diff --git a/mapping.csv b/mapping.csv index 397d1374a24..11b3bf1010e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -259646,3 +259646,257 @@ vulnerability,CVE-2024-28139,vulnerability--b150376c-9ed1-43bc-bf6c-a7344d13ddbb vulnerability,CVE-2024-28140,vulnerability--8d5335f0-8b3f-476c-bc0f-c8536d9cbda7 vulnerability,CVE-2023-37395,vulnerability--54947ad4-d295-4b1e-bdf6-62decd3683c7 vulnerability,CVE-2023-23472,vulnerability--ad10d0f7-2a3d-428d-b95d-58ddebeb5193 +vulnerability,CVE-2024-52901,vulnerability--ce328330-9feb-449a-b38d-699e30853148 +vulnerability,CVE-2024-45404,vulnerability--2f55f7ab-df7d-4491-967e-c184a581ff71 +vulnerability,CVE-2024-12484,vulnerability--e61ef356-e274-4cbf-a99a-2bb4fb39b932 +vulnerability,CVE-2024-12461,vulnerability--c3425a84-6b52-4b67-9693-8bbc1090bc82 +vulnerability,CVE-2024-12564,vulnerability--741f4523-8ab7-4667-bb45-755742f2060e +vulnerability,CVE-2024-12463,vulnerability--5901bcd9-9739-4437-975c-cbabeb24e5c8 +vulnerability,CVE-2024-12263,vulnerability--a03e983f-13b4-4a35-ab13-4c0c301a3b1d +vulnerability,CVE-2024-12059,vulnerability--ff11a6f6-4ab8-45af-951a-a22542c19cfd +vulnerability,CVE-2024-12162,vulnerability--5f5f8eda-8333-49ae-80fc-e6f35932913d +vulnerability,CVE-2024-12486,vulnerability--b55d6a3b-8897-4f29-9c76-f78157642374 +vulnerability,CVE-2024-12312,vulnerability--b765862c-7bc6-4639-bc3d-dddb68e5d94c +vulnerability,CVE-2024-12503,vulnerability--70c66f17-1ddd-4ab6-b1e1-9318922da611 +vulnerability,CVE-2024-12072,vulnerability--0403e6f6-2ae3-4a58-a1e2-34dc9851a21b +vulnerability,CVE-2024-12338,vulnerability--8a182e05-ceeb-4eb2-976c-8d1e2a388117 +vulnerability,CVE-2024-12156,vulnerability--c8ab628a-3dde-42c8-b835-6eee6d6382da +vulnerability,CVE-2024-12497,vulnerability--70e8ddf3-d2ab-488d-98af-3965a2ce8930 +vulnerability,CVE-2024-12536,vulnerability--5a4334f0-1232-4710-bdcf-75312697ca8b +vulnerability,CVE-2024-12172,vulnerability--726cbb47-eb08-4b33-8ef6-96c386a15105 +vulnerability,CVE-2024-12265,vulnerability--3850c93f-7aa2-405d-a385-390dbe3ec62c +vulnerability,CVE-2024-12406,vulnerability--ef0ef356-f1d5-4880-92c3-67bb5ceadca7 +vulnerability,CVE-2024-12485,vulnerability--2c06863c-9324-4c81-8c04-e69ad9719639 +vulnerability,CVE-2024-12492,vulnerability--ace3a1d5-e09c-4dad-be05-c023eb98bde3 +vulnerability,CVE-2024-12401,vulnerability--436ecb5d-2966-4ddb-b0c9-11b023c277a5 +vulnerability,CVE-2024-12260,vulnerability--9e2ccb61-a201-4ccf-8ac5-0e16dd085cfd +vulnerability,CVE-2024-12333,vulnerability--b9095e0d-3443-45ee-9401-7889bc69a7cf +vulnerability,CVE-2024-12271,vulnerability--337b862e-3bfd-4cb5-a342-eede8684f664 +vulnerability,CVE-2024-12526,vulnerability--8e88eece-46ac-49b3-9dd9-12f4c30b4e43 +vulnerability,CVE-2024-12487,vulnerability--56b5edfa-ef4f-421b-a670-2cf5811986a9 +vulnerability,CVE-2024-12483,vulnerability--db29d780-ff4b-4dad-a457-c088cfca1c29 +vulnerability,CVE-2024-12160,vulnerability--1ad4a1e6-2269-4843-932d-7ff20c5cad35 +vulnerability,CVE-2024-12481,vulnerability--30cb05bf-be92-4f27-8cf6-4800e793a6d2 +vulnerability,CVE-2024-12441,vulnerability--09a02adf-368a-457f-8657-2f1f3f2982cc +vulnerability,CVE-2024-12488,vulnerability--8372d6c1-ba20-4b5e-8c9d-b0fe341bd7f1 +vulnerability,CVE-2024-12480,vulnerability--9c2bbcab-2854-4f21-b235-af1743b1ddc2 +vulnerability,CVE-2024-12201,vulnerability--d7721f87-fe4b-4af5-b929-652dd85022b9 +vulnerability,CVE-2024-12040,vulnerability--a92c524a-76f9-4595-9efc-dd0e895ef8a6 +vulnerability,CVE-2024-12255,vulnerability--f8d94da2-9bd4-40ac-81ce-721cba2f92b7 +vulnerability,CVE-2024-12018,vulnerability--4e2d645c-b16b-4e7c-b462-3952ad06e3f3 +vulnerability,CVE-2024-12292,vulnerability--9674c48d-bf14-4cf1-b7e7-4d6f8eca5eb0 +vulnerability,CVE-2024-12329,vulnerability--63dec0a9-d24c-4dff-b722-293d03b80f56 +vulnerability,CVE-2024-12570,vulnerability--27ed8732-bf86-414d-ac6e-17afd732a0ed +vulnerability,CVE-2024-12341,vulnerability--18802efb-64da-42ff-9b10-7dc2bd64cbed +vulnerability,CVE-2024-12397,vulnerability--22e4178c-0d1b-44ef-88c1-2bd0e15261f0 +vulnerability,CVE-2024-12482,vulnerability--8d6fc042-a5fb-4df4-9469-f7389e851202 +vulnerability,CVE-2024-12289,vulnerability--6838ec61-053c-4563-bab9-aaf98ecbbae5 +vulnerability,CVE-2024-12489,vulnerability--968ef7e3-cbec-4f03-a4d7-2ebaa0d96286 +vulnerability,CVE-2024-12258,vulnerability--381b5acb-b0c7-4ee4-9234-17050aaa1126 +vulnerability,CVE-2024-12490,vulnerability--122bacb3-3159-472c-a4c9-aced5cf979a4 +vulnerability,CVE-2024-10010,vulnerability--89e4477e-1e4d-4412-9203-e4784edb0dbd +vulnerability,CVE-2024-10568,vulnerability--754d2b9d-3b37-4518-bca7-702416e1647f +vulnerability,CVE-2024-10499,vulnerability--aa13ed5a-9b21-43d3-82a2-74727848954f +vulnerability,CVE-2024-10043,vulnerability--ed46f5e6-db14-4f95-826e-9038af551342 +vulnerability,CVE-2024-10784,vulnerability--a9079ffa-ff3f-4956-9d8b-c82327dc2a8d +vulnerability,CVE-2024-10518,vulnerability--fdb6ac6f-bcca-4778-9414-48cd24d18cdb +vulnerability,CVE-2024-10910,vulnerability--7c2e32e3-0d8c-4ff5-b33c-d43b36b1fdfb +vulnerability,CVE-2024-10590,vulnerability--f71378fb-ac94-4a09-a27c-d48e735fcec3 +vulnerability,CVE-2024-10124,vulnerability--9be1a992-1bb8-4509-916b-b31e419dd4ed +vulnerability,CVE-2024-10111,vulnerability--03020106-7c9b-4fa2-b36f-a503f97e2e18 +vulnerability,CVE-2024-10583,vulnerability--97868a90-e70c-4c65-a454-b6948e4510b6 +vulnerability,CVE-2024-10637,vulnerability--41566b86-c8b1-4fed-a418-80f7e2887b83 +vulnerability,CVE-2024-10517,vulnerability--c01ab892-ef04-4555-a8e0-c8460484dde9 +vulnerability,CVE-2024-10182,vulnerability--dc9fdbb5-c08b-49ce-a0ef-b1f72433af19 +vulnerability,CVE-2024-9428,vulnerability--6f03668e-72c4-4b96-99de-1835c595d953 +vulnerability,CVE-2024-9881,vulnerability--f67ba32b-e5fe-42e7-b481-f390d49f44f7 +vulnerability,CVE-2024-9641,vulnerability--561ed63a-62c9-44a5-877c-4ed27bfc4528 +vulnerability,CVE-2024-9367,vulnerability--82a278e4-c3fb-4a0c-acbf-68c4901f716d +vulnerability,CVE-2024-9387,vulnerability--915bc318-467a-4553-af84-ca907ba975d5 +vulnerability,CVE-2024-47775,vulnerability--ec4c90e7-bebb-4f91-ad4b-4d545f07e478 +vulnerability,CVE-2024-47546,vulnerability--1a698442-8fbe-40a3-83e2-00a294bc2f94 +vulnerability,CVE-2024-47774,vulnerability--610c0cf0-f83f-4f71-95da-e794f7b11729 +vulnerability,CVE-2024-47834,vulnerability--694990be-526a-4f27-bb10-d37b6a279904 +vulnerability,CVE-2024-47596,vulnerability--926e227a-141e-4434-80af-563851d6c149 +vulnerability,CVE-2024-47600,vulnerability--71dc99d1-1e8c-4624-b1b7-e8f2f319ce30 +vulnerability,CVE-2024-47947,vulnerability--fb891272-07a5-4a36-bd37-bac1648e7844 +vulnerability,CVE-2024-47777,vulnerability--488bd216-8250-40d8-b0f5-b8cac55756dd +vulnerability,CVE-2024-47603,vulnerability--0e896e8e-6f94-4753-bb23-2c2d0b97107e +vulnerability,CVE-2024-47776,vulnerability--1deccc67-ede8-44c7-9ec4-3ea7a9aff721 +vulnerability,CVE-2024-47602,vulnerability--630366a0-d8df-4d23-9ae2-ea50535acc19 +vulnerability,CVE-2024-47238,vulnerability--1d765fa1-b1ed-4246-a039-395446134570 +vulnerability,CVE-2024-47615,vulnerability--6612f77b-29de-4c6f-8afe-88695073a15d +vulnerability,CVE-2024-47607,vulnerability--e0082a01-4b60-443c-9b96-226df6528fee +vulnerability,CVE-2024-47597,vulnerability--e8ce542b-3bf2-44a6-8dc5-5b12140127f0 +vulnerability,CVE-2024-47778,vulnerability--f6dd374a-fb50-4520-bba3-74b90e6140e5 +vulnerability,CVE-2024-47613,vulnerability--71e28076-69d8-444c-b55e-b4bec5d8fe57 +vulnerability,CVE-2024-47598,vulnerability--45e47edb-74a9-46ed-9f24-5b4a2e6f4199 +vulnerability,CVE-2024-47835,vulnerability--9d18878e-8043-4242-ba4b-143905fc3436 +vulnerability,CVE-2024-47599,vulnerability--de2c0032-643f-4ed3-8287-ee6e4ba2290d +vulnerability,CVE-2024-47606,vulnerability--16506a99-f1c7-472b-81e7-05d2b23bb62a +vulnerability,CVE-2024-47601,vulnerability--056efd6f-74ba-45dd-baa8-e758e5f2d0d7 +vulnerability,CVE-2024-50584,vulnerability--b3820c5d-6dde-4dd8-b660-af890aa58c74 +vulnerability,CVE-2024-11948,vulnerability--ae9887dc-d4a2-4769-9ebc-1d0306613fc4 +vulnerability,CVE-2024-11410,vulnerability--93c74f7d-a9cf-49f5-b049-7a3801f73a7b +vulnerability,CVE-2024-11872,vulnerability--94203729-003e-409e-afd2-43ec85ef240a +vulnerability,CVE-2024-11274,vulnerability--2df3d5d9-e772-4933-b718-03668257ae02 +vulnerability,CVE-2024-11433,vulnerability--c151c040-d459-45ba-854d-3a79a21bfa8e +vulnerability,CVE-2024-11727,vulnerability--1b3810bc-ba0a-4186-b9c4-4cf19c961dfd +vulnerability,CVE-2024-11947,vulnerability--cd01a6c2-dc04-41e1-bbdb-5e5710109eb3 +vulnerability,CVE-2024-11430,vulnerability--5e55db8c-175b-4775-a90d-4b5c5c660f2e +vulnerability,CVE-2024-11765,vulnerability--bee4fd2a-a435-4d94-a642-ebfae0c892a5 +vulnerability,CVE-2024-11804,vulnerability--a7c7232c-3e77-4536-8b2f-668742c1b77d +vulnerability,CVE-2024-11709,vulnerability--356a062e-2263-4577-8c31-5335884cd660 +vulnerability,CVE-2024-11384,vulnerability--99c7b9d7-c23c-4155-aaf7-2e8a11adb249 +vulnerability,CVE-2024-11683,vulnerability--41dc973d-5c95-4117-86e6-f727af76ad1e +vulnerability,CVE-2024-11757,vulnerability--7e50cc5e-8e1e-41f8-a14d-b36749336d30 +vulnerability,CVE-2024-11459,vulnerability--c4369244-17c8-4042-8cec-46efde8f98dd +vulnerability,CVE-2024-11750,vulnerability--e1dfdd6a-173a-4663-a518-f4c8d54ffb60 +vulnerability,CVE-2024-11875,vulnerability--7ecbb5d2-c6a9-447d-a890-91c652d4472b +vulnerability,CVE-2024-11914,vulnerability--d3af349d-f070-46ba-b721-19cf917a842f +vulnerability,CVE-2024-11901,vulnerability--62f660d5-25e1-4767-bf86-1920f8a4c2ff +vulnerability,CVE-2024-11181,vulnerability--7d614922-dbae-4845-999a-1eaef9992b78 +vulnerability,CVE-2024-11882,vulnerability--c6553d56-41ca-49da-b08e-c5f04c604fd9 +vulnerability,CVE-2024-11760,vulnerability--bcd0aa18-7bfb-4415-b991-c14dabc6ea1d +vulnerability,CVE-2024-11871,vulnerability--7be071a3-98a4-429b-9b17-00419a1bd996 +vulnerability,CVE-2024-11689,vulnerability--f563b949-10f3-492c-afcc-dc3d41beffad +vulnerability,CVE-2024-11781,vulnerability--ef69ad38-aa93-4363-badd-79a630115d9b +vulnerability,CVE-2024-11950,vulnerability--bad14450-fa17-46d7-9815-0ed969d8920b +vulnerability,CVE-2024-11724,vulnerability--8d1945a6-d0da-415e-b068-692349077d32 +vulnerability,CVE-2024-11279,vulnerability--f5e12fbb-2b86-4afc-a0e0-24b2ed13df29 +vulnerability,CVE-2024-11419,vulnerability--2e7c284c-59a0-4641-9ba2-5faf87a46450 +vulnerability,CVE-2024-11413,vulnerability--6e77a9f4-42d5-4db8-89e7-8e65aff0f260 +vulnerability,CVE-2024-11723,vulnerability--ce857576-1364-4727-b13a-35f92d6c933f +vulnerability,CVE-2024-11766,vulnerability--8dcfd100-8298-425c-9ab6-fddb974a717a +vulnerability,CVE-2024-11442,vulnerability--8ea22c27-2d7f-4ccb-a533-bc8e6615054f +vulnerability,CVE-2024-11359,vulnerability--7852aba9-9ea9-493d-bd99-b204a86e1523 +vulnerability,CVE-2024-11891,vulnerability--0e4ac90b-1290-4f51-a724-13f810600d2b +vulnerability,CVE-2024-11949,vulnerability--d061055f-5a6d-42f3-b782-3a4460ee8cf7 +vulnerability,CVE-2024-11427,vulnerability--73d40a71-fcb4-4d46-993d-3c973922503b +vulnerability,CVE-2024-11015,vulnerability--ecea997e-cabe-4125-bfae-f13516fab54d +vulnerability,CVE-2024-11443,vulnerability--cc54315c-b899-4bed-a149-5bf9cb228e47 +vulnerability,CVE-2024-11052,vulnerability--778e6157-e6cf-4414-99dc-32030b04770b +vulnerability,CVE-2024-11785,vulnerability--09db6ad5-921a-4fdb-8419-e652b66ac74b +vulnerability,CVE-2024-11417,vulnerability--997cc53b-320a-4c56-b342-b69cc70533b2 +vulnerability,CVE-2024-44300,vulnerability--3de35a4b-7c5f-439d-bce8-aaf4f4febc10 +vulnerability,CVE-2024-44248,vulnerability--5f8b22a6-eded-4e36-8a4a-9bccf7791f7c +vulnerability,CVE-2024-44224,vulnerability--a5094b24-c509-4a9c-97e1-19245df7be91 +vulnerability,CVE-2024-44245,vulnerability--4f7f9ef4-2a15-4d28-a32c-2fef43bf4ad9 +vulnerability,CVE-2024-44291,vulnerability--25785888-2fe6-44ef-863c-cbadb6403562 +vulnerability,CVE-2024-44225,vulnerability--4910daec-b8a0-484b-86d3-40b611ce2176 +vulnerability,CVE-2024-44212,vulnerability--8b7a7214-78b9-4dca-9dda-93864b0e4133 +vulnerability,CVE-2024-44201,vulnerability--d33d9257-ddb9-4ea9-a730-d276a47dd3b7 +vulnerability,CVE-2024-44241,vulnerability--97171cca-5430-4262-9c59-351f93439088 +vulnerability,CVE-2024-44200,vulnerability--7f765d8d-e4e5-4118-a1db-459c081fae07 +vulnerability,CVE-2024-44299,vulnerability--4fbd0de2-d55f-4820-9e54-15dcdb950aca +vulnerability,CVE-2024-44243,vulnerability--1e0d7448-7c73-4fa1-9b20-4aa90d87b809 +vulnerability,CVE-2024-44242,vulnerability--3be64166-2115-4292-b64c-66054115a240 +vulnerability,CVE-2024-44246,vulnerability--68e95445-4288-4a11-b540-d507332b443d +vulnerability,CVE-2024-44290,vulnerability--f558a2ec-1d3e-422e-92cc-74b7b2cadae8 +vulnerability,CVE-2024-44220,vulnerability--74a4f608-228f-4f77-bbf8-97fde3718924 +vulnerability,CVE-2024-53845,vulnerability--7c9ffa9c-8ae1-4649-b7c9-3061d1559035 +vulnerability,CVE-2024-53273,vulnerability--88a86a01-974a-4d2e-a479-a6778906ff6b +vulnerability,CVE-2024-53274,vulnerability--a3413f3c-075b-424e-8099-46b1e66d2447 +vulnerability,CVE-2024-53272,vulnerability--a92fe8bd-7f52-4c70-acf0-b4e118767215 +vulnerability,CVE-2024-8179,vulnerability--18b69e0e-d9b0-42f2-8636-07062f403ac9 +vulnerability,CVE-2024-8647,vulnerability--d76b73af-a965-415f-82f7-26e3e0684517 +vulnerability,CVE-2024-8233,vulnerability--d385dd5a-3376-4fb5-b7ec-0bf4221aaac0 +vulnerability,CVE-2024-31670,vulnerability--be05e36b-6cdc-4c2e-9862-c0275a45c50e +vulnerability,CVE-2024-41146,vulnerability--5ec6e214-0c50-490c-88d2-fd6dca2871f0 +vulnerability,CVE-2024-21574,vulnerability--16795e04-9fd2-4161-a457-352e8f8d361c +vulnerability,CVE-2024-21575,vulnerability--575be975-124c-43ef-9342-a190c47aeae9 +vulnerability,CVE-2024-54105,vulnerability--7f42b74c-dc34-4949-bb22-94b65cd6199d +vulnerability,CVE-2024-54118,vulnerability--4c306e13-a7ab-4022-9885-4b2cb716624d +vulnerability,CVE-2024-54528,vulnerability--20907ca5-ef97-4886-9886-e11ef15f3958 +vulnerability,CVE-2024-54515,vulnerability--66b76cb2-660f-41ce-8027-ed50e47389aa +vulnerability,CVE-2024-54491,vulnerability--220566ee-fa25-43e6-8709-aeb671dedcd7 +vulnerability,CVE-2024-54502,vulnerability--66aa828e-ffd2-4129-af05-6e5f1b33e298 +vulnerability,CVE-2024-54498,vulnerability--6d3094af-2604-4bbd-b7e6-0d8afcb10559 +vulnerability,CVE-2024-54107,vulnerability--d04ef629-8403-4a63-b4f9-83eacdb2e324 +vulnerability,CVE-2024-54842,vulnerability--14c7edf6-8f20-4849-928c-d4ec9f98567d +vulnerability,CVE-2024-54508,vulnerability--b8ef1f41-9f6c-49fc-b2d6-83c8b883f79d +vulnerability,CVE-2024-54104,vulnerability--ac97a1d2-4712-4222-95ce-c5aff6ebaae3 +vulnerability,CVE-2024-54514,vulnerability--5e66a160-0717-439b-87f3-ab19bd88ccad +vulnerability,CVE-2024-54489,vulnerability--e575d488-edc6-440a-95a1-4416bf514170 +vulnerability,CVE-2024-54527,vulnerability--c55f84ac-6c02-4ea6-8f7d-922e685793a1 +vulnerability,CVE-2024-54531,vulnerability--7df77692-ec5d-4d30-a4a9-c3992b53273f +vulnerability,CVE-2024-54534,vulnerability--a474c036-7c5b-4f09-bc3a-a95f6a0871c3 +vulnerability,CVE-2024-54098,vulnerability--314d6dcc-7e80-4e1b-a0a6-81ba9253cc82 +vulnerability,CVE-2024-54493,vulnerability--80531522-c131-4f09-ae4a-4fd4294bf9bc +vulnerability,CVE-2024-54113,vulnerability--20323b87-2289-4cf7-8d39-f3772df67887 +vulnerability,CVE-2024-54477,vulnerability--78356d64-c3ea-4999-833f-131680bc63e2 +vulnerability,CVE-2024-54097,vulnerability--485abf6b-3ee5-4b83-b2a1-40e0e5868e41 +vulnerability,CVE-2024-54485,vulnerability--1ce49fb1-7339-4a24-ad8a-43816a0e3890 +vulnerability,CVE-2024-54474,vulnerability--3e472c7d-a16e-4a05-a8a3-53b2eb8d8ce7 +vulnerability,CVE-2024-54495,vulnerability--b69255f0-1b48-42b7-98bc-7345012f38fe +vulnerability,CVE-2024-54494,vulnerability--e0188da7-b21b-4758-8669-041f001ad7e1 +vulnerability,CVE-2024-54115,vulnerability--da9df3e8-c51e-4e06-8022-3f3a30c93049 +vulnerability,CVE-2024-54119,vulnerability--eb7f9091-9e39-46a9-9337-ea5223999b52 +vulnerability,CVE-2024-54103,vulnerability--70ed7bc7-a80a-4b0f-8520-115256e0cad9 +vulnerability,CVE-2024-54810,vulnerability--7b301c85-0425-459c-9d8c-7c88c4106e57 +vulnerability,CVE-2024-54116,vulnerability--035bf396-9f7d-461d-8c19-7a5e24a59e3d +vulnerability,CVE-2024-54526,vulnerability--acbe12b2-999e-4077-b80b-1f5ce35ce641 +vulnerability,CVE-2024-54510,vulnerability--035d0575-4273-475d-ade7-49c4afc63106 +vulnerability,CVE-2024-54504,vulnerability--d285c1f9-1866-49be-83cd-d12c4d14e92d +vulnerability,CVE-2024-54513,vulnerability--8d4477d7-9e1f-4811-b4f0-b358daf44f80 +vulnerability,CVE-2024-54465,vulnerability--c9a031a9-af6b-44f4-a8e2-eb8c3c7644d5 +vulnerability,CVE-2024-54505,vulnerability--20ae8dcc-3143-4292-8d14-c9acac3ce6f7 +vulnerability,CVE-2024-54099,vulnerability--6bf3acde-dd0b-402e-b53b-a94363a3059a +vulnerability,CVE-2024-54484,vulnerability--ee130fde-7230-48b1-a74d-f8ddce1d3faf +vulnerability,CVE-2024-54114,vulnerability--4d4d4e41-6524-4924-9bff-1c732a38b895 +vulnerability,CVE-2024-54524,vulnerability--f17a8b62-fb00-4416-ae23-6697add378e9 +vulnerability,CVE-2024-54500,vulnerability--6a98bf61-e886-461e-8082-f3544e53873f +vulnerability,CVE-2024-54486,vulnerability--272f7a37-8f0e-47e6-8555-0700ef8c4320 +vulnerability,CVE-2024-54503,vulnerability--060f2ec3-3e8f-4a2f-847f-a41f7f64bc7d +vulnerability,CVE-2024-54122,vulnerability--e3f07063-f982-4037-8e3f-96b6425f89d0 +vulnerability,CVE-2024-54112,vulnerability--1191572b-5000-4b3a-b4a7-2f96c0f634f5 +vulnerability,CVE-2024-54108,vulnerability--bdcd65b6-e2cd-4c39-a09f-b3bbe5ea334a +vulnerability,CVE-2024-54117,vulnerability--c0295b97-0fc9-4a85-a6f8-c6d9eddefbdb +vulnerability,CVE-2024-54490,vulnerability--464441b9-6b21-4ef8-92a6-21a394688bf1 +vulnerability,CVE-2024-54471,vulnerability--20d74532-41e8-4a1b-ae02-b75f645e9c53 +vulnerability,CVE-2024-54096,vulnerability--ec08285a-bc6b-4eeb-9453-a9df0bd083ef +vulnerability,CVE-2024-54111,vulnerability--c9f73636-47b3-4514-b671-abaac6aba7b8 +vulnerability,CVE-2024-54811,vulnerability--13dfc77d-830e-43b5-a125-b9ddcab126b3 +vulnerability,CVE-2024-54479,vulnerability--18736600-4d2c-466d-862b-8f9576cc91dd +vulnerability,CVE-2024-54106,vulnerability--9afd8dfa-8fff-4500-8510-9ca254102da3 +vulnerability,CVE-2024-54100,vulnerability--59368897-fc90-41bc-a386-b51c2091109b +vulnerability,CVE-2024-54101,vulnerability--d99777a7-6b81-411e-90f8-4c8b5fe39497 +vulnerability,CVE-2024-54492,vulnerability--a9ed7a7f-9015-4863-bcc4-3e43ba71b7d0 +vulnerability,CVE-2024-54466,vulnerability--61f553b1-738b-478a-97b3-1bd8a22f998e +vulnerability,CVE-2024-54529,vulnerability--a416c1d4-0599-4168-95cb-40bc0aab8c9b +vulnerability,CVE-2024-54110,vulnerability--57355186-aebe-4d9b-a450-1af88e628144 +vulnerability,CVE-2024-54109,vulnerability--45eafda9-3b30-49b2-b5e0-3f47909851b1 +vulnerability,CVE-2024-54102,vulnerability--1296aeac-9996-4571-97b2-9ffcebaba361 +vulnerability,CVE-2024-54476,vulnerability--f553b6cb-2958-4f45-86d6-9f3b8dd60177 +vulnerability,CVE-2024-54506,vulnerability--7f3d3162-8cb3-44cb-b367-5bbb47d9c172 +vulnerability,CVE-2024-54501,vulnerability--159ac8b3-03e3-463b-a3be-66c6a1fca06c +vulnerability,CVE-2024-55888,vulnerability--d794b13e-db4d-4a91-8a3c-0340917adde6 +vulnerability,CVE-2024-55663,vulnerability--961e1995-7ecb-4e0c-8813-08e5ed9d2506 +vulnerability,CVE-2024-55876,vulnerability--bb5df1c4-687c-4819-9d0d-4e39df7ae25c +vulnerability,CVE-2024-55879,vulnerability--68ca812d-a324-4994-b8c6-92a1481827e4 +vulnerability,CVE-2024-55659,vulnerability--0eca8c8a-2215-466d-9981-649eea86af0d +vulnerability,CVE-2024-55662,vulnerability--f8090853-a3cc-4444-833f-b124f00a72d2 +vulnerability,CVE-2024-55658,vulnerability--f05c8410-0f8b-4b6c-ade3-c3de61cc6ac1 +vulnerability,CVE-2024-55886,vulnerability--3b049ccb-00f0-488f-b30b-c6508cfd4148 +vulnerability,CVE-2024-55633,vulnerability--dfc10598-1a36-4b6c-b773-2e2084e09d12 +vulnerability,CVE-2024-55878,vulnerability--cfc5dfa3-c8b8-4ce1-8a59-89a19c036caf +vulnerability,CVE-2024-55587,vulnerability--e5767328-50d8-4b8f-b15b-24437854372c +vulnerability,CVE-2024-55877,vulnerability--f7223eaf-cccb-47f0-9196-bc6275a9f426 +vulnerability,CVE-2024-55099,vulnerability--594b9cf8-1d60-4279-bb49-b4d9c8d1b41a +vulnerability,CVE-2024-55875,vulnerability--539c3267-29a0-4c5a-a23e-1a3fc297683a +vulnerability,CVE-2024-55885,vulnerability--18838c68-b4c5-4289-b863-ad80435e9b95 +vulnerability,CVE-2024-55652,vulnerability--4c88b0ef-9368-4074-9404-d54aa26894df +vulnerability,CVE-2024-55660,vulnerability--93ee5ca1-9e34-46ca-ad2b-f26dfccbae28 +vulnerability,CVE-2024-55884,vulnerability--e81973a2-4fbb-418f-9696-7fc51534feb1 +vulnerability,CVE-2024-55657,vulnerability--9511fadd-bae4-4dbd-b842-b3107f567d9d +vulnerability,CVE-2024-49071,vulnerability--af474860-07fc-4c24-bacb-d67f8352e5a5 +vulnerability,CVE-2024-49147,vulnerability--2a5ade12-1ec4-488d-bfc5-54744aa229db +vulnerability,CVE-2024-36498,vulnerability--832dc7a0-f037-4b7b-a5a4-89ac9f9638d2 +vulnerability,CVE-2024-36494,vulnerability--3e029fb1-5f34-4f29-bbd8-81fd2e61fd66 +vulnerability,CVE-2024-42407,vulnerability--5864c89e-10a8-43a1-b29d-61616554161f +vulnerability,CVE-2024-28144,vulnerability--62137494-b2dd-494b-aa8b-6e0707a3aeae +vulnerability,CVE-2024-28145,vulnerability--bce59886-df25-4f9f-a057-290f740843ab +vulnerability,CVE-2024-28143,vulnerability--8503c0d6-abb9-41f5-854d-685c70da455f +vulnerability,CVE-2024-28142,vulnerability--50485fbd-e67a-4335-bc1e-bc66eeea0e9d +vulnerability,CVE-2024-28146,vulnerability--e3d0a621-8df6-44fc-9d5f-d593e0db885c +vulnerability,CVE-2024-4109,vulnerability--7c3fcfc5-e6de-4662-a99d-c6201d22daff diff --git a/objects/vulnerability/vulnerability--03020106-7c9b-4fa2-b36f-a503f97e2e18.json b/objects/vulnerability/vulnerability--03020106-7c9b-4fa2-b36f-a503f97e2e18.json new file mode 100644 index 00000000000..6081ab8d832 --- /dev/null +++ b/objects/vulnerability/vulnerability--03020106-7c9b-4fa2-b36f-a503f97e2e18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--771be76f-c2c1-4d3d-a078-100582145705", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03020106-7c9b-4fa2-b36f-a503f97e2e18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.556258Z", + "modified": "2024-12-13T00:40:39.556258Z", + "name": "CVE-2024-10111", + "description": "The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--035bf396-9f7d-461d-8c19-7a5e24a59e3d.json b/objects/vulnerability/vulnerability--035bf396-9f7d-461d-8c19-7a5e24a59e3d.json new file mode 100644 index 00000000000..921cefe73b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--035bf396-9f7d-461d-8c19-7a5e24a59e3d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--661639a3-274d-499c-9440-12566d2df5fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--035bf396-9f7d-461d-8c19-7a5e24a59e3d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.120063Z", + "modified": "2024-12-13T00:40:41.120063Z", + "name": "CVE-2024-54116", + "description": "Out-of-bounds read vulnerability in the M3U8 module\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--035d0575-4273-475d-ade7-49c4afc63106.json b/objects/vulnerability/vulnerability--035d0575-4273-475d-ade7-49c4afc63106.json new file mode 100644 index 00000000000..d5bdb954865 --- /dev/null +++ b/objects/vulnerability/vulnerability--035d0575-4273-475d-ade7-49c4afc63106.