-b1b8-9f9ebbc430aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f21f64a7-b173-41e5-946d-c52355cd5cca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4e47816-a8fe-48a5-b1b8-9f9ebbc430aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.36927Z", + "modified": "2024-10-08T00:20:13.36927Z", + "name": "CVE-2024-23370", + "description": "Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbdab172-fec5-4e97-9e47-13aec442b33d.json b/objects/vulnerability/vulnerability--cbdab172-fec5-4e97-9e47-13aec442b33d.json new file mode 100644 index 00000000000..86193ff4c1b --- /dev/null +++ b/objects/vulnerability/vulnerability--cbdab172-fec5-4e97-9e47-13aec442b33d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef5aa1bc-5bfa-485a-8d15-57dca68b4d84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbdab172-fec5-4e97-9e47-13aec442b33d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.188207Z", + "modified": "2024-10-08T00:20:12.188207Z", + "name": "CVE-2024-9572", + "description": "Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc339f92-6815-4aeb-9b2f-e5d10cf1cb15.json b/objects/vulnerability/vulnerability--cc339f92-6815-4aeb-9b2f-e5d10cf1cb15.json new file mode 100644 index 00000000000..05cf8845067 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc339f92-6815-4aeb-9b2f-e5d10cf1cb15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95f4c3ba-3773-42d1-9d85-7c44cf129904", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc339f92-6815-4aeb-9b2f-e5d10cf1cb15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.171705Z", + "modified": "2024-10-08T00:20:12.171705Z", + "name": "CVE-2024-45874", + "description": "A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45874" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce5d6de7-b760-4037-885e-89abdc1d0166.json b/objects/vulnerability/vulnerability--ce5d6de7-b760-4037-885e-89abdc1d0166.json new file mode 100644 index 00000000000..840e8d2022c --- /dev/null +++ b/objects/vulnerability/vulnerability--ce5d6de7-b760-4037-885e-89abdc1d0166.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c719541-2cb8-4b48-b92e-bbf9be083d7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce5d6de7-b760-4037-885e-89abdc1d0166", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.148923Z", + "modified": "2024-10-08T00:20:12.148923Z", + "name": "CVE-2024-45292", + "description": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\\PhpOffice\\PhpSpreadsheet\\Writer\\Html` does not sanitize \"javascript:\" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfe5403c-dcb9-4e57-a6b9-1ac392b5565a.json b/objects/vulnerability/vulnerability--cfe5403c-dcb9-4e57-a6b9-1ac392b5565a.json new file mode 100644 index 00000000000..917e570959b --- /dev/null +++ b/objects/vulnerability/vulnerability--cfe5403c-dcb9-4e57-a6b9-1ac392b5565a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4dd17abb-9709-4eb0-93ce-44ff615c0762", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfe5403c-dcb9-4e57-a6b9-1ac392b5565a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.129883Z", + "modified": "2024-10-08T00:20:12.129883Z", + "name": "CVE-2024-45919", + "description": "A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45919" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d17fc2ba-1091-42d1-863b-d225b4743583.json b/objects/vulnerability/vulnerability--d17fc2ba-1091-42d1-863b-d225b4743583.json new file mode 100644 index 00000000000..c9f60b3c11e --- /dev/null +++ b/objects/vulnerability/vulnerability--d17fc2ba-1091-42d1-863b-d225b4743583.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcd6071b-4cda-44f6-aefd-26cc171f87da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d17fc2ba-1091-42d1-863b-d225b4743583", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.185088Z", + "modified": "2024-10-08T00:20:12.185088Z", + "name": "CVE-2024-9565", + "description": "A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9565" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d24c7798-296c-4fb0-8995-9095ae22ec16.json b/objects/vulnerability/vulnerability--d24c7798-296c-4fb0-8995-9095ae22ec16.json new file mode 100644 index 00000000000..14a957143aa --- /dev/null +++ b/objects/vulnerability/vulnerability--d24c7798-296c-4fb0-8995-9095ae22ec16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23f1d201-6e1b-41be-8a04-0ab07bcea79c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d24c7798-296c-4fb0-8995-9095ae22ec16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.723897Z", + "modified": "2024-10-08T00:20:12.723897Z", + "name": "CVE-2024-33070", + "description": "Transient DOS while parsing ESP IE from beacon/probe response frame.