-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
daf0b6e
commit e350ed8
Showing
19 changed files
with
414 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--87c5dd09-351c-49f0-bed8-a5148873a94a", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.918711Z", | ||
"modified": "2024-09-01T00:23:28.918711Z", | ||
"name": "CVE-2024-8108", | ||
"description": "The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-8108" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--f409609b-16b1-4977-9e35-209941f80eec", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.936475Z", | ||
"modified": "2024-09-01T00:23:28.936475Z", | ||
"name": "CVE-2024-3886", | ||
"description": "The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-3886" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--0a7d4749-e720-4bd4-bdc6-0d697e3d0df3", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.92067Z", | ||
"modified": "2024-09-01T00:23:28.92067Z", | ||
"name": "CVE-2024-8276", | ||
"description": "The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-8276" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--38ce8151-c20e-4ca9-ad34-2939b3078f6e", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.626934Z", | ||
"modified": "2024-09-01T00:23:28.626934Z", | ||
"name": "CVE-2024-0109", | ||
"description": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-0109" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--a876414c-1fe3-4b81-a17e-24735f74bce8", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.177866Z", | ||
"modified": "2024-09-01T00:23:28.177866Z", | ||
"name": "CVE-2024-7435", | ||
"description": "The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-7435" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--3beee2aa-e9a6-4d06-9534-bf687c1c9ec9", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:16.640854Z", | ||
"modified": "2024-09-01T00:23:16.640854Z", | ||
"name": "CVE-2022-4536", | ||
"description": "The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2022-4536" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--53a4ce90-43f8-436a-8795-c86f64d61ac3", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.912359Z", | ||
"modified": "2024-09-01T00:23:28.912359Z", | ||
"name": "CVE-2024-8366", | ||
"description": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-8366" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--e48f4a16-61ba-449f-949e-6334f0772f24", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.338773Z", | ||
"modified": "2024-09-01T00:23:28.338773Z", | ||
"name": "CVE-2024-39578", | ||
"description": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-39578" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--b17a8de5-54a8-4a39-9841-481e33a8ff0a", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.618224Z", | ||
"modified": "2024-09-01T00:23:28.618224Z", | ||
"name": "CVE-2024-0111", | ||
"description": "NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-0111" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--6b6a8f37-7c17-445a-956e-d6f69dff9094", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.571503Z", | ||
"modified": "2024-09-01T00:23:28.571503Z", | ||
"name": "CVE-2024-0110", | ||
"description": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-0110" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--73683896-7c56-4ed3-bef4-001f2b59c19b", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.639703Z", | ||
"modified": "2024-09-01T00:23:28.639703Z", | ||
"name": "CVE-2024-5212", | ||
"description": "The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-5212" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--2df4cca2-a293-4924-9711-c4b2748ded6a", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:27.393089Z", | ||
"modified": "2024-09-01T00:23:27.393089Z", | ||
"name": "CVE-2024-44945", | ||
"description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink: Initialise extack before use in ACKs\n\nAdd missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-44945" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--5c1fd562-f436-4f56-a9bc-68fca5c785da", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.193269Z", | ||
"modified": "2024-09-01T00:23:28.193269Z", | ||
"name": "CVE-2024-7717", | ||
"description": "The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-7717" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--dbc7af81-24d3-4eec-b714-1da178157dd5", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.310277Z", | ||
"modified": "2024-09-01T00:23:28.310277Z", | ||
"name": "CVE-2024-39747", | ||
"description": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-39747" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--9aea7563-c755-41c0-99f0-89f882c54620.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--d9edc57a-e44e-48f5-aa28-e9390c6185d5", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--9aea7563-c755-41c0-99f0-89f882c54620", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-09-01T00:23:28.345123Z", | ||
"modified": "2024-09-01T00:23:28.345123Z", | ||
"name": "CVE-2024-39579", | ||
"description": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-39579" | ||
} | ||
] | ||
} | ||
] | ||
} |
Oops, something went wrong.