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38133ec7-a958-4c2b-afd3-f378c530e231", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--035d0575-4273-475d-ade7-49c4afc63106", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.122672Z", + "modified": "2024-12-13T00:40:41.122672Z", + "name": "CVE-2024-54510", + "description": "A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0403e6f6-2ae3-4a58-a1e2-34dc9851a21b.json b/objects/vulnerability/vulnerability--0403e6f6-2ae3-4a58-a1e2-34dc9851a21b.json new file mode 100644 index 00000000000..5602bae36a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--0403e6f6-2ae3-4a58-a1e2-34dc9851a21b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--052f5ae7-cc36-43e4-a04f-b46650080bf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0403e6f6-2ae3-4a58-a1e2-34dc9851a21b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.440987Z", + "modified": "2024-12-13T00:40:39.440987Z", + "name": "CVE-2024-12072", + "description": "The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12072" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--056efd6f-74ba-45dd-baa8-e758e5f2d0d7.json b/objects/vulnerability/vulnerability--056efd6f-74ba-45dd-baa8-e758e5f2d0d7.json new file mode 100644 index 00000000000..e7cec3891df --- /dev/null +++ b/objects/vulnerability/vulnerability--056efd6f-74ba-45dd-baa8-e758e5f2d0d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa35d38e-95bf-44f9-b3b3-c23c65cd4f99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--056efd6f-74ba-45dd-baa8-e758e5f2d0d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.770515Z", + "modified": "2024-12-13T00:40:39.770515Z", + "name": "CVE-2024-47601", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--060f2ec3-3e8f-4a2f-847f-a41f7f64bc7d.json b/objects/vulnerability/vulnerability--060f2ec3-3e8f-4a2f-847f-a41f7f64bc7d.json new file mode 100644 index 00000000000..ba1f13e6628 --- /dev/null +++ b/objects/vulnerability/vulnerability--060f2ec3-3e8f-4a2f-847f-a41f7f64bc7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e11e3b92-7667-4fb1-b72c-a6a4ff3a23a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--060f2ec3-3e8f-4a2f-847f-a41f7f64bc7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.146949Z", + "modified": "2024-12-13T00:40:41.146949Z", + "name": "CVE-2024-54503", + "description": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09a02adf-368a-457f-8657-2f1f3f2982cc.json b/objects/vulnerability/vulnerability--09a02adf-368a-457f-8657-2f1f3f2982cc.json new file mode 100644 index 00000000000..384379559ee --- /dev/null +++ b/objects/vulnerability/vulnerability--09a02adf-368a-457f-8657-2f1f3f2982cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23f62b19-0fba-4b2a-8ff9-90b99986158e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09a02adf-368a-457f-8657-2f1f3f2982cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.472172Z", + "modified": "2024-12-13T00:40:39.472172Z", + "name": "CVE-2024-12441", + "description": "The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12441" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09db6ad5-921a-4fdb-8419-e652b66ac74b.json b/objects/vulnerability/vulnerability--09db6ad5-921a-4fdb-8419-e652b66ac74b.json new file mode 100644 index 00000000000..22850332953 --- /dev/null +++ b/objects/vulnerability/vulnerability--09db6ad5-921a-4fdb-8419-e652b66ac74b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a37c1557-0f3e-4d0d-b3f9-0607b01193e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09db6ad5-921a-4fdb-8419-e652b66ac74b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.097912Z", + "modified": "2024-12-13T00:40:40.097912Z", + "name": "CVE-2024-11785", + "description": "The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e4ac90b-1290-4f51-a724-13f810600d2b.json b/objects/vulnerability/vulnerability--0e4ac90b-1290-4f51-a724-13f810600d2b.json new file mode 100644 index 00000000000..5ed619d534f --- /dev/null +++ b/objects/vulnerability/vulnerability--0e4ac90b-1290-4f51-a724-13f810600d2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5963612c-3b92-4695-b426-73a21de74c83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e4ac90b-1290-4f51-a724-13f810600d2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.088092Z", + "modified": "2024-12-13T00:40:40.088092Z", + "name": "CVE-2024-11891", + "description": "The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11891" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e896e8e-6f94-4753-bb23-2c2d0b97107e.json b/objects/vulnerability/vulnerability--0e896e8e-6f94-4753-bb23-2c2d0b97107e.json new file mode 100644 index 00000000000..d017d56693a --- /dev/null +++ b/objects/vulnerability/vulnerability--0e896e8e-6f94-4753-bb23-2c2d0b97107e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--879eb34e-cb1f-4ba4-b693-e3e4de09f209", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e896e8e-6f94-4753-bb23-2c2d0b97107e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.730286Z", + "modified": "2024-12-13T00:40:39.730286Z", + "name": "CVE-2024-47603", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0eca8c8a-2215-466d-9981-649eea86af0d.json b/objects/vulnerability/vulnerability--0eca8c8a-2215-466d-9981-649eea86af0d.json new file mode 100644 index 00000000000..0b4ebd9bbd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--0eca8c8a-2215-466d-9981-649eea86af0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1553d45-aa6f-4a14-ba21-271a77193438", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0eca8c8a-2215-466d-9981-649eea86af0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.206502Z", + "modified": "2024-12-13T00:40:41.206502Z", + "name": "CVE-2024-55659", + "description": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1191572b-5000-4b3a-b4a7-2f96c0f634f5.json b/objects/vulnerability/vulnerability--1191572b-5000-4b3a-b4a7-2f96c0f634f5.json new file mode 100644 index 00000000000..9f1f88303f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1191572b-5000-4b3a-b4a7-2f96c0f634f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3bebcbb-20a9-4452-a1d3-4b278490c88d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1191572b-5000-4b3a-b4a7-2f96c0f634f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.149229Z", + "modified": "2024-12-13T00:40:41.149229Z", + "name": "CVE-2024-54112", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--122bacb3-3159-472c-a4c9-aced5cf979a4.json b/objects/vulnerability/vulnerability--122bacb3-3159-472c-a4c9-aced5cf979a4.json new file mode 100644 index 00000000000..40538b89a62 --- /dev/null +++ b/objects/vulnerability/vulnerability--122bacb3-3159-472c-a4c9-aced5cf979a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--171d8985-3139-4b87-9362-bf7ea6099464", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--122bacb3-3159-472c-a4c9-aced5cf979a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.505051Z", + "modified": "2024-12-13T00:40:39.505051Z", + "name": "CVE-2024-12490", + "description": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1296aeac-9996-4571-97b2-9ffcebaba361.json b/objects/vulnerability/vulnerability--1296aeac-9996-4571-97b2-9ffcebaba361.json new file mode 100644 index 00000000000..2b68f048265 --- /dev/null +++ b/objects/vulnerability/vulnerability--1296aeac-9996-4571-97b2-9ffcebaba361.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d19948cf-cea7-4298-8bc7-0000afd2c366", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1296aeac-9996-4571-97b2-9ffcebaba361", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.181509Z", + "modified": "2024-12-13T00:40:41.181509Z", + "name": "CVE-2024-54102", + "description": "Race condition vulnerability in the DDR module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13dfc77d-830e-43b5-a125-b9ddcab126b3.json b/objects/vulnerability/vulnerability--13dfc77d-830e-43b5-a125-b9ddcab126b3.json new file mode 100644 index 00000000000..0f90f34d3da --- /dev/null +++ b/objects/vulnerability/vulnerability--13dfc77d-830e-43b5-a125-b9ddcab126b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9b92a64-ada1-4d6e-8ad2-5fcfd295f977", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13dfc77d-830e-43b5-a125-b9ddcab126b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.167802Z", + "modified": "2024-12-13T00:40:41.167802Z", + "name": "CVE-2024-54811", + "description": "A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"login\" parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54811" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14c7edf6-8f20-4849-928c-d4ec9f98567d.json b/objects/vulnerability/vulnerability--14c7edf6-8f20-4849-928c-d4ec9f98567d.json new file mode 100644 index 00000000000..718e8a5af91 --- /dev/null +++ b/objects/vulnerability/vulnerability--14c7edf6-8f20-4849-928c-d4ec9f98567d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc2eb79d-5292-4e33-977e-5b95c7fd2917", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14c7edf6-8f20-4849-928c-d4ec9f98567d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.084775Z", + "modified": "2024-12-13T00:40:41.084775Z", + "name": "CVE-2024-54842", + "description": "A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--159ac8b3-03e3-463b-a3be-66c6a1fca06c.json b/objects/vulnerability/vulnerability--159ac8b3-03e3-463b-a3be-66c6a1fca06c.json new file mode 100644 index 00000000000..ff092fb403a --- /dev/null +++ b/objects/vulnerability/vulnerability--159ac8b3-03e3-463b-a3be-66c6a1fca06c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce07c7e2-ef75-467c-bf06-a59ade782703", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--159ac8b3-03e3-463b-a3be-66c6a1fca06c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.186581Z", + "modified": "2024-12-13T00:40:41.186581Z", + "name": "CVE-2024-54501", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16506a99-f1c7-472b-81e7-05d2b23bb62a.json b/objects/vulnerability/vulnerability--16506a99-f1c7-472b-81e7-05d2b23bb62a.json new file mode 100644 index 00000000000..530e705fae4 --- /dev/null +++ b/objects/vulnerability/vulnerability--16506a99-f1c7-472b-81e7-05d2b23bb62a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c0c95fe-429d-432c-b4ae-16ab9d789579", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16506a99-f1c7-472b-81e7-05d2b23bb62a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.768671Z", + "modified": "2024-12-13T00:40:39.768671Z", + "name": "CVE-2024-47606", + "description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16795e04-9fd2-4161-a457-352e8f8d361c.json b/objects/vulnerability/vulnerability--16795e04-9fd2-4161-a457-352e8f8d361c.json new file mode 100644 index 00000000000..c9f5cd3733b --- /dev/null +++ b/objects/vulnerability/vulnerability--16795e04-9fd2-4161-a457-352e8f8d361c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ac1b68b-3ca3-4003-b697-1554e443e790", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16795e04-9fd2-4161-a457-352e8f8d361c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.745831Z", + "modified": "2024-12-13T00:40:40.745831Z", + "name": "CVE-2024-21574", + "description": "The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or URL, resulting in remote code execution (RCE) on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18736600-4d2c-466d-862b-8f9576cc91dd.json b/objects/vulnerability/vulnerability--18736600-4d2c-466d-862b-8f9576cc91dd.json new file mode 100644 index 00000000000..3ad011b4e6e --- /dev/null +++ b/objects/vulnerability/vulnerability--18736600-4d2c-466d-862b-8f9576cc91dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9670051-edae-477e-9661-22dbeb230654", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18736600-4d2c-466d-862b-8f9576cc91dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.168972Z", + "modified": "2024-12-13T00:40:41.168972Z", + "name": "CVE-2024-54479", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18802efb-64da-42ff-9b10-7dc2bd64cbed.json b/objects/vulnerability/vulnerability--18802efb-64da-42ff-9b10-7dc2bd64cbed.json new file mode 100644 index 00000000000..c2b5caa7d31 --- /dev/null +++ b/objects/vulnerability/vulnerability--18802efb-64da-42ff-9b10-7dc2bd64cbed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2729ade1-3269-4d6a-b57e-50782055875c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18802efb-64da-42ff-9b10-7dc2bd64cbed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.487902Z", + "modified": "2024-12-13T00:40:39.487902Z", + "name": "CVE-2024-12341", + "description": "The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18838c68-b4c5-4289-b863-ad80435e9b95.json b/objects/vulnerability/vulnerability--18838c68-b4c5-4289-b863-ad80435e9b95.json new file mode 100644 index 00000000000..d4d11dc0086 --- /dev/null +++ b/objects/vulnerability/vulnerability--18838c68-b4c5-4289-b863-ad80435e9b95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f83faba-ac11-4f7c-b624-36f54feee875", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18838c68-b4c5-4289-b863-ad80435e9b95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.238716Z", + "modified": "2024-12-13T00:40:41.238716Z", + "name": "CVE-2024-55885", + "description": "beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55885" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18b69e0e-d9b0-42f2-8636-07062f403ac9.json b/objects/vulnerability/vulnerability--18b69e0e-d9b0-42f2-8636-07062f403ac9.json new file mode 100644 index 00000000000..7006a229d1c --- /dev/null +++ b/objects/vulnerability/vulnerability--18b69e0e-d9b0-42f2-8636-07062f403ac9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8003f5d2-77f2-406e-b804-d82aea8d6673", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18b69e0e-d9b0-42f2-8636-07062f403ac9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.395761Z", + "modified": "2024-12-13T00:40:40.395761Z", + "name": "CVE-2024-8179", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a698442-8fbe-40a3-83e2-00a294bc2f94.json b/objects/vulnerability/vulnerability--1a698442-8fbe-40a3-83e2-00a294bc2f94.json new file mode 100644 index 00000000000..c2b20bdf0c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a698442-8fbe-40a3-83e2-00a294bc2f94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcc3c532-9d8b-46e9-bc6c-7b883c6c9fbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a698442-8fbe-40a3-83e2-00a294bc2f94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.700325Z", + "modified": "2024-12-13T00:40:39.700325Z", + "name": "CVE-2024-47546", + "description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47546" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ad4a1e6-2269-4843-932d-7ff20c5cad35.json b/objects/vulnerability/vulnerability--1ad4a1e6-2269-4843-932d-7ff20c5cad35.json new file mode 100644 index 00000000000..75129656dd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ad4a1e6-2269-4843-932d-7ff20c5cad35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea468b99-505e-4fd2-8e9c-e7f6797af2bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ad4a1e6-2269-4843-932d-7ff20c5cad35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.469746Z", + "modified": "2024-12-13T00:40:39.469746Z", + "name": "CVE-2024-12160", + "description": "The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b3810bc-ba0a-4186-b9c4-4cf19c961dfd.json b/objects/vulnerability/vulnerability--1b3810bc-ba0a-4186-b9c4-4cf19c961dfd.json new file mode 100644 index 00000000000..f95356d203a --- /dev/null +++ b/objects/vulnerability/vulnerability--1b3810bc-ba0a-4186-b9c4-4cf19c961dfd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--022244d9-9104-4ed0-bc7b-6732299a57b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b3810bc-ba0a-4186-b9c4-4cf19c961dfd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.01984Z", + "modified": "2024-12-13T00:40:40.01984Z", + "name": "CVE-2024-11727", + "description": "The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11727" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ce49fb1-7339-4a24-ad8a-43816a0e3890.json b/objects/vulnerability/vulnerability--1ce49fb1-7339-4a24-ad8a-43816a0e3890.json new file mode 100644 index 00000000000..27ee92ff125 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ce49fb1-7339-4a24-ad8a-43816a0e3890.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a6369c4-2f6b-41de-a972-e03f6f3f4390", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ce49fb1-7339-4a24-ad8a-43816a0e3890", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.108043Z", + "modified": "2024-12-13T00:40:41.108043Z", + "name": "CVE-2024-54485", + "description": "The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d765fa1-b1ed-4246-a039-395446134570.json b/objects/vulnerability/vulnerability--1d765fa1-b1ed-4246-a039-395446134570.json new file mode 100644 index 00000000000..9d63138ea3a --- /dev/null +++ b/objects/vulnerability/vulnerability--1d765fa1-b1ed-4246-a039-395446134570.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65732479-c5cd-4c3b-80ca-82904913be20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d765fa1-b1ed-4246-a039-395446134570", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.73522Z", + "modified": "2024-12-13T00:40:39.73522Z", + "name": "CVE-2024-47238", + "description": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1deccc67-ede8-44c7-9ec4-3ea7a9aff721.json b/objects/vulnerability/vulnerability--1deccc67-ede8-44c7-9ec4-3ea7a9aff721.json new file mode 100644 index 00000000000..0cd2ed39c1f --- /dev/null +++ b/objects/vulnerability/vulnerability--1deccc67-ede8-44c7-9ec4-3ea7a9aff721.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a46a7207-b299-433b-bd1c-5407adf36502", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1deccc67-ede8-44c7-9ec4-3ea7a9aff721", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.731497Z", + "modified": "2024-12-13T00:40:39.731497Z", + "name": "CVE-2024-47776", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47776" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e0d7448-7c73-4fa1-9b20-4aa90d87b809.json b/objects/vulnerability/vulnerability--1e0d7448-7c73-4fa1-9b20-4aa90d87b809.json new file mode 100644 index 00000000000..fdc6dc15c7c --- /dev/null +++ b/objects/vulnerability/vulnerability--1e0d7448-7c73-4fa1-9b20-4aa90d87b809.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97430a3f-6290-4fc7-b995-50db49abc043", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e0d7448-7c73-4fa1-9b20-4aa90d87b809", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.203424Z", + "modified": "2024-12-13T00:40:40.203424Z", + "name": "CVE-2024-44243", + "description": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44243" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20323b87-2289-4cf7-8d39-f3772df67887.json b/objects/vulnerability/vulnerability--20323b87-2289-4cf7-8d39-f3772df67887.json new file mode 100644 index 00000000000..b19cc2af9e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--20323b87-2289-4cf7-8d39-f3772df67887.