diff --git a/mapping.csv b/mapping.csv index 8ed29ab57e8..e2de50e8589 100644 --- a/mapping.csv +++ b/mapping.csv @@ -247971,3 +247971,21 @@ vulnerability,CVE-2024-6585,vulnerability--fba5630b-985a-41c0-9b9a-02f08174f586 vulnerability,CVE-2024-6586,vulnerability--60ad1133-d36e-4dfa-948c-8349276a2ed8 vulnerability,CVE-2024-6204,vulnerability--3ec1e1d4-845d-4546-ac3a-97d6604c9890 vulnerability,CVE-2023-7256,vulnerability--1e106ff1-cd8f-42af-afe2-a6eb298462ab +vulnerability,CVE-2022-4100,vulnerability--b20e1c42-2b5a-44de-b3cd-b2bfca039c32 +vulnerability,CVE-2022-4536,vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8 +vulnerability,CVE-2022-4539,vulnerability--9f47ae7c-f956-409e-bbd7-f5dbb12c6e67 +vulnerability,CVE-2024-44946,vulnerability--ede87a81-45d9-4dee-95ef-70e1e5796cfa +vulnerability,CVE-2024-44945,vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d +vulnerability,CVE-2024-7435,vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc +vulnerability,CVE-2024-7717,vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7 +vulnerability,CVE-2024-39747,vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61 +vulnerability,CVE-2024-39578,vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763 +vulnerability,CVE-2024-39579,vulnerability--9aea7563-c755-41c0-99f0-89f882c54620 +vulnerability,CVE-2024-0110,vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3 +vulnerability,CVE-2024-0111,vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293 +vulnerability,CVE-2024-0109,vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c +vulnerability,CVE-2024-5212,vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090 +vulnerability,CVE-2024-8366,vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923 +vulnerability,CVE-2024-8108,vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753 +vulnerability,CVE-2024-8276,vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83 +vulnerability,CVE-2024-3886,vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419 diff --git a/objects/vulnerability/vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753.json b/objects/vulnerability/vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753.json new file mode 100644 index 00000000000..85ca8f846ed --- /dev/null +++ b/objects/vulnerability/vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87c5dd09-351c-49f0-bed8-a5148873a94a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01c867ec-68a6-40b8-b46c-3e54a0baf753", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.918711Z", + "modified": "2024-09-01T00:23:28.918711Z", + "name": "CVE-2024-8108", + "description": "The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8108" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419.json b/objects/vulnerability/vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419.json new file mode 100644 index 00000000000..81935eae524 --- /dev/null +++ b/objects/vulnerability/vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f409609b-16b1-4977-9e35-209941f80eec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24bc339a-c067-43c3-a85b-6cb8bbf40419", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.936475Z", + "modified": "2024-09-01T00:23:28.936475Z", + "name": "CVE-2024-3886", + "description": "The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83.json b/objects/vulnerability/vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83.json new file mode 100644 index 00000000000..eb4979ffb04 --- /dev/null +++ b/objects/vulnerability/vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a7d4749-e720-4bd4-bdc6-0d697e3d0df3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2983ef5a-e68f-4253-b0a5-cab45895da83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.92067Z", + "modified": "2024-09-01T00:23:28.92067Z", + "name": "CVE-2024-8276", + "description": "The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c.json b/objects/vulnerability/vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c.json new file mode 100644 index 00000000000..70945474400 --- /dev/null +++ b/objects/vulnerability/vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38ce8151-c20e-4ca9-ad34-2939b3078f6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37839598-c9d9-4902-a872-4c4bc8f09a4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.626934Z", + "modified": "2024-09-01T00:23:28.626934Z", + "name": "CVE-2024-0109", + "description": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0109" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc.json b/objects/vulnerability/vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc.json new file mode 100644 index 00000000000..c5a26ccc303 --- /dev/null +++ b/objects/vulnerability/vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a876414c-1fe3-4b81-a17e-24735f74bce8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45b99039-eefc-489f-9cc9-9e3d10e3dddc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.177866Z", + "modified": "2024-09-01T00:23:28.177866Z", + "name": "CVE-2024-7435", + "description": "The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8.json b/objects/vulnerability/vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8.json new file mode 100644 index 00000000000..e447c7e2f84 --- /dev/null +++ b/objects/vulnerability/vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3beee2aa-e9a6-4d06-9534-bf687c1c9ec9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--608da4db-1104-4350-8845-e7f44f7a8ee8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:16.640854Z", + "modified": "2024-09-01T00:23:16.640854Z", + "name": "CVE-2022-4536", + "description": "The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923.json b/objects/vulnerability/vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923.json new file mode 100644 index 00000000000..d9cbc1f924c --- /dev/null +++ b/objects/vulnerability/vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53a4ce90-43f8-436a-8795-c86f64d61ac3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73cb7827-a9b3-4903-b92f-965adc97c923", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.912359Z", + "modified": "2024-09-01T00:23:28.912359Z", + "name": "CVE-2024-8366", + "description": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8366" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763.json b/objects/vulnerability/vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763.json new file mode 100644 index 00000000000..fc9b37c10d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e48f4a16-61ba-449f-949e-6334f0772f24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75ab2a2b-11a8-4ea8-817c-8633f5b1b763", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.338773Z", + "modified": "2024-09-01T00:23:28.338773Z", + "name": "CVE-2024-39578", + "description": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39578" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293.json