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33070" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d678eb92-77fe-475f-b58a-2fc8b515c3ba.json b/objects/vulnerability/vulnerability--d678eb92-77fe-475f-b58a-2fc8b515c3ba.json new file mode 100644 index 00000000000..cb654a0db0d --- /dev/null +++ b/objects/vulnerability/vulnerability--d678eb92-77fe-475f-b58a-2fc8b515c3ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbaf50f0-cfd4-4efa-a407-1703aa23f3f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d678eb92-77fe-475f-b58a-2fc8b515c3ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.348031Z", + "modified": "2024-10-08T00:20:12.348031Z", + "name": "CVE-2024-47079", + "description": "Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47079" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6d39503-cc55-4767-8bfa-6d4925085b71.json b/objects/vulnerability/vulnerability--d6d39503-cc55-4767-8bfa-6d4925085b71.json new file mode 100644 index 00000000000..dcf52bc78e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d6d39503-cc55-4767-8bfa-6d4925085b71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1aca6c51-c33f-41ec-a625-4f038eafaf65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6d39503-cc55-4767-8bfa-6d4925085b71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.37684Z", + "modified": "2024-10-08T00:20:12.37684Z", + "name": "CVE-2024-47555", + "description": "Missing Authentication - User & System Configuration", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47555" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6dc205c-09b5-41d2-976d-10d8fac4982c.json b/objects/vulnerability/vulnerability--d6dc205c-09b5-41d2-976d-10d8fac4982c.json new file mode 100644 index 00000000000..bb792c62509 --- /dev/null +++ b/objects/vulnerability/vulnerability--d6dc205c-09b5-41d2-976d-10d8fac4982c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f2616c8-dc89-442d-9ab4-ab1b4ef6af20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6dc205c-09b5-41d2-976d-10d8fac4982c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.178859Z", + "modified": "2024-10-08T00:20:12.178859Z", + "name": "CVE-2024-9566", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7f21ab1-399f-4eb3-9d3e-af9d3ff2d35a.json b/objects/vulnerability/vulnerability--d7f21ab1-399f-4eb3-9d3e-af9d3ff2d35a.json new file mode 100644 index 00000000000..75cdd95b960 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7f21ab1-399f-4eb3-9d3e-af9d3ff2d35a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edaa4e0d-8f05-43c0-b44d-faaa4840bcff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7f21ab1-399f-4eb3-9d3e-af9d3ff2d35a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.847206Z", + "modified": "2024-10-08T00:20:12.847206Z", + "name": "CVE-2024-38397", + "description": "Transient DOS while parsing probe response and assoc response frame.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38397" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc3b8a20-31f3-4fbd-bcc7-3cad9816c074.json b/objects/vulnerability/vulnerability--dc3b8a20-31f3-4fbd-bcc7-3cad9816c074.json new file mode 100644 index 00000000000..f3f9e4f401b --- /dev/null +++ b/objects/vulnerability/vulnerability--dc3b8a20-31f3-4fbd-bcc7-3cad9816c074.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3de2f25e-2afe-41ce-9ea7-0a748399c623", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc3b8a20-31f3-4fbd-bcc7-3cad9816c074", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.238771Z", + "modified": "2024-10-08T00:20:13.238771Z", + "name": "CVE-2024-20093", + "description": "In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd2003e3-ded4-4d0e-a26e-c3881d272305.json b/objects/vulnerability/vulnerability--dd2003e3-ded4-4d0e-a26e-c3881d272305.json new file mode 100644 index 00000000000..35be8257bce --- /dev/null +++ b/objects/vulnerability/vulnerability--dd2003e3-ded4-4d0e-a26e-c3881d272305.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6dad3c3-8274-4b6b-94be-05a8888e594b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd2003e3-ded4-4d0e-a26e-c3881d272305", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.917529Z", + "modified": "2024-10-08T00:20:13.917529Z", + "name": "CVE-2024-28709", + "description": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--deda5bc3-ef17-4b61-bc96-211d2a05238f.json b/objects/vulnerability/vulnerability--deda5bc3-ef17-4b61-bc96-211d2a05238f.json new file mode 100644 index 00000000000..5850b026be6 --- /dev/null +++ b/objects/vulnerability/vulnerability--deda5bc3-ef17-4b61-bc96-211d2a05238f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10edde84-ad71-4b58-a87b-2fc36dc561bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--deda5bc3-ef17-4b61-bc96-211d2a05238f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.413825Z", + "modified": "2024-10-08T00:20:13.413825Z", + "name": "CVE-2024-23378", + "description": "Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23378" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dff8e74b-95b2-4471-a473-4a5d037d727e.json b/objects/vulnerability/vulnerability--dff8e74b-95b2-4471-a473-4a5d037d727e.json new file mode 100644 index 