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f4dc5ea-7d41-49e2-9540-6875724f0cb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20323b87-2289-4cf7-8d39-f3772df67887", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.101347Z", + "modified": "2024-12-13T00:40:41.101347Z", + "name": "CVE-2024-54113", + "description": "Process residence vulnerability in abnormal scenarios in the print module\nImpact: Successful exploitation of this vulnerability may affect power consumption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20907ca5-ef97-4886-9886-e11ef15f3958.json b/objects/vulnerability/vulnerability--20907ca5-ef97-4886-9886-e11ef15f3958.json new file mode 100644 index 00000000000..84287c7b35d --- /dev/null +++ b/objects/vulnerability/vulnerability--20907ca5-ef97-4886-9886-e11ef15f3958.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb7bcce5-d3fc-47d5-88ae-f45b67444451", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20907ca5-ef97-4886-9886-e11ef15f3958", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.065222Z", + "modified": "2024-12-13T00:40:41.065222Z", + "name": "CVE-2024-54528", + "description": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20ae8dcc-3143-4292-8d14-c9acac3ce6f7.json b/objects/vulnerability/vulnerability--20ae8dcc-3143-4292-8d14-c9acac3ce6f7.json new file mode 100644 index 00000000000..a5defbb7a34 --- /dev/null +++ b/objects/vulnerability/vulnerability--20ae8dcc-3143-4292-8d14-c9acac3ce6f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10761600-a671-429e-895d-ea981a0ed021", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20ae8dcc-3143-4292-8d14-c9acac3ce6f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.127538Z", + "modified": "2024-12-13T00:40:41.127538Z", + "name": "CVE-2024-54505", + "description": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54505" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20d74532-41e8-4a1b-ae02-b75f645e9c53.json b/objects/vulnerability/vulnerability--20d74532-41e8-4a1b-ae02-b75f645e9c53.json new file mode 100644 index 00000000000..7283a1892a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--20d74532-41e8-4a1b-ae02-b75f645e9c53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0dd70c2d-8f1a-4f9b-a878-b8afc00eeedb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20d74532-41e8-4a1b-ae02-b75f645e9c53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.158612Z", + "modified": "2024-12-13T00:40:41.158612Z", + "name": "CVE-2024-54471", + "description": "This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--220566ee-fa25-43e6-8709-aeb671dedcd7.json b/objects/vulnerability/vulnerability--220566ee-fa25-43e6-8709-aeb671dedcd7.json new file mode 100644 index 00000000000..30556e3dbbe --- /dev/null +++ b/objects/vulnerability/vulnerability--220566ee-fa25-43e6-8709-aeb671dedcd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf129906-7040-4e1e-9382-697bea2ea7b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--220566ee-fa25-43e6-8709-aeb671dedcd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.077183Z", + "modified": "2024-12-13T00:40:41.077183Z", + "name": "CVE-2024-54491", + "description": "The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22e4178c-0d1b-44ef-88c1-2bd0e15261f0.json b/objects/vulnerability/vulnerability--22e4178c-0d1b-44ef-88c1-2bd0e15261f0.json new file mode 100644 index 00000000000..90b31ae71c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--22e4178c-0d1b-44ef-88c1-2bd0e15261f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9f2a5c1-13b7-4e95-b6a8-9ce79f8624b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22e4178c-0d1b-44ef-88c1-2bd0e15261f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.49807Z", + "modified": "2024-12-13T00:40:39.49807Z", + "name": "CVE-2024-12397", + "description": "A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with\ncertain value-delimiting characters in incoming requests. This issue could\nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie\nvalues or spoof arbitrary additional cookie values, leading to unauthorized\ndata access or modification. The main threat from this flaw impacts data\nconfidentiality and integrity.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12397" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25785888-2fe6-44ef-863c-cbadb6403562.json b/objects/vulnerability/vulnerability--25785888-2fe6-44ef-863c-cbadb6403562.json new file mode 100644 index 00000000000..20608ad6e64 --- /dev/null +++ b/objects/vulnerability/vulnerability--25785888-2fe6-44ef-863c-cbadb6403562.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eefdd2ea-fecd-45be-b1ef-3244e67bb0a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25785888-2fe6-44ef-863c-cbadb6403562", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.169539Z", + "modified": "2024-12-13T00:40:40.169539Z", + "name": "CVE-2024-44291", + "description": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44291" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--272f7a37-8f0e-47e6-8555-0700ef8c4320.json b/objects/vulnerability/vulnerability--272f7a37-8f0e-47e6-8555-0700ef8c4320.json new file mode 100644 index 00000000000..817fdbd42fb --- /dev/null +++ b/objects/vulnerability/vulnerability--272f7a37-8f0e-47e6-8555-0700ef8c4320.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c526fe24-51e6-4cac-b77a-5cb853b2cb61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--272f7a37-8f0e-47e6-8555-0700ef8c4320", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.145667Z", + "modified": "2024-12-13T00:40:41.145667Z", + "name": "CVE-2024-54486", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27ed8732-bf86-414d-ac6e-17afd732a0ed.json b/objects/vulnerability/vulnerability--27ed8732-bf86-414d-ac6e-17afd732a0ed.json new file mode 100644 index 00000000000..7be5a722084 --- /dev/null +++ b/objects/vulnerability/vulnerability--27ed8732-bf86-414d-ac6e-17afd732a0ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1273ff36-076a-466f-aba9-c6ba051f7cfc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27ed8732-bf86-414d-ac6e-17afd732a0ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.486986Z", + "modified": "2024-12-13T00:40:39.486986Z", + "name": "CVE-2024-12570", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12570" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a5ade12-1ec4-488d-bfc5-54744aa229db.json b/objects/vulnerability/vulnerability--2a5ade12-1ec4-488d-bfc5-54744aa229db.json new file mode 100644 index 00000000000..1a0224ed5a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a5ade12-1ec4-488d-bfc5-54744aa229db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6147946-1824-4225-90da-fd96527d5874", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a5ade12-1ec4-488d-bfc5-54744aa229db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.273481Z", + "modified": "2024-12-13T00:40:41.273481Z", + "name": "CVE-2024-49147", + "description": "Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49147" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c06863c-9324-4c81-8c04-e69ad9719639.json b/objects/vulnerability/vulnerability--2c06863c-9324-4c81-8c04-e69ad9719639.json new file mode 100644 index 00000000000..31a479ed4e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c06863c-9324-4c81-8c04-e69ad9719639.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08a804d5-368f-4df7-9dda-aa1d21ab1714", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c06863c-9324-4c81-8c04-e69ad9719639", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.454443Z", + "modified": "2024-12-13T00:40:39.454443Z", + "name": "CVE-2024-12485", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2df3d5d9-e772-4933-b718-03668257ae02.json b/objects/vulnerability/vulnerability--2df3d5d9-e772-4933-b718-03668257ae02.json new file mode 100644 index 00000000000..264d5c83c6c --- /dev/null +++ b/objects/vulnerability/vulnerability--2df3d5d9-e772-4933-b718-03668257ae02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--394a7b24-c3d2-426f-903a-0e60282153fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2df3d5d9-e772-4933-b718-03668257ae02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.014116Z", + "modified": "2024-12-13T00:40:40.014116Z", + "name": "CVE-2024-11274", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e7c284c-59a0-4641-9ba2-5faf87a46450.json b/objects/vulnerability/vulnerability--2e7c284c-59a0-4641-9ba2-5faf87a46450.json new file mode 100644 index 00000000000..e360a0ab308 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e7c284c-59a0-4641-9ba2-5faf87a46450.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d58d617-eca9-499a-8f46-cd1ad96eab17", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e7c284c-59a0-4641-9ba2-5faf87a46450", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.07494Z", + "modified": "2024-12-13T00:40:40.07494Z", + "name": "CVE-2024-11419", + "description": "The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the get3_init_admin_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11419" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f55f7ab-df7d-4491-967e-c184a581ff71.json b/objects/vulnerability/vulnerability--2f55f7ab-df7d-4491-967e-c184a581ff71.json new file mode 100644 index 00000000000..70ba0d2a14a --- /dev/null +++ b/objects/vulnerability/vulnerability--2f55f7ab-df7d-4491-967e-c184a581ff71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7255c848-adfb-47a6-b151-1b1b43993de6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f55f7ab-df7d-4491-967e-c184a581ff71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.386212Z", + "modified": "2024-12-13T00:40:39.386212Z", + "name": "CVE-2024-45404", + "description": "OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30cb05bf-be92-4f27-8cf6-4800e793a6d2.json b/objects/vulnerability/vulnerability--30cb05bf-be92-4f27-8cf6-4800e793a6d2.json new file mode 100644 index 00000000000..5ca12b60995 --- /dev/null +++ b/objects/vulnerability/vulnerability--30cb05bf-be92-4f27-8cf6-4800e793a6d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d626d23-3a9c-452a-98d7-bc65e3e3d180", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30cb05bf-be92-4f27-8cf6-4800e793a6d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.470725Z", + "modified": "2024-12-13T00:40:39.470725Z", + "name": "CVE-2024-12481", + "description": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\UserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--314d6dcc-7e80-4e1b-a0a6-81ba9253cc82.json b/objects/vulnerability/vulnerability--314d6dcc-7e80-4e1b-a0a6-81ba9253cc82.json new file mode 100644 index 00000000000..f391c73d009 --- /dev/null +++ b/objects/vulnerability/vulnerability--314d6dcc-7e80-4e1b-a0a6-81ba9253cc82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e205dd59-aa0b-44b7-bded-8754b8db10d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--314d6dcc-7e80-4e1b-a0a6-81ba9253cc82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.096996Z", + "modified": "2024-12-13T00:40:41.096996Z", + "name": "CVE-2024-54098", + "description": "Service logic error vulnerability in the system service module\nImpact: Successful exploitation of this vulnerability may affect service integrity.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--337b862e-3bfd-4cb5-a342-eede8684f664.json b/objects/vulnerability/vulnerability--337b862e-3bfd-4cb5-a342-eede8684f664.json new file mode 100644 index 00000000000..65beb0d6b47 --- /dev/null +++ b/objects/vulnerability/vulnerability--337b862e-3bfd-4cb5-a342-eede8684f664.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--854a86fa-4096-4da6-a688-1b7206433e5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--337b862e-3bfd-4cb5-a342-eede8684f664", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.463075Z", + "modified": "2024-12-13T00:40:39.463075Z", + "name": "CVE-2024-12271", + "description": "The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12271" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--356a062e-2263-4577-8c31-5335884cd660.json b/objects/vulnerability/vulnerability--356a062e-2263-4577-8c31-5335884cd660.json new file mode 100644 index 00000000000..6f79d29f8dc --- /dev/null +++ b/objects/vulnerability/vulnerability--356a062e-2263-4577-8c31-5335884cd660.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6e63d57-0db6-4862-a85c-9313d9cfe3a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--356a062e-2263-4577-8c31-5335884cd660", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.030418Z", + "modified": "2024-12-13T00:40:40.030418Z", + "name": "CVE-2024-11709", + "description": "The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary pages and posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--381b5acb-b0c7-4ee4-9234-17050aaa1126.json b/objects/vulnerability/vulnerability--381b5acb-b0c7-4ee4-9234-17050aaa1126.json new file mode 100644 index 00000000000..77fd0d8f3af --- /dev/null +++ b/objects/vulnerability/vulnerability--381b5acb-b0c7-4ee4-9234-17050aaa1126.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--efd1e972-f8a9-4d8d-8af7-ce14e7eab67a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--381b5acb-b0c7-4ee4-9234-17050aaa1126", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.504092Z", + "modified": "2024-12-13T00:40:39.504092Z", + "name": "CVE-2024-12258", + "description": "The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3850c93f-7aa2-405d-a385-390dbe3ec62c.json b/objects/vulnerability/vulnerability--3850c93f-7aa2-405d-a385-390dbe3ec62c.json new file mode 100644 index 00000000000..7b860ac6be2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3850c93f-7aa2-405d-a385-390dbe3ec62c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e505dd4a-a59f-4091-9208-5a9562d1c329", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3850c93f-7aa2-405d-a385-390dbe3ec62c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.451948Z", + "modified": "2024-12-13T00:40:39.451948Z", + "name": "CVE-2024-12265", + "description": "The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attackers to retrieve debug infromation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12265" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b049ccb-00f0-488f-b30b-c6508cfd4148.json b/objects/vulnerability/vulnerability--3b049ccb-00f0-488f-b30b-c6508cfd4148.json new file mode 100644 index 00000000000..2225be5f081 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b049ccb-00f0-488f-b30b-c6508cfd4148.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3784757-cfb2-4d75-b941-2146a2292795", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b049ccb-00f0-488f-b30b-c6508cfd4148", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.213835Z", + "modified": "2024-12-13T00:40:41.213835Z", + "name": "CVE-2024-55886", + "description": "OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication plugins will not perform authentication. This allows unauthorized users to ingest OpenTelemetry Logs data under certain conditions. This vulnerability does not affect the built-in `http_basic` authentication provider in Data Prepper. Pipelines which use the `http_basic` authentication provider continue to require authentication. The vulnerability exists only for custom implementations of Data Prepper’s `GrpcAuthenticationProvider` authentication plugin which implement the `getHttpAuthenticationService()` method instead of `getAuthenticationInterceptor()`. Data Prepper 2.10.2 contains a fix for this issue. For those unable to upgrade, one may use the built-in `http_basic` authentication provider in Data Prepper and/or add an authentication proxy in front of one's Data Prepper instances running the OpenTelemetry Logs source.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3be64166-2115-4292-b64c-66054115a240.json b/objects/vulnerability/vulnerability--3be64166-2115-4292-b64c-66054115a240.json new file mode 100644 index 00000000000..4665aee5d52 --- /dev/null +++ b/objects/vulnerability/vulnerability--3be64166-2115-4292-b64c-66054115a240.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fb6fbae-2afd-40f8-8c61-3461942d1918", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3be64166-2115-4292-b64c-66054115a240", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.205972Z", + "modified": "2024-12-13T00:40:40.205972Z", + "name": "CVE-2024-44242", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44242" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3de35a4b-7c5f-439d-bce8-aaf4f4febc10.json b/objects/vulnerability/vulnerability--3de35a4b-7c5f-439d-bce8-aaf4f4febc10.json new file mode 100644 index 00000000000..be767287e03 --- /dev/null +++ b/objects/vulnerability/vulnerability--3de35a4b-7c5f-439d-bce8-aaf4f4febc10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02a17949-b5eb-4f88-8ae4-a6e70863d551", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3de35a4b-7c5f-439d-bce8-aaf4f4febc10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.160098Z", + "modified": "2024-12-13T00:40:40.160098Z", + "name": "CVE-2024-44300", + "description": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e029fb1-5f34-4f29-bbd8-81fd2e61fd66.json b/objects/vulnerability/vulnerability--3e029fb1-5f34-4f29-bbd8-81fd2e61fd66.json new file mode 100644 index 00000000000..2bf8fa8eb2d --- /dev/null +++ b/objects/vulnerability/vulnerability--3e029fb1-5f34-4f29-bbd8-81fd2e61fd66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94b6c2fe-9499-4d57-9e7f-c14a5278b317", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e029fb1-5f34-4f29-bbd8-81fd2e61fd66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.460734Z", + "modified": "2024-12-13T00:40:41.460734Z", + "name": "CVE-2024-36494", + "description": "Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e472c7d-a16e-4a05-a8a3-53b2eb8d8ce7.json b/objects/vulnerability/vulnerability--3e472c7d-a16e-4a05-a8a3-53b2eb8d8ce7.json new file mode 100644 index 00000000000..a3f57202765 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e472c7d-a16e-4a05-a8a3-53b2eb8d8ce7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3eaf8446-f60d-4a7d-9a12-368c49c48374", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e472c7d-a16e-4a05-a8a3-53b2eb8d8ce7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.109134Z", + "modified": "2024-12-13T00:40:41.109134Z", + "name": "CVE-2024-54474", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41566b86-c8b1-4fed-a418-80f7e2887b83.json b/objects/vulnerability/vulnerability--41566b86-c8b1-4fed-a418-80f7e2887b83.json new file mode 100644 index 00000000000..0a572d1243c --- /dev/null +++ b/objects/vulnerability/vulnerability--41566b86-c8b1-4fed-a418-80f7e2887b83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0507ef04-be0d-4226-875e-4e800ee8ee4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41566b86-c8b1-4fed-a418-80f7e2887b83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.567984Z", + "modified": "2024-12-13T00:40:39.567984Z", + "name": "CVE-2024-10637", + "description": "The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41dc973d-5c95-4117-86e6-f727af76ad1e.json b/objects/vulnerability/vulnerability--41dc973d-5c95-4117-86e6-f727af76ad1e.json new file mode 100644 index 00000000000..9356c7fcded --- /dev/null +++ b/objects/vulnerability/vulnerability--41dc973d-5c95-4117-86e6-f727af76ad1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f5128df-72f6-4bee-8adc-f859fc7e3078", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41dc973d-5c95-4117-86e6-f727af76ad1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.033228Z", + "modified": "2024-12-13T00:40:40.033228Z", + "name": "CVE-2024-11683", + "description": "The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--436ecb5d-2966-4ddb-b0c9-11b023c277a5.json b/objects/vulnerability/vulnerability--436ecb5d-2966-4ddb-b0c9-11b023c277a5.json new file mode 100644 index 00000000000..6520c474eb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--436ecb5d-2966-4ddb-b0c9-11b023c277a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8f61542-de9b-4e76-8519-4e47e0bc4bdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--436ecb5d-2966-4ddb-b0c9-11b023c277a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.458601Z", + "modified": "2024-12-13T00:40:39.458601Z", + "name": "CVE-2024-12401", + "description": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45e47edb-74a9-46ed-9f24-5b4a2e6f4199.json b/objects/vulnerability/vulnerability--45e47edb-74a9-46ed-9f24-5b4a2e6f4199.json new file mode 100644 index 00000000000..192688360ec --- /dev/null +++ b/objects/vulnerability/vulnerability--45e47edb-74a9-46ed-9f24-5b4a2e6f4199.