b/objects/vulnerability/vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293.json new file mode 100644 index 00000000000..5045da69d1f --- /dev/null +++ b/objects/vulnerability/vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b17a8de5-54a8-4a39-9841-481e33a8ff0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--791f0496-bdcc-47d2-a38e-7b9c61079293", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.618224Z", + "modified": "2024-09-01T00:23:28.618224Z", + "name": "CVE-2024-0111", + "description": "NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3.json b/objects/vulnerability/vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3.json new file mode 100644 index 00000000000..80b5cf4e3bb --- /dev/null +++ b/objects/vulnerability/vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b6a8f37-7c17-445a-956e-d6f69dff9094", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84e831d9-70e4-4fb3-b0da-d93c8cdb95e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.571503Z", + "modified": "2024-09-01T00:23:28.571503Z", + "name": "CVE-2024-0110", + "description": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090.json b/objects/vulnerability/vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090.json new file mode 100644 index 00000000000..af88ed23f96 --- /dev/null +++ b/objects/vulnerability/vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73683896-7c56-4ed3-bef4-001f2b59c19b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87408716-f3fd-4f53-866e-a9b1240c3090", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.639703Z", + "modified": "2024-09-01T00:23:28.639703Z", + "name": "CVE-2024-5212", + "description": "The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d.json b/objects/vulnerability/vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d.json new file mode 100644 index 00000000000..b63cb911911 --- /dev/null +++ b/objects/vulnerability/vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2df4cca2-a293-4924-9711-c4b2748ded6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--914120e5-cb46-4832-97a2-7b999b455b4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:27.393089Z", + "modified": "2024-09-01T00:23:27.393089Z", + "name": "CVE-2024-44945", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink: Initialise extack before use in ACKs\n\nAdd missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44945" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7.json b/objects/vulnerability/vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7.json new file mode 100644 index 00000000000..1f209224bbf --- /dev/null +++ b/objects/vulnerability/vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c1fd562-f436-4f56-a9bc-68fca5c785da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91a81d1a-c3cf-42a1-8829-0a905a7384c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.193269Z", + "modified": "2024-09-01T00:23:28.193269Z", + "name": "CVE-2024-7717", + "description": "The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7717" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61.json b/objects/vulnerability/vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61.json new file mode 100644 index 00000000000..8543978ea37 --- /dev/null +++ b/objects/vulnerability/vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbc7af81-24d3-4eec-b714-1da178157dd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96600461-e4f2-41ff-9b0a-cafc7257fe61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.310277Z", + "modified": "2024-09-01T00:23:28.310277Z", + "name": "CVE-2024-39747", + "description": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9aea7563-c755-41c0-99f0-89f882c54620.json b/objects/vulnerability/vulnerability--9aea7563-c755-41c0-99f0-89f882c54620.json new file mode 100644 index 00000000000..bd0cbc3c9f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--9aea7563-c755-41c0-99f0-89f882c54620.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9edc57a-e44e-48f5-aa28-e9390c6185d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9aea7563-c755-41c0-99f0-89f882c54620", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:28.345123Z", + "modified": "2024-09-01T00:23:28.345123Z", + "name": "CVE-2024-39579", + "description": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39579" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f47ae7c-f956-409e-bbd7-f5dbb12c6e67.json b/objects/vulnerability/vulnerability--9f47ae7c-f956-409e-bbd7-f5dbb12c6e67.json new file mode 100644 index 00000000000..4fbad42e3c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f47ae7c-f956-409e-bbd7-f5dbb12c6e67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4dbdb46-e8e8-41fd-a54d-929fea99dc1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f47ae7c-f956-409e-bbd7-f5dbb12c6e67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:16.668623Z", + "modified": "2024-09-01T00:23:16.668623Z", + "name": "CVE-2022-4539", + "description": "The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b20e1c42-2b5a-44de-b3cd-b2bfca039c32.json b/objects/vulnerability/vulnerability--b20e1c42-2b5a-44de-b3cd-b2bfca039c32.json new file mode 100644 index 00000000000..39bcc21ff7d --- /dev/null +++ b/objects/vulnerability/vulnerability--b20e1c42-2b5a-44de-b3cd-b2bfca039c32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b70277c-9423-462d-a2ef-b74ce157cddc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b20e1c42-2b5a-44de-b3cd-b2bfca039c32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:16.622307Z", + "modified": "2024-09-01T00:23:16.622307Z", + "name": "CVE-2022-4100", + "description": "The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4100" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ede87a81-45d9-4dee-95ef-70e1e5796cfa.json b/objects/vulnerability/vulnerability--ede87a81-45d9-4dee-95ef-70e1e5796cfa.json new file mode 100644 index 00000000000..3bffbe0824a --- /dev/null +++ b/objects/vulnerability/vulnerability--ede87a81-45d9-4dee-95ef-70e1e5796cfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b8d7672-b0c4-468a-86fd-0818367c5e60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ede87a81-45d9-4dee-95ef-70e1e5796cfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-01T00:23:27.387729Z", + "modified": "2024-09-01T00:23:27.387729Z", + "name": "CVE-2024-44946", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n 2. Thread A resumes building skb from kcm->seq_skb but is blocked\n by sk_stream_wait_memory()\n\n 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n and puts the skb to the write queue\n\n 4. Thread A faces an error and finally frees skb that is already in the\n write queue\n\n 5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44946" + } + ] + } + ] +} \ No newline at end of file