00000000000..930d9ec65a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--dff8e74b-95b2-4471-a473-4a5d037d727e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad5929f2-47d1-4e45-a1e4-f8e50292d119", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dff8e74b-95b2-4471-a473-4a5d037d727e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.328793Z", + "modified": "2024-10-08T00:20:12.328793Z", + "name": "CVE-2024-47973", + "description": "In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47973" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1911a5b-3379-4725-bea9-846590b00b5a.json b/objects/vulnerability/vulnerability--e1911a5b-3379-4725-bea9-846590b00b5a.json new file mode 100644 index 00000000000..16a0befa069 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1911a5b-3379-4725-bea9-846590b00b5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c26c4246-21ee-4575-bfc0-228061553da1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1911a5b-3379-4725-bea9-846590b00b5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.378945Z", + "modified": "2024-10-08T00:20:13.378945Z", + "name": "CVE-2024-23376", + "description": "Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23376" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e693f7b2-4dbf-4ed9-a7b3-48d1aef2ff50.json b/objects/vulnerability/vulnerability--e693f7b2-4dbf-4ed9-a7b3-48d1aef2ff50.json new file mode 100644 index 00000000000..6882e95b900 --- /dev/null +++ b/objects/vulnerability/vulnerability--e693f7b2-4dbf-4ed9-a7b3-48d1aef2ff50.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7cc3279-94c9-4555-8939-d9a7b4d1f464", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e693f7b2-4dbf-4ed9-a7b3-48d1aef2ff50", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.206688Z", + "modified": "2024-10-08T00:20:14.206688Z", + "name": "CVE-2024-43789", + "description": "Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9555de0-f42d-41b9-a192-8ed5a798e284.json b/objects/vulnerability/vulnerability--e9555de0-f42d-41b9-a192-8ed5a798e284.json new file mode 100644 index 00000000000..333644733d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9555de0-f42d-41b9-a192-8ed5a798e284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eed886cd-1962-4a1c-bcf3-54d6fec78e79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9555de0-f42d-41b9-a192-8ed5a798e284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.352781Z", + "modified": "2024-10-08T00:20:12.352781Z", + "name": "CVE-2024-47967", + "description": "Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9ecfb48-ed97-4299-8ed9-a3398b4fa8ef.json b/objects/vulnerability/vulnerability--e9ecfb48-ed97-4299-8ed9-a3398b4fa8ef.json new file mode 100644 index 00000000000..8f9f3d2fbf3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9ecfb48-ed97-4299-8ed9-a3398b4fa8ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0aa00b42-4be3-4391-b319-3e1d5392b4ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9ecfb48-ed97-4299-8ed9-a3398b4fa8ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.212244Z", + "modified": "2024-10-08T00:20:14.212244Z", + "name": "CVE-2024-43364", + "description": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea3b2f9d-c04a-4b23-88f8-25294a46eca1.json b/objects/vulnerability/vulnerability--ea3b2f9d-c04a-4b23-88f8-25294a46eca1.json new file mode 100644 index 00000000000..2fdefbe08fc --- /dev/null +++ b/objects/vulnerability/vulnerability--ea3b2f9d-c04a-4b23-88f8-25294a46eca1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4bc0808-a897-45a0-a341-734849420ee6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea3b2f9d-c04a-4b23-88f8-25294a46eca1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.358101Z", + "modified": "2024-10-08T00:20:12.358101Z", + "name": "CVE-2024-47344", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47344" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec00cb9e-c2f0-4c1a-9f09-633484979674.json b/objects/vulnerability/vulnerability--ec00cb9e-c2f0-4c1a-9f09-633484979674.json new file mode 100644 index 00000000000..02c2d365d0a --- /dev/null +++ b/objects/vulnerability/vulnerability--ec00cb9e-c2f0-4c1a-9f09-633484979674.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a3ffee9-342d-48d4-bfe4-688a205c76af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec00cb9e-c2f0-4c1a-9f09-633484979674", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.246788Z", + "modified": "2024-10-08T00:20:12.246788Z", + "name": "CVE-2024-9574", + "description": "SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edba0f99-4436-4fb3-8af2-7ec5d4ada9a3.json b/objects/vulnerability/vulnerability--edba0f99-4436-4fb3-8af2-7ec5d4ada9a3.json new file mode 100644 index 00000000000..9999c9112fe --- /dev/null +++ b/objects/vulnerability/vulnerability--edba0f99-4436-4fb3-8af2-7ec5d4ada9a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c88ec272-94a1-4469-8e09-a1baea441f23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edba0f99-4436-4fb3-8af2-7ec5d4ada9a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.243776Z", + "modified": "2024-10-08T00:20:13.243776Z", + "name": "CVE-2024-20102", + "description": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f33323bf-dbb8-42e0-bd7c-99e093d76c66.json