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a91f1700-aa95-41e9-9261-54483b74f0a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45e47edb-74a9-46ed-9f24-5b4a2e6f4199", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.755919Z", + "modified": "2024-12-13T00:40:39.755919Z", + "name": "CVE-2024-47598", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45eafda9-3b30-49b2-b5e0-3f47909851b1.json b/objects/vulnerability/vulnerability--45eafda9-3b30-49b2-b5e0-3f47909851b1.json new file mode 100644 index 00000000000..c9512143261 --- /dev/null +++ b/objects/vulnerability/vulnerability--45eafda9-3b30-49b2-b5e0-3f47909851b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--971e1489-39a6-44b4-8151-286b2f8a87ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45eafda9-3b30-49b2-b5e0-3f47909851b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.180014Z", + "modified": "2024-12-13T00:40:41.180014Z", + "name": "CVE-2024-54109", + "description": "Read/Write vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54109" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--464441b9-6b21-4ef8-92a6-21a394688bf1.json b/objects/vulnerability/vulnerability--464441b9-6b21-4ef8-92a6-21a394688bf1.json new file mode 100644 index 00000000000..22767e1151f --- /dev/null +++ b/objects/vulnerability/vulnerability--464441b9-6b21-4ef8-92a6-21a394688bf1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d0441f6-52e5-4927-b1b5-5e701fbfed44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--464441b9-6b21-4ef8-92a6-21a394688bf1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.15639Z", + "modified": "2024-12-13T00:40:41.15639Z", + "name": "CVE-2024-54490", + "description": "This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--485abf6b-3ee5-4b83-b2a1-40e0e5868e41.json b/objects/vulnerability/vulnerability--485abf6b-3ee5-4b83-b2a1-40e0e5868e41.json new file mode 100644 index 00000000000..a742ba0c38d --- /dev/null +++ b/objects/vulnerability/vulnerability--485abf6b-3ee5-4b83-b2a1-40e0e5868e41.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--631459b1-7f29-4ef9-87e2-c32b1312199c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--485abf6b-3ee5-4b83-b2a1-40e0e5868e41", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.106734Z", + "modified": "2024-12-13T00:40:41.106734Z", + "name": "CVE-2024-54097", + "description": "Security vulnerability in the HiView module\nImpact: Successful exploitation of this vulnerability may affect feature implementation and integrity.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54097" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--488bd216-8250-40d8-b0f5-b8cac55756dd.json b/objects/vulnerability/vulnerability--488bd216-8250-40d8-b0f5-b8cac55756dd.json new file mode 100644 index 00000000000..1087a95e79a --- /dev/null +++ b/objects/vulnerability/vulnerability--488bd216-8250-40d8-b0f5-b8cac55756dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed7aea51-6835-4b9e-993f-70a666c0c673", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--488bd216-8250-40d8-b0f5-b8cac55756dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.729157Z", + "modified": "2024-12-13T00:40:39.729157Z", + "name": "CVE-2024-47777", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47777" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4910daec-b8a0-484b-86d3-40b611ce2176.json b/objects/vulnerability/vulnerability--4910daec-b8a0-484b-86d3-40b611ce2176.json new file mode 100644 index 00000000000..498aeb13240 --- /dev/null +++ b/objects/vulnerability/vulnerability--4910daec-b8a0-484b-86d3-40b611ce2176.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23b448c8-6a87-46dc-af5b-e5e3ee90cfb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4910daec-b8a0-484b-86d3-40b611ce2176", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.171407Z", + "modified": "2024-12-13T00:40:40.171407Z", + "name": "CVE-2024-44225", + "description": "A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c306e13-a7ab-4022-9885-4b2cb716624d.json b/objects/vulnerability/vulnerability--4c306e13-a7ab-4022-9885-4b2cb716624d.json new file mode 100644 index 00000000000..a548d8f32b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c306e13-a7ab-4022-9885-4b2cb716624d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef0430d5-260e-42bf-b1f9-247aa7ef2184", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c306e13-a7ab-4022-9885-4b2cb716624d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.0635Z", + "modified": "2024-12-13T00:40:41.0635Z", + "name": "CVE-2024-54118", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54118" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c88b0ef-9368-4074-9404-d54aa26894df.json b/objects/vulnerability/vulnerability--4c88b0ef-9368-4074-9404-d54aa26894df.json new file mode 100644 index 00000000000..cebc23d9667 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c88b0ef-9368-4074-9404-d54aa26894df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e12e312b-de30-4b6e-bd44-7707ab2bed1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c88b0ef-9368-4074-9404-d54aa26894df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.240635Z", + "modified": "2024-12-13T00:40:41.240635Z", + "name": "CVE-2024-55652", + "description": "PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d4d4e41-6524-4924-9bff-1c732a38b895.json b/objects/vulnerability/vulnerability--4d4d4e41-6524-4924-9bff-1c732a38b895.json new file mode 100644 index 00000000000..4d5fceef853 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d4d4e41-6524-4924-9bff-1c732a38b895.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f1a82eb-47e3-41da-b3c7-7b07dac76a3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d4d4e41-6524-4924-9bff-1c732a38b895", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.140396Z", + "modified": "2024-12-13T00:40:41.140396Z", + "name": "CVE-2024-54114", + "description": "Out-of-bounds access vulnerability in playback in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e2d645c-b16b-4e7c-b462-3952ad06e3f3.json b/objects/vulnerability/vulnerability--4e2d645c-b16b-4e7c-b462-3952ad06e3f3.json new file mode 100644 index 00000000000..25f1edbd60b --- /dev/null +++ b/objects/vulnerability/vulnerability--4e2d645c-b16b-4e7c-b462-3952ad06e3f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83fcb5e6-069d-4aaf-9a64-df0a5050b3cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e2d645c-b16b-4e7c-b462-3952ad06e3f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.481915Z", + "modified": "2024-12-13T00:40:39.481915Z", + "name": "CVE-2024-12018", + "description": "The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f7f9ef4-2a15-4d28-a32c-2fef43bf4ad9.json b/objects/vulnerability/vulnerability--4f7f9ef4-2a15-4d28-a32c-2fef43bf4ad9.json new file mode 100644 index 00000000000..d30b308bab6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4f7f9ef4-2a15-4d28-a32c-2fef43bf4ad9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03e85d87-57c3-43b5-a53c-386c8be7119f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f7f9ef4-2a15-4d28-a32c-2fef43bf4ad9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.167651Z", + "modified": "2024-12-13T00:40:40.167651Z", + "name": "CVE-2024-44245", + "description": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44245" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fbd0de2-d55f-4820-9e54-15dcdb950aca.json b/objects/vulnerability/vulnerability--4fbd0de2-d55f-4820-9e54-15dcdb950aca.json new file mode 100644 index 00000000000..edc2955fdc6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fbd0de2-d55f-4820-9e54-15dcdb950aca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a37ea3c-e188-4260-af96-00fde4c067a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fbd0de2-d55f-4820-9e54-15dcdb950aca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.201346Z", + "modified": "2024-12-13T00:40:40.201346Z", + "name": "CVE-2024-44299", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50485fbd-e67a-4335-bc1e-bc66eeea0e9d.json b/objects/vulnerability/vulnerability--50485fbd-e67a-4335-bc1e-bc66eeea0e9d.json new file mode 100644 index 00000000000..360dd401cbc --- /dev/null +++ b/objects/vulnerability/vulnerability--50485fbd-e67a-4335-bc1e-bc66eeea0e9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f355e5b5-c0d9-47df-afb9-887e5e983511", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50485fbd-e67a-4335-bc1e-bc66eeea0e9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.804709Z", + "modified": "2024-12-13T00:40:41.804709Z", + "name": "CVE-2024-28142", + "description": "Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The \"File Name\" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the \"file name\" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins.\n\n\n\n\n\n\n\n\n\nThis attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the \"Default\" User can be changed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--539c3267-29a0-4c5a-a23e-1a3fc297683a.json b/objects/vulnerability/vulnerability--539c3267-29a0-4c5a-a23e-1a3fc297683a.json new file mode 100644 index 00000000000..c25b051c9fc --- /dev/null +++ b/objects/vulnerability/vulnerability--539c3267-29a0-4c5a-a23e-1a3fc297683a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99ba102a-684f-4161-9d47-43239d12ca7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--539c3267-29a0-4c5a-a23e-1a3fc297683a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.235753Z", + "modified": "2024-12-13T00:40:41.235753Z", + "name": "CVE-2024-55875", + "description": "http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--561ed63a-62c9-44a5-877c-4ed27bfc4528.json b/objects/vulnerability/vulnerability--561ed63a-62c9-44a5-877c-4ed27bfc4528.json new file mode 100644 index 00000000000..63155e2c9e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--561ed63a-62c9-44a5-877c-4ed27bfc4528.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbf7f2c3-0071-4231-a128-19abb8d55a2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--561ed63a-62c9-44a5-877c-4ed27bfc4528", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.617812Z", + "modified": "2024-12-13T00:40:39.617812Z", + "name": "CVE-2024-9641", + "description": "The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56b5edfa-ef4f-421b-a670-2cf5811986a9.json b/objects/vulnerability/vulnerability--56b5edfa-ef4f-421b-a670-2cf5811986a9.json new file mode 100644 index 00000000000..293dc98295c --- /dev/null +++ b/objects/vulnerability/vulnerability--56b5edfa-ef4f-421b-a670-2cf5811986a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c01b6b97-ae5f-4e81-bd0a-05788a0e10b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56b5edfa-ef4f-421b-a670-2cf5811986a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.467108Z", + "modified": "2024-12-13T00:40:39.467108Z", + "name": "CVE-2024-12487", + "description": "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57355186-aebe-4d9b-a450-1af88e628144.json b/objects/vulnerability/vulnerability--57355186-aebe-4d9b-a450-1af88e628144.json new file mode 100644 index 00000000000..82f90f93be7 --- /dev/null +++ b/objects/vulnerability/vulnerability--57355186-aebe-4d9b-a450-1af88e628144.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3015b538-2f04-4027-ab79-de8835a752e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57355186-aebe-4d9b-a450-1af88e628144", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.178986Z", + "modified": "2024-12-13T00:40:41.178986Z", + "name": "CVE-2024-54110", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--575be975-124c-43ef-9342-a190c47aeae9.json b/objects/vulnerability/vulnerability--575be975-124c-43ef-9342-a190c47aeae9.json new file mode 100644 index 00000000000..69b4c1d3e27 --- /dev/null +++ b/objects/vulnerability/vulnerability--575be975-124c-43ef-9342-a190c47aeae9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5323b6e3-e2dd-4908-9819-139b8cc941ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--575be975-124c-43ef-9342-a190c47aeae9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.791397Z", + "modified": "2024-12-13T00:40:40.791397Z", + "name": "CVE-2024-21575", + "description": "ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21575" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5864c89e-10a8-43a1-b29d-61616554161f.json b/objects/vulnerability/vulnerability--5864c89e-10a8-43a1-b29d-61616554161f.json new file mode 100644 index 00000000000..aa0ee570da3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5864c89e-10a8-43a1-b29d-61616554161f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10e46dd4-68a0-43b3-970e-9da35448d5ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5864c89e-10a8-43a1-b29d-61616554161f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.556129Z", + "modified": "2024-12-13T00:40:41.556129Z", + "name": "CVE-2024-42407", + "description": "Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. \n\nThis issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42407" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5901bcd9-9739-4437-975c-cbabeb24e5c8.json b/objects/vulnerability/vulnerability--5901bcd9-9739-4437-975c-cbabeb24e5c8.json new file mode 100644 index 00000000000..9964d9cd3c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--5901bcd9-9739-4437-975c-cbabeb24e5c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ebf151a-5835-4fdd-8b77-9823f417972e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5901bcd9-9739-4437-975c-cbabeb24e5c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.429994Z", + "modified": "2024-12-13T00:40:39.429994Z", + "name": "CVE-2024-12463", + "description": "The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59368897-fc90-41bc-a386-b51c2091109b.json b/objects/vulnerability/vulnerability--59368897-fc90-41bc-a386-b51c2091109b.json new file mode 100644 index 00000000000..eb3644e5920 --- /dev/null +++ b/objects/vulnerability/vulnerability--59368897-fc90-41bc-a386-b51c2091109b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--412eb52b-0365-4344-92bc-0636ef374a83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59368897-fc90-41bc-a386-b51c2091109b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.170978Z", + "modified": "2024-12-13T00:40:41.170978Z", + "name": "CVE-2024-54100", + "description": "Vulnerability of improper access control in the secure input module\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54100" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--594b9cf8-1d60-4279-bb49-b4d9c8d1b41a.json b/objects/vulnerability/vulnerability--594b9cf8-1d60-4279-bb49-b4d9c8d1b41a.json new file mode 100644 index 00000000000..a122b0a3b82 --- /dev/null +++ b/objects/vulnerability/vulnerability--594b9cf8-1d60-4279-bb49-b4d9c8d1b41a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97967db4-62e2-4ee8-8787-c514a1828b01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--594b9cf8-1d60-4279-bb49-b4d9c8d1b41a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.234004Z", + "modified": "2024-12-13T00:40:41.234004Z", + "name": "CVE-2024-55099", + "description": "A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a4334f0-1232-4710-bdcf-75312697ca8b.json b/objects/vulnerability/vulnerability--5a4334f0-1232-4710-bdcf-75312697ca8b.json new file mode 100644 index 00000000000..01f4600487e --- /dev/null +++ b/objects/vulnerability/vulnerability--5a4334f0-1232-4710-bdcf-75312697ca8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e49513a2-be75-48af-a576-f372c3ed6cdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a4334f0-1232-4710-bdcf-75312697ca8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.446535Z", + "modified": "2024-12-13T00:40:39.446535Z", + "name": "CVE-2024-12536", + "description": "A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e55db8c-175b-4775-a90d-4b5c5c660f2e.json b/objects/vulnerability/vulnerability--5e55db8c-175b-4775-a90d-4b5c5c660f2e.json new file mode 100644 index 00000000000..96819d5605f --- /dev/null +++ b/objects/vulnerability/vulnerability--5e55db8c-175b-4775-a90d-4b5c5c660f2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9859069-7881-43e1-b16b-2dcd390740a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e55db8c-175b-4775-a90d-4b5c5c660f2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.026066Z", + "modified": "2024-12-13T00:40:40.026066Z", + "name": "CVE-2024-11430", + "description": "The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11430" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e66a160-0717-439b-87f3-ab19bd88ccad.json b/objects/vulnerability/vulnerability--5e66a160-0717-439b-87f3-ab19bd88ccad.json new file mode 100644 index 00000000000..1b14a13323b --- /dev/null +++ b/objects/vulnerability/vulnerability--5e66a160-0717-439b-87f3-ab19bd88ccad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20b0b706-f230-489c-8fb3-22ac935e125a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e66a160-0717-439b-87f3-ab19bd88ccad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.088852Z", + "modified": "2024-12-13T00:40:41.088852Z", + "name": "CVE-2024-54514", + "description": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ec6e214-0c50-490c-88d2-fd6dca2871f0.json b/objects/vulnerability/vulnerability--5ec6e214-0c50-490c-88d2-fd6dca2871f0.json new file mode 100644 index 00000000000..b2eaa38bd2a --- /dev/null +++ b/objects/vulnerability/vulnerability--5ec6e214-0c50-490c-88d2-fd6dca2871f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78dfb0ae-3c2b-4edd-a9b1-423fbac6aa47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ec6e214-0c50-490c-88d2-fd6dca2871f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.683188Z", + "modified": "2024-12-13T00:40:40.683188Z", + "name": "CVE-2024-41146", + "description": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f5f8eda-8333-49ae-80fc-e6f35932913d.json b/objects/vulnerability/vulnerability--5f5f8eda-8333-49ae-80fc-e6f35932913d.json new file mode 100644 index 00000000000..0be61af0b9c --- /dev/null +++ b/objects/vulnerability/vulnerability--5f5f8eda-8333-49ae-80fc-e6f35932913d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a27d516c-02e9-4c97-b32e-9d02bdf6a145", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f5f8eda-8333-49ae-80fc-e6f35932913d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.433728Z", + "modified": "2024-12-13T00:40:39.433728Z", + "name": "CVE-2024-12162", + "description": "The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f8b22a6-eded-4e36-8a4a-9bccf7791f7c.json b/objects/vulnerability/vulnerability--5f8b22a6-eded-4e36-8a4a-9bccf7791f7c.json new file mode 100644 index 00000000000..5c894f48451 --- /dev/null +++ b/objects/vulnerability/vulnerability--5f8b22a6-eded-4e36-8a4a-9bccf7791f7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e48fbef-1677-4f16-88fe-99008d986ce8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f8b22a6-eded-4e36-8a4a-9bccf7791f7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.161372Z", + "modified": "2024-12-13T00:40:40.161372Z", + "name": "CVE-2024-44248", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--610c0cf0-f83f-4f71-95da-e794f7b11729.json b/objects/vulnerability/vulnerability--610c0cf0-f83f-4f71-95da-e794f7b11729.json new file mode 100644 index 00000000000..745f0e3dcec --- /dev/null +++ b/objects/vulnerability/vulnerability--610c0cf0-f83f-4f71-95da-e794f7b11729.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a977127-4bb8-46d5-b95c-f4a3a0e50cd8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--610c0cf0-f83f-4f71-95da-e794f7b11729", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.705276Z", + "modified": "2024-12-13T00:40:39.705276Z", + "name": "CVE-2024-47774", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61f553b1-738b-478a-97b3-1bd8a22f998e.json b/objects/vulnerability/vulnerability--61f553b1-738b-478a-97b3-1bd8a22f998e.json new file mode 100644 index 00000000000..ded005095e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--61f553b1-738b-478a-97b3-1bd8a22f998e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6509732-2a76-42ce-8159-45a7590f4847", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61f553b1-738b-478a-97b3-1bd8a22f998e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.175209Z", + "modified": "2024-12-13T00:40:41.175209Z", + "name": "CVE-2024-54466", + "description": "An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62137494-b2dd-494b-aa8b-6e0707a3aeae.json b/objects/vulnerability/vulnerability--62137494-b2dd-494b-aa8b-6e0707a3aeae.json new file mode 100644 index 00000000000..9eac6d03517 --- /dev/null +++ b/objects/vulnerability/vulnerability--62137494-b2dd-494b-aa8b-6e0707a3aeae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71785203-ee1e-4e15-a563-e132712f7b4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62137494-b2dd-494b-aa8b-6e0707a3aeae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.766564Z", + "modified": "2024-12-13T00:40:41.766564Z", + "name": "CVE-2024-28144", + "description": "An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62f660d5-25e1-4767-bf86-1920f8a4c2ff.json b/objects/vulnerability/vulnerability--62f660d5-25e1-4767-bf86-1920f8a4c2ff.json new file mode 100644 index 00000000000..530c3aab825 --- /dev/null +++ b/objects/vulnerability/vulnerability--62f660d5-25e1-4767-bf86-1920f8a4c2ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4e27f52-484f-45b1-93ab-cc7e37aaeab7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62f660d5-25e1-4767-bf86-1920f8a4c2ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.05292Z", + "modified": "2024-12-13T00:40:40.05292Z", + "name": "CVE-2024-11901", + "description": "The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--630366a0-d8df-4d23-9ae2-ea50535acc19.json b/objects/vulnerability/vulnerability--630366a0-d8df-4d23-9ae2-ea50535acc19.json new file mode 100644 index 00000000000..dc99500b108 --- /dev/null +++ b/objects/vulnerability/vulnerability--630366a0-d8df-4d23-9ae2-ea50535acc19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9644674c-2b78-4234-8b4f-bb8a3147f8e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--630366a0-d8df-4d23-9ae2-ea50535acc19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.733169Z", + "modified": "2024-12-13T00:40:39.733169Z", + "name": "CVE-2024-47602", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63dec0a9-d24c-4dff-b722-293d03b80f56.json b/objects/vulnerability/vulnerability--63dec0a9-d24c-4dff-b722-293d03b80f56.json new file mode 100644 index 00000000000..e52cd39fd56 --- /dev/null +++ b/objects/vulnerability/vulnerability--63dec0a9-d24c-4dff-b722-293d03b80f56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b63dcb1b-9c4b-4d89-af5c-a6bf756ec555", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63dec0a9-d24c-4dff-b722-293d03b80f56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.485653Z", + "modified": "2024-12-13T00:40:39.485653Z", + "name": "CVE-2024-12329", + "description": "The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6612f77b-29de-4c6f-8afe-88695073a15d.json b/objects/vulnerability/vulnerability--6612f77b-29de-4c6f-8afe-88695073a15d.json new file mode 100644 index 00000000000..8c616fd2ae7 --- /dev/null +++ b/objects/vulnerability/vulnerability--6612f77b-29de-4c6f-8afe-88695073a15d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3409d8a4-f304-4e1e-abcd-d0a8129a0cf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6612f77b-29de-4c6f-8afe-88695073a15d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.736217Z", + "modified": "2024-12-13T00:40:39.736217Z", + "name": "CVE-2024-47615", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66aa828e-ffd2-4129-af05-6e5f1b33e298.json b/objects/vulnerability/vulnerability--66aa828e-ffd2-4129-af05-6e5f1b33e298.json new file mode 100644 index 00000000000..c320772538d --- /dev/null +++ b/objects/vulnerability/vulnerability--66aa828e-ffd2-4129-af05-6e5f1b33e298.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07dba557-3755-4bcd-aaf5-70ccb72415a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66aa828e-ffd2-4129-af05-6e5f1b33e298", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.078871Z", + "modified": "2024-12-13T00:40:41.078871Z", + "name": "CVE-2024-54502", + "description": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66b76cb2-660f-41ce-8027-ed50e47389aa.json b/objects/vulnerability/vulnerability--66b76cb2-660f-41ce-8027-ed50e47389aa.json new file mode 100644 index 00000000000..e566991bf96 --- /dev/null +++ b/objects/vulnerability/vulnerability--66b76cb2-660f-41ce-8027-ed50e47389aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0ccd5ee-0708-4ecc-a0e8-396f074acb83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66b76cb2-660f-41ce-8027-ed50e47389aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.067125Z", + "modified": "2024-12-13T00:40:41.067125Z", + "name": "CVE-2024-54515", + "description": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6838ec61-053c-4563-bab9-aaf98ecbbae5.json b/objects/vulnerability/vulnerability--6838ec61-053c-4563-bab9-aaf98ecbbae5.json new file mode 100644 index 00000000000..17d84a85783 --- /dev/null +++ b/objects/vulnerability/vulnerability--6838ec61-053c-4563-bab9-aaf98ecbbae5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f356de46-745d-4d4d-bab2-773cc1a0795e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6838ec61-053c-4563-bab9-aaf98ecbbae5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.501184Z", + "modified": "2024-12-13T00:40:39.501184Z", + "name": "CVE-2024-12289", + "description": "Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12289" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68ca812d-a324-4994-b8c6-92a1481827e4.json b/objects/vulnerability/vulnerability--68ca812d-a324-4994-b8c6-92a1481827e4.json new file mode 100644 index 00000000000..3284012c121 --- /dev/null +++ b/objects/vulnerability/vulnerability--68ca812d-a324-4994-b8c6-92a1481827e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79188677-f77f-4fa0-9f32-8a1f095bf2a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68ca812d-a324-4994-b8c6-92a1481827e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.202284Z", + "modified": "2024-12-13T00:40:41.202284Z", + "name": "CVE-2024-55879", + "description": "XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68e95445-4288-4a11-b540-d507332b443d.json b/objects/vulnerability/vulnerability--68e95445-4288-4a11-b540-d507332b443d.json new file mode 100644 index 00000000000..3419ddd7444 --- /dev/null +++ b/objects/vulnerability/vulnerability--68e95445-4288-4a11-b540-d507332b443d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cad20abf-da74-47f5-b4fb-87ccd6775b07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68e95445-4288-4a11-b540-d507332b443d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.210662Z", + "modified": "2024-12-13T00:40:40.210662Z", + "name": "CVE-2024-44246", + "description": "The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44246" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--694990be-526a-4f27-bb10-d37b6a279904.json b/objects/vulnerability/vulnerability--694990be-526a-4f27-bb10-d37b6a279904.json new file mode 100644 index 00000000000..816372ce6bc --- /dev/null +++ b/objects/vulnerability/vulnerability--694990be-526a-4f27-bb10-d37b6a279904.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ca54e48-22cd-41f1-97f1-7843cad50da6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--694990be-526a-4f27-bb10-d37b6a279904", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.712434Z", + "modified": "2024-12-13T00:40:39.712434Z", + "name": "CVE-2024-47834", + "description": "GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47834" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a98bf61-e886-461e-8082-f3544e53873f.json b/objects/vulnerability/vulnerability--6a98bf61-e886-461e-8082-f3544e53873f.json new file mode 100644 index 00000000000..523b3d4f218 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a98bf61-e886-461e-8082-f3544e53873f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37be909d-63bc-4d65-a65a-62d08b2ca3df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a98bf61-e886-461e-8082-f3544e53873f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.144469Z", + "modified": "2024-12-13T00:40:41.144469Z", + "name": "CVE-2024-54500", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bf3acde-dd0b-402e-b53b-a94363a3059a.json b/objects/vulnerability/vulnerability--6bf3acde-dd0b-402e-b53b-a94363a3059a.json new file mode 100644 index 00000000000..64792df6b37 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bf3acde-dd0b-402e-b53b-a94363a3059a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24282a30-b497-4857-9274-c384f0597352", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bf3acde-dd0b-402e-b53b-a94363a3059a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.128508Z", + "modified": "2024-12-13T00:40:41.128508Z", + "name": "CVE-2024-54099", + "description": "File replacement vulnerability on some devices\nImpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d3094af-2604-4bbd-b7e6-0d8afcb10559.json b/objects/vulnerability/vulnerability--6d3094af-2604-4bbd-b7e6-0d8afcb10559.json new file mode 100644 index 00000000000..6de8f067af5 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d3094af-2604-4bbd-b7e6-0d8afcb10559.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92a642f0-3212-44aa-b9ea-5b7e0353d2df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d3094af-2604-4bbd-b7e6-0d8afcb10559", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.081014Z", + "modified": "2024-12-13T00:40:41.081014Z", + "name": "CVE-2024-54498", + "description": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e77a9f4-42d5-4db8-89e7-8e65aff0f260.json b/objects/vulnerability/vulnerability--6e77a9f4-42d5-4db8-89e7-8e65aff0f260.json new file mode 100644 index 00000000000..01fb86e896b --- /dev/null +++ b/objects/vulnerability/vulnerability--6e77a9f4-42d5-4db8-89e7-8e65aff0f260.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52be2980-72c9-4e6f-9458-fec1290a9d51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e77a9f4-42d5-4db8-89e7-8e65aff0f260", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.07696Z", + "modified": "2024-12-13T00:40:40.07696Z", + "name": "CVE-2024-11413", + "description": "The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f03668e-72c4-4b96-99de-1835c595d953.json b/objects/vulnerability/vulnerability--6f03668e-72c4-4b96-99de-1835c595d953.json new file mode 100644 index 00000000000..d79436bf54f --- /dev/null +++ b/objects/vulnerability/vulnerability--6f03668e-72c4-4b96-99de-1835c595d953.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0fcf49e-3d06-496a-a120-dc8a03af4bae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f03668e-72c4-4b96-99de-1835c595d953", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.598388Z", + "modified": "2024-12-13T00:40:39.598388Z", + "name": "CVE-2024-9428", + "description": "The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70c66f17-1ddd-4ab6-b1e1-9318922da611.json b/objects/vulnerability/vulnerability--70c66f17-1ddd-4ab6-b1e1-9318922da611.json new file mode 100644 index 00000000000..feb62f78870 --- /dev/null +++ b/objects/vulnerability/vulnerability--70c66f17-1ddd-4ab6-b1e1-9318922da611.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b174259f-fd2e-4ccc-bd6e-d0775089301b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70c66f17-1ddd-4ab6-b1e1-9318922da611", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.439004Z", + "modified": "2024-12-13T00:40:39.439004Z", + "name": "CVE-2024-12503", + "description": "A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70e8ddf3-d2ab-488d-98af-3965a2ce8930.json b/objects/vulnerability/vulnerability--70e8ddf3-d2ab-488d-98af-3965a2ce8930.json new file mode 100644 index 00000000000..3685ffb4e5d --- /dev/null +++ b/objects/vulnerability/vulnerability--70e8ddf3-d2ab-488d-98af-3965a2ce8930.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70073da1-f13b-4500-82d3-3c65343c0a3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70e8ddf3-d2ab-488d-98af-3965a2ce8930", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.445231Z", + "modified": "2024-12-13T00:40:39.445231Z", + "name": "CVE-2024-12497", + "description": "A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected is an unknown function of the file /admin/check_admin_login.php. The manipulation of the argument admin_user_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70ed7bc7-a80a-4b0f-8520-115256e0cad9.json b/objects/vulnerability/vulnerability--70ed7bc7-a80a-4b0f-8520-115256e0cad9.json new file mode 100644 index 00000000000..02453ddc3ce --- /dev/null +++ b/objects/vulnerability/vulnerability--70ed7bc7-a80a-4b0f-8520-115256e0cad9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cc78c49-c9af-43a1-844c-3a0b7311ef57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70ed7bc7-a80a-4b0f-8520-115256e0cad9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.116867Z", + "modified": "2024-12-13T00:40:41.116867Z", + "name": "CVE-2024-54103", + "description": "Vulnerability of improper access control in the album module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71dc99d1-1e8c-4624-b1b7-e8f2f319ce30.json b/objects/vulnerability/vulnerability--71dc99d1-1e8c-4624-b1b7-e8f2f319ce30.json new file mode 100644 index 00000000000..2afb4261d77 --- /dev/null +++ b/objects/vulnerability/vulnerability--71dc99d1-1e8c-4624-b1b7-e8f2f319ce30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32d3a291-ecb7-4b81-a2d2-00f148c47cb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71dc99d1-1e8c-4624-b1b7-e8f2f319ce30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.721016Z", + "modified": "2024-12-13T00:40:39.721016Z", + "name": "CVE-2024-47600", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71e28076-69d8-444c-b55e-b4bec5d8fe57.json b/objects/vulnerability/vulnerability--71e28076-69d8-444c-b55e-b4bec5d8fe57.json new file mode 100644 index 00000000000..6c7e2c48004 --- /dev/null +++ b/objects/vulnerability/vulnerability--71e28076-69d8-444c-b55e-b4bec5d8fe57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a1d5ca4-220a-4001-a878-96a8b76f3816", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71e28076-69d8-444c-b55e-b4bec5d8fe57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.749691Z", + "modified": "2024-12-13T00:40:39.749691Z", + "name": "CVE-2024-47613", + "description": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--726cbb47-eb08-4b33-8ef6-96c386a15105.json b/objects/vulnerability/vulnerability--726cbb47-eb08-4b33-8ef6-96c386a15105.json new file mode 100644 index 00000000000..ccd3795a0c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--726cbb47-eb08-4b33-8ef6-96c386a15105.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--404f607a-1047-434f-9d40-705af6bc0772", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--726cbb47-eb08-4b33-8ef6-96c386a15105", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.450654Z", + "modified": "2024-12-13T00:40:39.450654Z", + "name": "CVE-2024-12172", + "description": "The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73d40a71-fcb4-4d46-993d-3c973922503b.json b/objects/vulnerability/vulnerability--73d40a71-fcb4-4d46-993d-3c973922503b.json new file mode 100644 index 00000000000..6f4bede38a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--73d40a71-fcb4-4d46-993d-3c973922503b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5c6285f-d207-4670-bf66-95648eb3c2d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73d40a71-fcb4-4d46-993d-3c973922503b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.090775Z", + "modified": "2024-12-13T00:40:40.090775Z", + "name": "CVE-2024-11427", + "description": "The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11427" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--741f4523-8ab7-4667-bb45-755742f2060e.json b/objects/vulnerability/vulnerability--741f4523-8ab7-4667-bb45-755742f2060e.json new file mode 100644 index 00000000000..5682b6a87a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--741f4523-8ab7-4667-bb45-755742f2060e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fd8517f-6f27-41ad-9da6-6fb75e05538b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--741f4523-8ab7-4667-bb45-755742f2060e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.428647Z", + "modified": "2024-12-13T00:40:39.428647Z", + "name": "CVE-2024-12564", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74a4f608-228f-4f77-bbf8-97fde3718924.json b/objects/vulnerability/vulnerability--74a4f608-228f-4f77-bbf8-97fde3718924.json new file mode 100644 index 00000000000..a8fe2a241ea --- /dev/null +++ b/objects/vulnerability/vulnerability--74a4f608-228f-4f77-bbf8-97fde3718924.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--384181a0-aae4-4f1c-a1ce-5292ccd00343", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74a4f608-228f-4f77-bbf8-97fde3718924", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.221599Z", + "modified": "2024-12-13T00:40:40.221599Z", + "name": "CVE-2024-44220", + "description": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--754d2b9d-3b37-4518-bca7-702416e1647f.json b/objects/vulnerability/vulnerability--754d2b9d-3b37-4518-bca7-702416e1647f.json new file mode 100644 index 00000000000..3c83632917c --- /dev/null +++ b/objects/vulnerability/vulnerability--754d2b9d-3b37-4518-bca7-702416e1647f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce1d081b-772b-4815-9cd2-8b4bec4abdea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--754d2b9d-3b37-4518-bca7-702416e1647f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.520061Z", + "modified": "2024-12-13T00:40:39.520061Z", + "name": "CVE-2024-10568", + "description": "The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--778e6157-e6cf-4414-99dc-32030b04770b.json b/objects/vulnerability/vulnerability--778e6157-e6cf-4414-99dc-32030b04770b.json new file mode 100644 index 00000000000..ef0b8082a8c --- /dev/null +++ b/objects/vulnerability/vulnerability--778e6157-e6cf-4414-99dc-32030b04770b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db584f48-e94b-4ce3-a481-12abbc0f2070", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--778e6157-e6cf-4414-99dc-32030b04770b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.096698Z", + "modified": "2024-12-13T00:40:40.096698Z", + "name": "CVE-2024-11052", + "description": "The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78356d64-c3ea-4999-833f-131680bc63e2.json b/objects/vulnerability/vulnerability--78356d64-c3ea-4999-833f-131680bc63e2.json new file mode 100644 index 00000000000..d9d463cd55e --- /dev/null +++ b/objects/vulnerability/vulnerability--78356d64-c3ea-4999-833f-131680bc63e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ccd50b4-29fc-4d43-94da-3986207556cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78356d64-c3ea-4999-833f-131680bc63e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.105Z", + "modified": "2024-12-13T00:40:41.105Z", + "name": "CVE-2024-54477", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7852aba9-9ea9-493d-bd99-b204a86e1523.json b/objects/vulnerability/vulnerability--7852aba9-9ea9-493d-bd99-b204a86e1523.json new file mode 100644 index 00000000000..067b881c5c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7852aba9-9ea9-493d-bd99-b204a86e1523.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df55db79-b100-464a-866b-0f323914e40c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7852aba9-9ea9-493d-bd99-b204a86e1523", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.086397Z", + "modified": "2024-12-13T00:40:40.086397Z", + "name": "CVE-2024-11359", + "description": "The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11359" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b301c85-0425-459c-9d8c-7c88c4106e57.json b/objects/vulnerability/vulnerability--7b301c85-0425-459c-9d8c-7c88c4106e57.json new file mode 100644 index 00000000000..b1c3ea35450 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b301c85-0425-459c-9d8c-7c88c4106e57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f6d4036-3305-4fd0-b863-91715697089b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b301c85-0425-459c-9d8c-7c88c4106e57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.118773Z", + "modified": "2024-12-13T00:40:41.118773Z", + "name": "CVE-2024-54810", + "description": "A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54810" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7be071a3-98a4-429b-9b17-00419a1bd996.json b/objects/vulnerability/vulnerability--7be071a3-98a4-429b-9b17-00419a1bd996.json new file mode 100644 index 00000000000..ebf0260bf20 --- /dev/null +++ b/objects/vulnerability/vulnerability--7be071a3-98a4-429b-9b17-00419a1bd996.