b/objects/vulnerability/vulnerability--f33323bf-dbb8-42e0-bd7c-99e093d76c66.json new file mode 100644 index 00000000000..9e5a412040a --- /dev/null +++ b/objects/vulnerability/vulnerability--f33323bf-dbb8-42e0-bd7c-99e093d76c66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76732983-939d-4f4c-8498-c60bc8b3a311", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f33323bf-dbb8-42e0-bd7c-99e093d76c66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.246284Z", + "modified": "2024-10-08T00:20:13.246284Z", + "name": "CVE-2024-20100", + "description": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20100" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f468a305-4460-4e56-bfbb-31cf2978b336.json b/objects/vulnerability/vulnerability--f468a305-4460-4e56-bfbb-31cf2978b336.json new file mode 100644 index 00000000000..78eabb7a596 --- /dev/null +++ b/objects/vulnerability/vulnerability--f468a305-4460-4e56-bfbb-31cf2978b336.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad602aa1-d146-4dd7-90ac-ea2a9809152e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f468a305-4460-4e56-bfbb-31cf2978b336", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.558422Z", + "modified": "2024-10-08T00:20:13.558422Z", + "name": "CVE-2024-46040", + "description": "IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f81c0dab-1904-47ce-9dff-308f97539be6.json b/objects/vulnerability/vulnerability--f81c0dab-1904-47ce-9dff-308f97539be6.json new file mode 100644 index 00000000000..1a19167b9bc --- /dev/null +++ b/objects/vulnerability/vulnerability--f81c0dab-1904-47ce-9dff-308f97539be6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2749bcae-dde3-4c04-9307-298bce6d5a50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f81c0dab-1904-47ce-9dff-308f97539be6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:12.332586Z", + "modified": "2024-10-08T00:20:12.332586Z", + "name": "CVE-2024-47559", + "description": "Authenticated RCE via Path Traversal", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f85467e1-b171-4992-ace1-8d026a63b151.json b/objects/vulnerability/vulnerability--f85467e1-b171-4992-ace1-8d026a63b151.json new file mode 100644 index 00000000000..be6cc7e2c83 --- /dev/null +++ b/objects/vulnerability/vulnerability--f85467e1-b171-4992-ace1-8d026a63b151.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95050dc3-d59d-4379-832b-a95c0ab7b03a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f85467e1-b171-4992-ace1-8d026a63b151", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.219279Z", + "modified": "2024-10-08T00:20:14.219279Z", + "name": "CVE-2024-43365", + "description": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8b4e837-d81e-4a8e-8345-3d03130dcab7.json b/objects/vulnerability/vulnerability--f8b4e837-d81e-4a8e-8345-3d03130dcab7.json new file mode 100644 index 00000000000..19e354a4e06 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8b4e837-d81e-4a8e-8345-3d03130dcab7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--927e5935-058b-49f0-bf86-a0a797567f00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8b4e837-d81e-4a8e-8345-3d03130dcab7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.193661Z", + "modified": "2024-10-08T00:20:13.193661Z", + "name": "CVE-2024-20098", + "description": "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd844f0a-ef76-470e-9c78-4f2fe27c1eec.json b/objects/vulnerability/vulnerability--fd844f0a-ef76-470e-9c78-4f2fe27c1eec.json new file mode 100644 index 00000000000..5f6814297ad --- /dev/null +++ b/objects/vulnerability/vulnerability--fd844f0a-ef76-470e-9c78-4f2fe27c1eec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a575c19-658d-4dd0-a76b-ef14b5c33863", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd844f0a-ef76-470e-9c78-4f2fe27c1eec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:13.191588Z", + "modified": "2024-10-08T00:20:13.191588Z", + "name": "CVE-2024-20099", + "description": "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ffc79d7d-b51b-4d9f-924e-7fc12fcba946.json b/objects/vulnerability/vulnerability--ffc79d7d-b51b-4d9f-924e-7fc12fcba946.json new file mode 100644 index 00000000000..600c7b9f288 --- /dev/null +++ b/objects/vulnerability/vulnerability--ffc79d7d-b51b-4d9f-924e-7fc12fcba946.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32efdf59-7910-4efb-9964-3f3a63ed31a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ffc79d7d-b51b-4d9f-924e-7fc12fcba946", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-08T00:20:14.188564Z", + "modified": "2024-10-08T00:20:14.188564Z", + "name": "CVE-2024-43047", + "description": "Memory corruption while maintaining memory maps of HLOS memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43047" + } + ] + } + ] +} \ No newline at end of file