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e62cec77-ca93-401c-a620-7764ddadd667", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7be071a3-98a4-429b-9b17-00419a1bd996", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.058343Z", + "modified": "2024-12-13T00:40:40.058343Z", + "name": "CVE-2024-11871", + "description": "The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11871" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c2e32e3-0d8c-4ff5-b33c-d43b36b1fdfb.json b/objects/vulnerability/vulnerability--7c2e32e3-0d8c-4ff5-b33c-d43b36b1fdfb.json new file mode 100644 index 00000000000..d32a97c5372 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c2e32e3-0d8c-4ff5-b33c-d43b36b1fdfb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd405dec-b68b-4df7-ae84-8936f41880f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c2e32e3-0d8c-4ff5-b33c-d43b36b1fdfb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.545109Z", + "modified": "2024-12-13T00:40:39.545109Z", + "name": "CVE-2024-10910", + "description": "The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c3fcfc5-e6de-4662-a99d-c6201d22daff.json b/objects/vulnerability/vulnerability--7c3fcfc5-e6de-4662-a99d-c6201d22daff.json new file mode 100644 index 00000000000..133a204ef4e --- /dev/null +++ b/objects/vulnerability/vulnerability--7c3fcfc5-e6de-4662-a99d-c6201d22daff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42755524-1db8-4e4e-8251-f547ca8898d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c3fcfc5-e6de-4662-a99d-c6201d22daff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.844743Z", + "modified": "2024-12-13T00:40:41.844743Z", + "name": "CVE-2024-4109", + "description": "A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4109" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c9ffa9c-8ae1-4649-b7c9-3061d1559035.json b/objects/vulnerability/vulnerability--7c9ffa9c-8ae1-4649-b7c9-3061d1559035.json new file mode 100644 index 00000000000..e070bef241a --- /dev/null +++ b/objects/vulnerability/vulnerability--7c9ffa9c-8ae1-4649-b7c9-3061d1559035.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80df3ee1-5be3-4354-928e-18fdd82633d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c9ffa9c-8ae1-4649-b7c9-3061d1559035", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.357422Z", + "modified": "2024-12-13T00:40:40.357422Z", + "name": "CVE-2024-53845", + "description": "ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d614922-dbae-4845-999a-1eaef9992b78.json b/objects/vulnerability/vulnerability--7d614922-dbae-4845-999a-1eaef9992b78.json new file mode 100644 index 00000000000..50e651fe5a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d614922-dbae-4845-999a-1eaef9992b78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7572044-95db-4655-a7b7-d10d22a58817", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d614922-dbae-4845-999a-1eaef9992b78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.054544Z", + "modified": "2024-12-13T00:40:40.054544Z", + "name": "CVE-2024-11181", + "description": "The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7df77692-ec5d-4d30-a4a9-c3992b53273f.json b/objects/vulnerability/vulnerability--7df77692-ec5d-4d30-a4a9-c3992b53273f.json new file mode 100644 index 00000000000..10bae73c138 --- /dev/null +++ b/objects/vulnerability/vulnerability--7df77692-ec5d-4d30-a4a9-c3992b53273f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4398fdd-3572-46bb-a4bf-d84a743d385b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7df77692-ec5d-4d30-a4a9-c3992b53273f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.0937Z", + "modified": "2024-12-13T00:40:41.0937Z", + "name": "CVE-2024-54531", + "description": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e50cc5e-8e1e-41f8-a14d-b36749336d30.json b/objects/vulnerability/vulnerability--7e50cc5e-8e1e-41f8-a14d-b36749336d30.json new file mode 100644 index 00000000000..8e6cfa2b734 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e50cc5e-8e1e-41f8-a14d-b36749336d30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9c1c827-38de-4f82-a915-0b16274e1c8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e50cc5e-8e1e-41f8-a14d-b36749336d30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.034438Z", + "modified": "2024-12-13T00:40:40.034438Z", + "name": "CVE-2024-11757", + "description": "The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11757" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ecbb5d2-c6a9-447d-a890-91c652d4472b.json b/objects/vulnerability/vulnerability--7ecbb5d2-c6a9-447d-a890-91c652d4472b.json new file mode 100644 index 00000000000..6444fc1d575 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ecbb5d2-c6a9-447d-a890-91c652d4472b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d398e2c-4811-46e6-a8b5-33ce1851e574", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ecbb5d2-c6a9-447d-a890-91c652d4472b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.046302Z", + "modified": "2024-12-13T00:40:40.046302Z", + "name": "CVE-2024-11875", + "description": "The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f3d3162-8cb3-44cb-b367-5bbb47d9c172.json b/objects/vulnerability/vulnerability--7f3d3162-8cb3-44cb-b367-5bbb47d9c172.json new file mode 100644 index 00000000000..33be176be8d --- /dev/null +++ b/objects/vulnerability/vulnerability--7f3d3162-8cb3-44cb-b367-5bbb47d9c172.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f1b15fd-a311-446a-8530-8b8e9a040aea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f3d3162-8cb3-44cb-b367-5bbb47d9c172", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.185417Z", + "modified": "2024-12-13T00:40:41.185417Z", + "name": "CVE-2024-54506", + "description": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f42b74c-dc34-4949-bb22-94b65cd6199d.json b/objects/vulnerability/vulnerability--7f42b74c-dc34-4949-bb22-94b65cd6199d.json new file mode 100644 index 00000000000..29a7a1fd2b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f42b74c-dc34-4949-bb22-94b65cd6199d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a3c691f-8e84-4130-bedf-b24704e5290b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f42b74c-dc34-4949-bb22-94b65cd6199d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.062128Z", + "modified": "2024-12-13T00:40:41.062128Z", + "name": "CVE-2024-54105", + "description": "Read/Write vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54105" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f765d8d-e4e5-4118-a1db-459c081fae07.json b/objects/vulnerability/vulnerability--7f765d8d-e4e5-4118-a1db-459c081fae07.json new file mode 100644 index 00000000000..03b0c3e3511 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f765d8d-e4e5-4118-a1db-459c081fae07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2f6addb-ce4f-46b4-9843-2820bcde5d0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f765d8d-e4e5-4118-a1db-459c081fae07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.188345Z", + "modified": "2024-12-13T00:40:40.188345Z", + "name": "CVE-2024-44200", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80531522-c131-4f09-ae4a-4fd4294bf9bc.json b/objects/vulnerability/vulnerability--80531522-c131-4f09-ae4a-4fd4294bf9bc.json new file mode 100644 index 00000000000..75c166f6502 --- /dev/null +++ b/objects/vulnerability/vulnerability--80531522-c131-4f09-ae4a-4fd4294bf9bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e120ccd2-f65d-43d8-9e86-92fa1ab62409", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80531522-c131-4f09-ae4a-4fd4294bf9bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.098125Z", + "modified": "2024-12-13T00:40:41.098125Z", + "name": "CVE-2024-54493", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82a278e4-c3fb-4a0c-acbf-68c4901f716d.json b/objects/vulnerability/vulnerability--82a278e4-c3fb-4a0c-acbf-68c4901f716d.json new file mode 100644 index 00000000000..79d687d1767 --- /dev/null +++ b/objects/vulnerability/vulnerability--82a278e4-c3fb-4a0c-acbf-68c4901f716d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97003372-c28b-49f6-bb9a-7bbf8c0f00fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82a278e4-c3fb-4a0c-acbf-68c4901f716d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.620085Z", + "modified": "2024-12-13T00:40:39.620085Z", + "name": "CVE-2024-9367", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--832dc7a0-f037-4b7b-a5a4-89ac9f9638d2.json b/objects/vulnerability/vulnerability--832dc7a0-f037-4b7b-a5a4-89ac9f9638d2.json new file mode 100644 index 00000000000..adc6a6d25e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--832dc7a0-f037-4b7b-a5a4-89ac9f9638d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35767614-4f68-4745-82ef-53256a521f58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--832dc7a0-f037-4b7b-a5a4-89ac9f9638d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.438243Z", + "modified": "2024-12-13T00:40:41.438243Z", + "name": "CVE-2024-36498", + "description": "Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The \"Edit Disclaimer Text\" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL\n\n\n\n\n\n\n\n\n\nhttps://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre\n\nThe stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8372d6c1-ba20-4b5e-8c9d-b0fe341bd7f1.json b/objects/vulnerability/vulnerability--8372d6c1-ba20-4b5e-8c9d-b0fe341bd7f1.json new file mode 100644 index 00000000000..4095bf1ff46 --- /dev/null +++ b/objects/vulnerability/vulnerability--8372d6c1-ba20-4b5e-8c9d-b0fe341bd7f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86098b11-9065-426b-807f-318244acb39d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8372d6c1-ba20-4b5e-8c9d-b0fe341bd7f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.473577Z", + "modified": "2024-12-13T00:40:39.473577Z", + "name": "CVE-2024-12488", + "description": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8503c0d6-abb9-41f5-854d-685c70da455f.json b/objects/vulnerability/vulnerability--8503c0d6-abb9-41f5-854d-685c70da455f.json new file mode 100644 index 00000000000..52b61d347dc --- /dev/null +++ b/objects/vulnerability/vulnerability--8503c0d6-abb9-41f5-854d-685c70da455f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9f80efd-1ef5-47ef-a645-9da06fac1b1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8503c0d6-abb9-41f5-854d-685c70da455f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.802445Z", + "modified": "2024-12-13T00:40:41.802445Z", + "name": "CVE-2024-28143", + "description": "The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28143" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88a86a01-974a-4d2e-a479-a6778906ff6b.json b/objects/vulnerability/vulnerability--88a86a01-974a-4d2e-a479-a6778906ff6b.json new file mode 100644 index 00000000000..4a17a51d100 --- /dev/null +++ b/objects/vulnerability/vulnerability--88a86a01-974a-4d2e-a479-a6778906ff6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7869dad8-a62f-4a8c-8a3a-3e63b2d4ddcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88a86a01-974a-4d2e-a479-a6778906ff6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.365153Z", + "modified": "2024-12-13T00:40:40.365153Z", + "name": "CVE-2024-53273", + "description": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53273" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89e4477e-1e4d-4412-9203-e4784edb0dbd.json b/objects/vulnerability/vulnerability--89e4477e-1e4d-4412-9203-e4784edb0dbd.json new file mode 100644 index 00000000000..3f701147a4c --- /dev/null +++ b/objects/vulnerability/vulnerability--89e4477e-1e4d-4412-9203-e4784edb0dbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4e7e1b5-ef5a-471c-a7c3-469f9b298ec8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89e4477e-1e4d-4412-9203-e4784edb0dbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.508255Z", + "modified": "2024-12-13T00:40:39.508255Z", + "name": "CVE-2024-10010", + "description": "The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10010" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a182e05-ceeb-4eb2-976c-8d1e2a388117.json b/objects/vulnerability/vulnerability--8a182e05-ceeb-4eb2-976c-8d1e2a388117.json new file mode 100644 index 00000000000..18206a80542 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a182e05-ceeb-4eb2-976c-8d1e2a388117.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1c0e4d5-2d25-42b3-af8f-1a796d63b887", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a182e05-ceeb-4eb2-976c-8d1e2a388117", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.442422Z", + "modified": "2024-12-13T00:40:39.442422Z", + "name": "CVE-2024-12338", + "description": "The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12338" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b7a7214-78b9-4dca-9dda-93864b0e4133.json b/objects/vulnerability/vulnerability--8b7a7214-78b9-4dca-9dda-93864b0e4133.json new file mode 100644 index 00000000000..4a2cda4cac1 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b7a7214-78b9-4dca-9dda-93864b0e4133.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f0717c6-64c4-4502-998e-86dda2bc9b1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b7a7214-78b9-4dca-9dda-93864b0e4133", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.176962Z", + "modified": "2024-12-13T00:40:40.176962Z", + "name": "CVE-2024-44212", + "description": "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d1945a6-d0da-415e-b068-692349077d32.json b/objects/vulnerability/vulnerability--8d1945a6-d0da-415e-b068-692349077d32.json new file mode 100644 index 00000000000..442a270bbca --- /dev/null +++ b/objects/vulnerability/vulnerability--8d1945a6-d0da-415e-b068-692349077d32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb78fae1-0bfd-430f-8bea-b7ac83449484", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d1945a6-d0da-415e-b068-692349077d32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.069615Z", + "modified": "2024-12-13T00:40:40.069615Z", + "name": "CVE-2024-11724", + "description": "The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11724" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d4477d7-9e1f-4811-b4f0-b358daf44f80.json b/objects/vulnerability/vulnerability--8d4477d7-9e1f-4811-b4f0-b358daf44f80.json new file mode 100644 index 00000000000..f6de12985d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d4477d7-9e1f-4811-b4f0-b358daf44f80.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c957796e-9648-4b18-ac07-e1048c230acc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d4477d7-9e1f-4811-b4f0-b358daf44f80", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.125161Z", + "modified": "2024-12-13T00:40:41.125161Z", + "name": "CVE-2024-54513", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54513" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d6fc042-a5fb-4df4-9469-f7389e851202.json b/objects/vulnerability/vulnerability--8d6fc042-a5fb-4df4-9469-f7389e851202.json new file mode 100644 index 00000000000..dcd78fb115e --- /dev/null +++ b/objects/vulnerability/vulnerability--8d6fc042-a5fb-4df4-9469-f7389e851202.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5c74165-e12c-4a1d-8bcb-2427af98fcc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d6fc042-a5fb-4df4-9469-f7389e851202", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.499237Z", + "modified": "2024-12-13T00:40:39.499237Z", + "name": "CVE-2024-12482", + "description": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\\wetech-basic-common\\src\\main\\java\\tech\\wetech\\basic\\util\\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12482" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dcfd100-8298-425c-9ab6-fddb974a717a.json b/objects/vulnerability/vulnerability--8dcfd100-8298-425c-9ab6-fddb974a717a.json new file mode 100644 index 00000000000..777f9452419 --- /dev/null +++ b/objects/vulnerability/vulnerability--8dcfd100-8298-425c-9ab6-fddb974a717a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec605866-5083-45c5-b466-3c0b99e558cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dcfd100-8298-425c-9ab6-fddb974a717a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.081016Z", + "modified": "2024-12-13T00:40:40.081016Z", + "name": "CVE-2024-11766", + "description": "The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e88eece-46ac-49b3-9dd9-12f4c30b4e43.json b/objects/vulnerability/vulnerability--8e88eece-46ac-49b3-9dd9-12f4c30b4e43.json new file mode 100644 index 00000000000..c9ce43faabd --- /dev/null +++ b/objects/vulnerability/vulnerability--8e88eece-46ac-49b3-9dd9-12f4c30b4e43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa956745-ae0d-407b-8e27-4562a26c8635", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e88eece-46ac-49b3-9dd9-12f4c30b4e43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.464301Z", + "modified": "2024-12-13T00:40:39.464301Z", + "name": "CVE-2024-12526", + "description": "The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12526" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ea22c27-2d7f-4ccb-a533-bc8e6615054f.json b/objects/vulnerability/vulnerability--8ea22c27-2d7f-4ccb-a533-bc8e6615054f.json new file mode 100644 index 00000000000..098d4d1ebcb --- /dev/null +++ b/objects/vulnerability/vulnerability--8ea22c27-2d7f-4ccb-a533-bc8e6615054f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ecba883-c1ad-417d-b56e-a80fda3a477a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ea22c27-2d7f-4ccb-a533-bc8e6615054f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.082162Z", + "modified": "2024-12-13T00:40:40.082162Z", + "name": "CVE-2024-11442", + "description": "The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11442" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--915bc318-467a-4553-af84-ca907ba975d5.json b/objects/vulnerability/vulnerability--915bc318-467a-4553-af84-ca907ba975d5.json new file mode 100644 index 00000000000..f30bdb00087 --- /dev/null +++ b/objects/vulnerability/vulnerability--915bc318-467a-4553-af84-ca907ba975d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55b94b1c-2bed-4c68-83cf-27c08f24878b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--915bc318-467a-4553-af84-ca907ba975d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.63059Z", + "modified": "2024-12-13T00:40:39.63059Z", + "name": "CVE-2024-9387", + "description": "An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--926e227a-141e-4434-80af-563851d6c149.json b/objects/vulnerability/vulnerability--926e227a-141e-4434-80af-563851d6c149.json new file mode 100644 index 00000000000..3609f15a7aa --- /dev/null +++ b/objects/vulnerability/vulnerability--926e227a-141e-4434-80af-563851d6c149.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cceee4b4-545f-4772-9844-ecafda51cd68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--926e227a-141e-4434-80af-563851d6c149", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.719184Z", + "modified": "2024-12-13T00:40:39.719184Z", + "name": "CVE-2024-47596", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93c74f7d-a9cf-49f5-b049-7a3801f73a7b.json b/objects/vulnerability/vulnerability--93c74f7d-a9cf-49f5-b049-7a3801f73a7b.json new file mode 100644 index 00000000000..23779c601d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--93c74f7d-a9cf-49f5-b049-7a3801f73a7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0249b26-ecce-4696-8108-524bb97842c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93c74f7d-a9cf-49f5-b049-7a3801f73a7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.006885Z", + "modified": "2024-12-13T00:40:40.006885Z", + "name": "CVE-2024-11410", + "description": "The Top and footer bars for announcements, notifications, advertisements, promotions – YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11410" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93ee5ca1-9e34-46ca-ad2b-f26dfccbae28.json b/objects/vulnerability/vulnerability--93ee5ca1-9e34-46ca-ad2b-f26dfccbae28.json new file mode 100644 index 00000000000..771a64a6ffd --- /dev/null +++ b/objects/vulnerability/vulnerability--93ee5ca1-9e34-46ca-ad2b-f26dfccbae28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16a3bbef-935a-4f98-aac2-6705b934e067", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93ee5ca1-9e34-46ca-ad2b-f26dfccbae28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.242217Z", + "modified": "2024-12-13T00:40:41.242217Z", + "name": "CVE-2024-55660", + "description": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94203729-003e-409e-afd2-43ec85ef240a.json b/objects/vulnerability/vulnerability--94203729-003e-409e-afd2-43ec85ef240a.json new file mode 100644 index 00000000000..a45f458a86e --- /dev/null +++ b/objects/vulnerability/vulnerability--94203729-003e-409e-afd2-43ec85ef240a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--50b476bd-a1cd-41f0-97cd-2fea0a26574d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94203729-003e-409e-afd2-43ec85ef240a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.011672Z", + "modified": "2024-12-13T00:40:40.011672Z", + "name": "CVE-2024-11872", + "description": "Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9511fadd-bae4-4dbd-b842-b3107f567d9d.json b/objects/vulnerability/vulnerability--9511fadd-bae4-4dbd-b842-b3107f567d9d.json new file mode 100644 index 00000000000..aa0ba33b10f --- /dev/null +++ b/objects/vulnerability/vulnerability--9511fadd-bae4-4dbd-b842-b3107f567d9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1219355a-e228-49af-8662-6e9bb826793f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9511fadd-bae4-4dbd-b842-b3107f567d9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.245394Z", + "modified": "2024-12-13T00:40:41.245394Z", + "name": "CVE-2024-55657", + "description": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--961e1995-7ecb-4e0c-8813-08e5ed9d2506.json b/objects/vulnerability/vulnerability--961e1995-7ecb-4e0c-8813-08e5ed9d2506.json new file mode 100644 index 00000000000..3cb6f3693cb --- /dev/null +++ b/objects/vulnerability/vulnerability--961e1995-7ecb-4e0c-8813-08e5ed9d2506.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3aa9d6a-f5a2-430a-bccb-ae98cf49269d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--961e1995-7ecb-4e0c-8813-08e5ed9d2506", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.193242Z", + "modified": "2024-12-13T00:40:41.193242Z", + "name": "CVE-2024-55663", + "description": "XWiki Platform is a generic wiki platform. Starting in version 11.10.6 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55663" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9674c48d-bf14-4cf1-b7e7-4d6f8eca5eb0.json b/objects/vulnerability/vulnerability--9674c48d-bf14-4cf1-b7e7-4d6f8eca5eb0.json new file mode 100644 index 00000000000..f43c8f2ee87 --- /dev/null +++ b/objects/vulnerability/vulnerability--9674c48d-bf14-4cf1-b7e7-4d6f8eca5eb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf272b3e-0587-4c03-86d2-6e50de9d4ed6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9674c48d-bf14-4cf1-b7e7-4d6f8eca5eb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.483213Z", + "modified": "2024-12-13T00:40:39.483213Z", + "name": "CVE-2024-12292", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--968ef7e3-cbec-4f03-a4d7-2ebaa0d96286.json b/objects/vulnerability/vulnerability--968ef7e3-cbec-4f03-a4d7-2ebaa0d96286.json new file mode 100644 index 00000000000..d5e454c9424 --- /dev/null +++ b/objects/vulnerability/vulnerability--968ef7e3-cbec-4f03-a4d7-2ebaa0d96286.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1cee8015-4417-43d2-a6ec-d349779ef7b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--968ef7e3-cbec-4f03-a4d7-2ebaa0d96286", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.502848Z", + "modified": "2024-12-13T00:40:39.502848Z", + "name": "CVE-2024-12489", + "description": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97171cca-5430-4262-9c59-351f93439088.json b/objects/vulnerability/vulnerability--97171cca-5430-4262-9c59-351f93439088.json new file mode 100644 index 00000000000..ad2fb836d98 --- /dev/null +++ b/objects/vulnerability/vulnerability--97171cca-5430-4262-9c59-351f93439088.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfeff03b-c3fb-4d35-a286-5f2daac29ccc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97171cca-5430-4262-9c59-351f93439088", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.184303Z", + "modified": "2024-12-13T00:40:40.184303Z", + "name": "CVE-2024-44241", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44241" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97868a90-e70c-4c65-a454-b6948e4510b6.json b/objects/vulnerability/vulnerability--97868a90-e70c-4c65-a454-b6948e4510b6.json new file mode 100644 index 00000000000..4299f7d8ffa --- /dev/null +++ b/objects/vulnerability/vulnerability--97868a90-e70c-4c65-a454-b6948e4510b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8fc93d7c-d428-4d4d-b5f7-efd60faa7fe1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97868a90-e70c-4c65-a454-b6948e4510b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.56045Z", + "modified": "2024-12-13T00:40:39.56045Z", + "name": "CVE-2024-10583", + "description": "The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--997cc53b-320a-4c56-b342-b69cc70533b2.json b/objects/vulnerability/vulnerability--997cc53b-320a-4c56-b342-b69cc70533b2.json new file mode 100644 index 00000000000..7af1af9884f --- /dev/null +++ b/objects/vulnerability/vulnerability--997cc53b-320a-4c56-b342-b69cc70533b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5104247d-c591-448a-8c2e-eb1e1046b9ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--997cc53b-320a-4c56-b342-b69cc70533b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.099689Z", + "modified": "2024-12-13T00:40:40.099689Z", + "name": "CVE-2024-11417", + "description": "The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99c7b9d7-c23c-4155-aaf7-2e8a11adb249.json b/objects/vulnerability/vulnerability--99c7b9d7-c23c-4155-aaf7-2e8a11adb249.json new file mode 100644 index 00000000000..0afaa84351a --- /dev/null +++ b/objects/vulnerability/vulnerability--99c7b9d7-c23c-4155-aaf7-2e8a11adb249.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d224657a-2cfa-4c72-8f0e-264be294afa7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99c7b9d7-c23c-4155-aaf7-2e8a11adb249", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.032202Z", + "modified": "2024-12-13T00:40:40.032202Z", + "name": "CVE-2024-11384", + "description": "The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11384" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9afd8dfa-8fff-4500-8510-9ca254102da3.json b/objects/vulnerability/vulnerability--9afd8dfa-8fff-4500-8510-9ca254102da3.json new file mode 100644 index 00000000000..3a5b5081f4a --- /dev/null +++ b/objects/vulnerability/vulnerability--9afd8dfa-8fff-4500-8510-9ca254102da3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86aea120-6a05-4b4d-9e3f-3b8f13f04864", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9afd8dfa-8fff-4500-8510-9ca254102da3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.170015Z", + "modified": "2024-12-13T00:40:41.170015Z", + "name": "CVE-2024-54106", + "description": "Null pointer dereference vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9be1a992-1bb8-4509-916b-b31e419dd4ed.json b/objects/vulnerability/vulnerability--9be1a992-1bb8-4509-916b-b31e419dd4ed.json new file mode 100644 index 00000000000..31e9a930253 --- /dev/null +++ b/objects/vulnerability/vulnerability--9be1a992-1bb8-4509-916b-b31e419dd4ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0467eb62-4177-4293-950b-21aeeb54a2d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9be1a992-1bb8-4509-916b-b31e419dd4ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.55276Z", + "modified": "2024-12-13T00:40:39.55276Z", + "name": "CVE-2024-10124", + "description": "The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10124" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c2bbcab-2854-4f21-b235-af1743b1ddc2.json b/objects/vulnerability/vulnerability--9c2bbcab-2854-4f21-b235-af1743b1ddc2.json new file mode 100644 index 00000000000..b1871a45664 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c2bbcab-2854-4f21-b235-af1743b1ddc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--238f21b3-9c3c-4167-86a3-7f23afce5af7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c2bbcab-2854-4f21-b235-af1743b1ddc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.474746Z", + "modified": "2024-12-13T00:40:39.474746Z", + "name": "CVE-2024-12480", + "description": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d18878e-8043-4242-ba4b-143905fc3436.json b/objects/vulnerability/vulnerability--9d18878e-8043-4242-ba4b-143905fc3436.json new file mode 100644 index 00000000000..ffdc5a9cd27 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d18878e-8043-4242-ba4b-143905fc3436.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12feea96-4979-4b4f-82a1-305e5e9bba3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d18878e-8043-4242-ba4b-143905fc3436", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.756852Z", + "modified": "2024-12-13T00:40:39.756852Z", + "name": "CVE-2024-47835", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47835" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e2ccb61-a201-4ccf-8ac5-0e16dd085cfd.json b/objects/vulnerability/vulnerability--9e2ccb61-a201-4ccf-8ac5-0e16dd085cfd.json new file mode 100644 index 00000000000..5aa9e5d5d93 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e2ccb61-a201-4ccf-8ac5-0e16dd085cfd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5cd535cc-ab0c-4866-b4de-506d7991514c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e2ccb61-a201-4ccf-8ac5-0e16dd085cfd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.45975Z", + "modified": "2024-12-13T00:40:39.45975Z", + "name": "CVE-2024-12260", + "description": "The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a03e983f-13b4-4a35-ab13-4c0c301a3b1d.json b/objects/vulnerability/vulnerability--a03e983f-13b4-4a35-ab13-4c0c301a3b1d.json new file mode 100644 index 00000000000..ebeff69d665 --- /dev/null +++ b/objects/vulnerability/vulnerability--a03e983f-13b4-4a35-ab13-4c0c301a3b1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b21ba6ab-3d13-4ac3-8c19-39be5b972e20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a03e983f-13b4-4a35-ab13-4c0c301a3b1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.431103Z", + "modified": "2024-12-13T00:40:39.431103Z", + "name": "CVE-2024-12263", + "description": "The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete cloud snippets. Please note that this vulnerability was present in the Cloud Library Addon used by the plugin and not in the plugin itself, the cloud library has been removed entirely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3413f3c-075b-424e-8099-46b1e66d2447.json b/objects/vulnerability/vulnerability--a3413f3c-075b-424e-8099-46b1e66d2447.json new file mode 100644 index 00000000000..e835d947dab --- /dev/null +++ b/objects/vulnerability/vulnerability--a3413f3c-075b-424e-8099-46b1e66d2447.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--200216c6-91b9-47fa-bd94-b76237d80475", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3413f3c-075b-424e-8099-46b1e66d2447", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.366386Z", + "modified": "2024-12-13T00:40:40.366386Z", + "name": "CVE-2024-53274", + "description": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim’s session. Version 5.28.5 contains a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a416c1d4-0599-4168-95cb-40bc0aab8c9b.json b/objects/vulnerability/vulnerability--a416c1d4-0599-4168-95cb-40bc0aab8c9b.json new file mode 100644 index 00000000000..94167563c83 --- /dev/null +++ b/objects/vulnerability/vulnerability--a416c1d4-0599-4168-95cb-40bc0aab8c9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0d76823-0fc4-468d-bda8-0fecf4549730", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a416c1d4-0599-4168-95cb-40bc0aab8c9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.176274Z", + "modified": "2024-12-13T00:40:41.176274Z", + "name": "CVE-2024-54529", + "description": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a474c036-7c5b-4f09-bc3a-a95f6a0871c3.json b/objects/vulnerability/vulnerability--a474c036-7c5b-4f09-bc3a-a95f6a0871c3.json new file mode 100644 index 00000000000..ceff3bb5b22 --- /dev/null +++ b/objects/vulnerability/vulnerability--a474c036-7c5b-4f09-bc3a-a95f6a0871c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10fe95de-dbff-4b39-b8af-0c11576e2d5a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a474c036-7c5b-4f09-bc3a-a95f6a0871c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.095503Z", + "modified": "2024-12-13T00:40:41.095503Z", + "name": "CVE-2024-54534", + "description": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5094b24-c509-4a9c-97e1-19245df7be91.json b/objects/vulnerability/vulnerability--a5094b24-c509-4a9c-97e1-19245df7be91.json new file mode 100644 index 00000000000..97ed16e6347 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5094b24-c509-4a9c-97e1-19245df7be91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cddb9cb-f373-47ac-83ef-4378dce55697", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5094b24-c509-4a9c-97e1-19245df7be91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.163394Z", + "modified": "2024-12-13T00:40:40.163394Z", + "name": "CVE-2024-44224", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44224" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7c7232c-3e77-4536-8b2f-668742c1b77d.json b/objects/vulnerability/vulnerability--a7c7232c-3e77-4536-8b2f-668742c1b77d.json new file mode 100644 index 00000000000..cfb84193682 --- /dev/null +++ b/objects/vulnerability/vulnerability--a7c7232c-3e77-4536-8b2f-668742c1b77d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95186185-3f12-43fc-93d6-28b3709d8f07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7c7232c-3e77-4536-8b2f-668742c1b77d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.028888Z", + "modified": "2024-12-13T00:40:40.028888Z", + "name": "CVE-2024-11804", + "description": "The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9079ffa-ff3f-4956-9d8b-c82327dc2a8d.json b/objects/vulnerability/vulnerability--a9079ffa-ff3f-4956-9d8b-c82327dc2a8d.json new file mode 100644 index 00000000000..2febe315528 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9079ffa-ff3f-4956-9d8b-c82327dc2a8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a76ded88-51c6-4ba0-a8f6-5c3b5a353335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9079ffa-ff3f-4956-9d8b-c82327dc2a8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.534513Z", + "modified": "2024-12-13T00:40:39.534513Z", + "name": "CVE-2024-10784", + "description": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a92c524a-76f9-4595-9efc-dd0e895ef8a6.json b/objects/vulnerability/vulnerability--a92c524a-76f9-4595-9efc-dd0e895ef8a6.json new file mode 100644 index 00000000000..5215bb26231 --- /dev/null +++ b/objects/vulnerability/vulnerability--a92c524a-76f9-4595-9efc-dd0e895ef8a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bbd2d97c-20c0-46a4-87d2-db3ef6a43a04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a92c524a-76f9-4595-9efc-dd0e895ef8a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.477815Z", + "modified": "2024-12-13T00:40:39.477815Z", + "name": "CVE-2024-12040", + "description": "The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a92fe8bd-7f52-4c70-acf0-b4e118767215.json b/objects/vulnerability/vulnerability--a92fe8bd-7f52-4c70-acf0-b4e118767215.json new file mode 100644 index 00000000000..ddacf50a846 --- /dev/null +++ b/objects/vulnerability/vulnerability--a92fe8bd-7f52-4c70-acf0-b4e118767215.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--142b8147-8e08-46e3-a2fd-6a6d4616d952", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a92fe8bd-7f52-4c70-acf0-b4e118767215", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.367671Z", + "modified": "2024-12-13T00:40:40.367671Z", + "name": "CVE-2024-53272", + "description": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53272" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9ed7a7f-9015-4863-bcc4-3e43ba71b7d0.json b/objects/vulnerability/vulnerability--a9ed7a7f-9015-4863-bcc4-3e43ba71b7d0.json new file mode 100644 index 00000000000..47e89e13707 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9ed7a7f-9015-4863-bcc4-3e43ba71b7d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72ca358a-8d58-43b0-ad0d-d7c689e7ca4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9ed7a7f-9015-4863-bcc4-3e43ba71b7d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.173482Z", + "modified": "2024-12-13T00:40:41.173482Z", + "name": "CVE-2024-54492", + "description": "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa13ed5a-9b21-43d3-82a2-74727848954f.json b/objects/vulnerability/vulnerability--aa13ed5a-9b21-43d3-82a2-74727848954f.json new file mode 100644 index 00000000000..baa1d1e440a --- /dev/null +++ b/objects/vulnerability/vulnerability--aa13ed5a-9b21-43d3-82a2-74727848954f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73ffbe6d-c454-4b6e-9946-23db8665781d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa13ed5a-9b21-43d3-82a2-74727848954f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.522529Z", + "modified": "2024-12-13T00:40:39.522529Z", + "name": "CVE-2024-10499", + "description": "The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac97a1d2-4712-4222-95ce-c5aff6ebaae3.json b/objects/vulnerability/vulnerability--ac97a1d2-4712-4222-95ce-c5aff6ebaae3.json new file mode 100644 index 00000000000..70635e75e60 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac97a1d2-4712-4222-95ce-c5aff6ebaae3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1675c49c-675e-4a7f-8fb9-5d33e21cb0d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac97a1d2-4712-4222-95ce-c5aff6ebaae3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.087194Z", + "modified": "2024-12-13T00:40:41.087194Z", + "name": "CVE-2024-54104", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54104" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acbe12b2-999e-4077-b80b-1f5ce35ce641.json b/objects/vulnerability/vulnerability--acbe12b2-999e-4077-b80b-1f5ce35ce641.json new file mode 100644 index 00000000000..0f853bb4990 --- /dev/null +++ b/objects/vulnerability/vulnerability--acbe12b2-999e-4077-b80b-1f5ce35ce641.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a8e38e3-b948-40b0-86b5-2fc48c833d37", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acbe12b2-999e-4077-b80b-1f5ce35ce641", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.121249Z", + "modified": "2024-12-13T00:40:41.121249Z", + "name": "CVE-2024-54526", + "description": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54526" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ace3a1d5-e09c-4dad-be05-c023eb98bde3.json b/objects/vulnerability/vulnerability--ace3a1d5-e09c-4dad-be05-c023eb98bde3.json new file mode 100644 index 00000000000..b61ca6817e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ace3a1d5-e09c-4dad-be05-c023eb98bde3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b79478ff-a219-426a-9754-26524d5d6541", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ace3a1d5-e09c-4dad-be05-c023eb98bde3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.455464Z", + "modified": "2024-12-13T00:40:39.455464Z", + "name": "CVE-2024-12492", + "description": "A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae9887dc-d4a2-4769-9ebc-1d0306613fc4.json b/objects/vulnerability/vulnerability--ae9887dc-d4a2-4769-9ebc-1d0306613fc4.json new file mode 100644 index 00000000000..e4961787731 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae9887dc-d4a2-4769-9ebc-1d0306613fc4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcca9ecd-5e3e-4db9-9f50-96b1d5c7401b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae9887dc-d4a2-4769-9ebc-1d0306613fc4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.005222Z", + "modified": "2024-12-13T00:40:40.005222Z", + "name": "CVE-2024-11948", + "description": "GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11948" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af474860-07fc-4c24-bacb-d67f8352e5a5.json b/objects/vulnerability/vulnerability--af474860-07fc-4c24-bacb-d67f8352e5a5.json new file mode 100644 index 00000000000..af2f23a35e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--af474860-07fc-4c24-bacb-d67f8352e5a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--341806cb-33ce-4951-8d87-257da1844a10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af474860-07fc-4c24-bacb-d67f8352e5a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.270618Z", + "modified": "2024-12-13T00:40:41.270618Z", + "name": "CVE-2024-49071", + "description": "Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49071" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3820c5d-6dde-4dd8-b660-af890aa58c74.json b/objects/vulnerability/vulnerability--b3820c5d-6dde-4dd8-b660-af890aa58c74.json new file mode 100644 index 00000000000..e61b16c94b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3820c5d-6dde-4dd8-b660-af890aa58c74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f038d7ec-355e-4422-94c0-9ab0e60b0be1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3820c5d-6dde-4dd8-b660-af890aa58c74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.784045Z", + "modified": "2024-12-13T00:40:39.784045Z", + "name": "CVE-2024-50584", + "description": "An authenticated attacker with the user/role \"Poweruser\" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The \"templates\" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b55d6a3b-8897-4f29-9c76-f78157642374.json b/objects/vulnerability/vulnerability--b55d6a3b-8897-4f29-9c76-f78157642374.json new file mode 100644 index 00000000000..4ce913c6295 --- /dev/null +++ b/objects/vulnerability/vulnerability--b55d6a3b-8897-4f29-9c76-f78157642374.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1c1efee-a146-4e12-92bd-346f11144176", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b55d6a3b-8897-4f29-9c76-f78157642374", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.435606Z", + "modified": "2024-12-13T00:40:39.435606Z", + "name": "CVE-2024-12486", + "description": "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b69255f0-1b48-42b7-98bc-7345012f38fe.json b/objects/vulnerability/vulnerability--b69255f0-1b48-42b7-98bc-7345012f38fe.json new file mode 100644 index 00000000000..6e615e9923d --- /dev/null +++ b/objects/vulnerability/vulnerability--b69255f0-1b48-42b7-98bc-7345012f38fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bab23cd5-1fdb-452f-942d-b759c010a88d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b69255f0-1b48-42b7-98bc-7345012f38fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.110321Z", + "modified": "2024-12-13T00:40:41.110321Z", + "name": "CVE-2024-54495", + "description": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b765862c-7bc6-4639-bc3d-dddb68e5d94c.json b/objects/vulnerability/vulnerability--b765862c-7bc6-4639-bc3d-dddb68e5d94c.json new file mode 100644 index 00000000000..28a15fe0fbb --- /dev/null +++ b/objects/vulnerability/vulnerability--b765862c-7bc6-4639-bc3d-dddb68e5d94c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6531397-ded5-431f-acc9-63b977afb772", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b765862c-7bc6-4639-bc3d-dddb68e5d94c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.437374Z", + "modified": "2024-12-13T00:40:39.437374Z", + "name": "CVE-2024-12312", + "description": "The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12312" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8ef1f41-9f6c-49fc-b2d6-83c8b883f79d.json b/objects/vulnerability/vulnerability--b8ef1f41-9f6c-49fc-b2d6-83c8b883f79d.json new file mode 100644 index 00000000000..8234cde3889 --- /dev/null +++ b/objects/vulnerability/vulnerability--b8ef1f41-9f6c-49fc-b2d6-83c8b883f79d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b4467ad-1796-426d-b42f-814dcb4c6584", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8ef1f41-9f6c-49fc-b2d6-83c8b883f79d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.085819Z", + "modified": "2024-12-13T00:40:41.085819Z", + "name": "CVE-2024-54508", + "description": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9095e0d-3443-45ee-9401-7889bc69a7cf.json b/objects/vulnerability/vulnerability--b9095e0d-3443-45ee-9401-7889bc69a7cf.json new file mode 100644 index 00000000000..3dcac487b4f --- /dev/null +++ b/objects/vulnerability/vulnerability--b9095e0d-3443-45ee-9401-7889bc69a7cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7be1f692-5e87-415c-a6db-31f8d3bc5e9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9095e0d-3443-45ee-9401-7889bc69a7cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.461216Z", + "modified": "2024-12-13T00:40:39.461216Z", + "name": "CVE-2024-12333", + "description": "The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bad14450-fa17-46d7-9815-0ed969d8920b.json b/objects/vulnerability/vulnerability--bad14450-fa17-46d7-9815-0ed969d8920b.json new file mode 100644 index 00000000000..ea0fa762472 --- /dev/null +++ b/objects/vulnerability/vulnerability--bad14450-fa17-46d7-9815-0ed969d8920b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1205aad-1836-47ae-98ab-f34cf61c28d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bad14450-fa17-46d7-9815-0ed969d8920b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.066995Z", + "modified": "2024-12-13T00:40:40.066995Z", + "name": "CVE-2024-11950", + "description": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11950" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb5df1c4-687c-4819-9d0d-4e39df7ae25c.json b/objects/vulnerability/vulnerability--bb5df1c4-687c-4819-9d0d-4e39df7ae25c.json new file mode 100644 index 00000000000..2d656ef1d3f --- /dev/null +++ b/objects/vulnerability/vulnerability--bb5df1c4-687c-4819-9d0d-4e39df7ae25c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8aa276da-0d37-4a58-99b3-6bd09125fde1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb5df1c4-687c-4819-9d0d-4e39df7ae25c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.196917Z", + "modified": "2024-12-13T00:40:41.196917Z", + "name": "CVE-2024-55876", + "description": "XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55876" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcd0aa18-7bfb-4415-b991-c14dabc6ea1d.json b/objects/vulnerability/vulnerability--bcd0aa18-7bfb-4415-b991-c14dabc6ea1d.json new file mode 100644 index 00000000000..e2168a4b21b --- /dev/null +++ b/objects/vulnerability/vulnerability--bcd0aa18-7bfb-4415-b991-c14dabc6ea1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0a3b1f0-e93d-42c3-b19d-a4421c417fc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcd0aa18-7bfb-4415-b991-c14dabc6ea1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.057089Z", + "modified": "2024-12-13T00:40:40.057089Z", + "name": "CVE-2024-11760", + "description": "The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11760" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bce59886-df25-4f9f-a057-290f740843ab.json b/objects/vulnerability/vulnerability--bce59886-df25-4f9f-a057-290f740843ab.json new file mode 100644 index 00000000000..b1955460530 --- /dev/null +++ b/objects/vulnerability/vulnerability--bce59886-df25-4f9f-a057-290f740843ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52b69139-a8d1-42a1-bfa5-035a0837e945", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bce59886-df25-4f9f-a057-290f740843ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.787042Z", + "modified": "2024-12-13T00:40:41.787042Z", + "name": "CVE-2024-28145", + "description": "An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter \"field\" with the UNION keyword.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28145" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bdcd65b6-e2cd-4c39-a09f-b3bbe5ea334a.json b/objects/vulnerability/vulnerability--bdcd65b6-e2cd-4c39-a09f-b3bbe5ea334a.json new file mode 100644 index 00000000000..bfcbcc74d11 --- /dev/null +++ b/objects/vulnerability/vulnerability--bdcd65b6-e2cd-4c39-a09f-b3bbe5ea334a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24c05426-e268-4122-994e-6cdcbaf0c9d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bdcd65b6-e2cd-4c39-a09f-b3bbe5ea334a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.152231Z", + "modified": "2024-12-13T00:40:41.152231Z", + "name": "CVE-2024-54108", + "description": "Read/Write vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54108" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be05e36b-6cdc-4c2e-9862-c0275a45c50e.json b/objects/vulnerability/vulnerability--be05e36b-6cdc-4c2e-9862-c0275a45c50e.json new file mode 100644 index 00000000000..60153166d82 --- /dev/null +++ b/objects/vulnerability/vulnerability--be05e36b-6cdc-4c2e-9862-c0275a45c50e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c15af834-82d7-40c1-a64c-faa9b0497507", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be05e36b-6cdc-4c2e-9862-c0275a45c50e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.640856Z", + "modified": "2024-12-13T00:40:40.640856Z", + "name": "CVE-2024-31670", + "description": "rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bee4fd2a-a435-4d94-a642-ebfae0c892a5.json b/objects/vulnerability/vulnerability--bee4fd2a-a435-4d94-a642-ebfae0c892a5.json new file mode 100644 index 00000000000..5295acad947 --- /dev/null +++ b/objects/vulnerability/vulnerability--bee4fd2a-a435-4d94-a642-ebfae0c892a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d662efab-2868-4b4d-ab74-529e3ee2c8b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bee4fd2a-a435-4d94-a642-ebfae0c892a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.027405Z", + "modified": "2024-12-13T00:40:40.027405Z", + "name": "CVE-2024-11765", + "description": "The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c01ab892-ef04-4555-a8e0-c8460484dde9.json b/objects/vulnerability/vulnerability--c01ab892-ef04-4555-a8e0-c8460484dde9.json new file mode 100644 index 00000000000..e132f665bfd --- /dev/null +++ b/objects/vulnerability/vulnerability--c01ab892-ef04-4555-a8e0-c8460484dde9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ca2a9ea-daa6-4ad2-9ddd-0a8554e6d18b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c01ab892-ef04-4555-a8e0-c8460484dde9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.57237Z", + "modified": "2024-12-13T00:40:39.57237Z", + "name": "CVE-2024-10517", + "description": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0295b97-0fc9-4a85-a6f8-c6d9eddefbdb.json b/objects/vulnerability/vulnerability--c0295b97-0fc9-4a85-a6f8-c6d9eddefbdb.json new file mode 100644 index 00000000000..143148de8ba --- /dev/null +++ b/objects/vulnerability/vulnerability--c0295b97-0fc9-4a85-a6f8-c6d9eddefbdb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c5c534f-058d-4e3b-bceb-068b5d7a98b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0295b97-0fc9-4a85-a6f8-c6d9eddefbdb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.154856Z", + "modified": "2024-12-13T00:40:41.154856Z", + "name": "CVE-2024-54117", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c151c040-d459-45ba-854d-3a79a21bfa8e.json b/objects/vulnerability/vulnerability--c151c040-d459-45ba-854d-3a79a21bfa8e.json new file mode 100644 index 00000000000..6bc40aa7551 --- /dev/null +++ b/objects/vulnerability/vulnerability--c151c040-d459-45ba-854d-3a79a21bfa8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85db1236-256d-4f0f-8ab7-5fbd6db09c2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c151c040-d459-45ba-854d-3a79a21bfa8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.015892Z", + "modified": "2024-12-13T00:40:40.015892Z", + "name": "CVE-2024-11433", + "description": "The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11433" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3425a84-6b52-4b67-9693-8bbc1090bc82.json b/objects/vulnerability/vulnerability--c3425a84-6b52-4b67-9693-8bbc1090bc82.json new file mode 100644 index 00000000000..e1ef3a940d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3425a84-6b52-4b67-9693-8bbc1090bc82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf4781dd-2d79-458c-885d-52cd19a7bf1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3425a84-6b52-4b67-9693-8bbc1090bc82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.42762Z", + "modified": "2024-12-13T00:40:39.42762Z", + "name": "CVE-2024-12461", + "description": "The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4369244-17c8-4042-8cec-46efde8f98dd.json b/objects/vulnerability/vulnerability--c4369244-17c8-4042-8cec-46efde8f98dd.json new file mode 100644 index 00000000000..c102e44e907 --- /dev/null +++ b/objects/vulnerability/vulnerability--c4369244-17c8-4042-8cec-46efde8f98dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cd0898b-1fb3-46ee-8fa7-78fe1a3ea608", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4369244-17c8-4042-8cec-46efde8f98dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.040871Z", + "modified": "2024-12-13T00:40:40.040871Z", + "name": "CVE-2024-11459", + "description": "The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11459" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c55f84ac-6c02-4ea6-8f7d-922e685793a1.json b/objects/vulnerability/vulnerability--c55f84ac-6c02-4ea6-8f7d-922e685793a1.json new file mode 100644 index 00000000000..843f3372277 --- /dev/null +++ b/objects/vulnerability/vulnerability--c55f84ac-6c02-4ea6-8f7d-922e685793a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8de44507-228a-496e-a38a-441aea1aff53", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c55f84ac-6c02-4ea6-8f7d-922e685793a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.092108Z", + "modified": "2024-12-13T00:40:41.092108Z", + "name": "CVE-2024-54527", + "description": "This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6553d56-41ca-49da-b08e-c5f04c604fd9.json b/objects/vulnerability/vulnerability--c6553d56-41ca-49da-b08e-c5f04c604fd9.json new file mode 100644 index 00000000000..cfcc957acac --- /dev/null +++ b/objects/vulnerability/vulnerability--c6553d56-41ca-49da-b08e-c5f04c604fd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4901cd12-82bf-45a0-aee4-bb4c9e771b3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6553d56-41ca-49da-b08e-c5f04c604fd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.055823Z", + "modified": "2024-12-13T00:40:40.055823Z", + "name": "CVE-2024-11882", + "description": "The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11882" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8ab628a-3dde-42c8-b835-6eee6d6382da.json b/objects/vulnerability/vulnerability--c8ab628a-3dde-42c8-b835-6eee6d6382da.json new file mode 100644 index 00000000000..1d1e6d3b8a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8ab628a-3dde-42c8-b835-6eee6d6382da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--836d95cc-257d-4e78-9293-c5897ab5b0f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8ab628a-3dde-42c8-b835-6eee6d6382da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.443555Z", + "modified": "2024-12-13T00:40:39.443555Z", + "name": "CVE-2024-12156", + "description": "The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12156" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9a031a9-af6b-44f4-a8e2-eb8c3c7644d5.json b/objects/vulnerability/vulnerability--c9a031a9-af6b-44f4-a8e2-eb8c3c7644d5.json new file mode 100644 index 00000000000..b9bf133002e --- /dev/null +++ b/objects/vulnerability/vulnerability--c9a031a9-af6b-44f4-a8e2-eb8c3c7644d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--028af30f-5e9d-414f-b85f-64cf8a5c3a28", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9a031a9-af6b-44f4-a8e2-eb8c3c7644d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.126139Z", + "modified": "2024-12-13T00:40:41.126139Z", + "name": "CVE-2024-54465", + "description": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54465" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9f73636-47b3-4514-b671-abaac6aba7b8.json b/objects/vulnerability/vulnerability--c9f73636-47b3-4514-b671-abaac6aba7b8.json new file mode 100644 index 00000000000..1cc05968eda --- /dev/null +++ b/objects/vulnerability/vulnerability--c9f73636-47b3-4514-b671-abaac6aba7b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63b30535-fd44-431d-8518-57539a1a2620", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9f73636-47b3-4514-b671-abaac6aba7b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.164762Z", + "modified": "2024-12-13T00:40:41.164762Z", + "name": "CVE-2024-54111", + "description": "Read/Write vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc54315c-b899-4bed-a149-5bf9cb228e47.json b/objects/vulnerability/vulnerability--cc54315c-b899-4bed-a149-5bf9cb228e47.json new file mode 100644 index 00000000000..d35b1b0cacd --- /dev/null +++ b/objects/vulnerability/vulnerability--cc54315c-b899-4bed-a149-5bf9cb228e47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10bb09fb-e077-4471-8975-98a635cfdf90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc54315c-b899-4bed-a149-5bf9cb228e47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.094847Z", + "modified": "2024-12-13T00:40:40.094847Z", + "name": "CVE-2024-11443", + "description": "The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11443" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd01a6c2-dc04-41e1-bbdb-5e5710109eb3.json b/objects/vulnerability/vulnerability--cd01a6c2-dc04-41e1-bbdb-5e5710109eb3.json new file mode 100644 index 00000000000..5e8efa1d324 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd01a6c2-dc04-41e1-bbdb-5e5710109eb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--587b5a99-c781-46c1-91f1-6019f7d34164", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd01a6c2-dc04-41e1-bbdb-5e5710109eb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.024339Z", + "modified": "2024-12-13T00:40:40.024339Z", + "name": "CVE-2024-11947", + "description": "GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11947" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce328330-9feb-449a-b38d-699e30853148.json b/objects/vulnerability/vulnerability--ce328330-9feb-449a-b38d-699e30853148.json new file mode 100644 index 00000000000..ddc4687283f --- /dev/null +++ b/objects/vulnerability/vulnerability--ce328330-9feb-449a-b38d-699e30853148.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee1f42ee-49a9-4e9d-9d36-cca35c27663f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce328330-9feb-449a-b38d-699e30853148", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.333066Z", + "modified": "2024-12-13T00:40:39.333066Z", + "name": "CVE-2024-52901", + "description": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce857576-1364-4727-b13a-35f92d6c933f.json b/objects/vulnerability/vulnerability--ce857576-1364-4727-b13a-35f92d6c933f.json new file mode 100644 index 00000000000..f05501c494f --- /dev/null +++ b/objects/vulnerability/vulnerability--ce857576-1364-4727-b13a-35f92d6c933f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acc2709d-5c32-4c53-8d40-7598b9e912db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce857576-1364-4727-b13a-35f92d6c933f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.079264Z", + "modified": "2024-12-13T00:40:40.079264Z", + "name": "CVE-2024-11723", + "description": "The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent_profile shortcode present in all versions up to, and including, 2.3.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11723" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfc5dfa3-c8b8-4ce1-8a59-89a19c036caf.json b/objects/vulnerability/vulnerability--cfc5dfa3-c8b8-4ce1-8a59-89a19c036caf.json new file mode 100644 index 00000000000..c07827d6925 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfc5dfa3-c8b8-4ce1-8a59-89a19c036caf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c45d773d-37af-4428-b2f5-64cd20210e9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfc5dfa3-c8b8-4ce1-8a59-89a19c036caf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.217781Z", + "modified": "2024-12-13T00:40:41.217781Z", + "name": "CVE-2024-55878", + "description": "SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d04ef629-8403-4a63-b4f9-83eacdb2e324.json b/objects/vulnerability/vulnerability--d04ef629-8403-4a63-b4f9-83eacdb2e324.json new file mode 100644 index 00000000000..8a525965381 --- /dev/null +++ b/objects/vulnerability/vulnerability--d04ef629-8403-4a63-b4f9-83eacdb2e324.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70d7aaf5-c01a-4d2f-ad30-8ea900811380", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d04ef629-8403-4a63-b4f9-83eacdb2e324", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.08238Z", + "modified": "2024-12-13T00:40:41.08238Z", + "name": "CVE-2024-54107", + "description": "Read/Write vulnerability in the image decoding module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54107" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d061055f-5a6d-42f3-b782-3a4460ee8cf7.json b/objects/vulnerability/vulnerability--d061055f-5a6d-42f3-b782-3a4460ee8cf7.json new file mode 100644 index 00000000000..22e66d7642c --- /dev/null +++ b/objects/vulnerability/vulnerability--d061055f-5a6d-42f3-b782-3a4460ee8cf7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ea24f1a-8b6e-46c9-8612-4a7d92d5f2da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d061055f-5a6d-42f3-b782-3a4460ee8cf7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.08956Z", + "modified": "2024-12-13T00:40:40.08956Z", + "name": "CVE-2024-11949", + "description": "GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24331.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d285c1f9-1866-49be-83cd-d12c4d14e92d.json b/objects/vulnerability/vulnerability--d285c1f9-1866-49be-83cd-d12c4d14e92d.json new file mode 100644 index 00000000000..088eede7cbc --- /dev/null +++ b/objects/vulnerability/vulnerability--d285c1f9-1866-49be-83cd-d12c4d14e92d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65d6577e-6495-4dbb-924d-49358191455a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d285c1f9-1866-49be-83cd-d12c4d14e92d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.12414Z", + "modified": "2024-12-13T00:40:41.12414Z", + "name": "CVE-2024-54504", + "description": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d33d9257-ddb9-4ea9-a730-d276a47dd3b7.json b/objects/vulnerability/vulnerability--d33d9257-ddb9-4ea9-a730-d276a47dd3b7.json new file mode 100644 index 00000000000..61f141cbd75 --- /dev/null +++ b/objects/vulnerability/vulnerability--d33d9257-ddb9-4ea9-a730-d276a47dd3b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--589c7ff9-cf9a-49d4-acf3-4ebf2b01777d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d33d9257-ddb9-4ea9-a730-d276a47dd3b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.183194Z", + "modified": "2024-12-13T00:40:40.183194Z", + "name": "CVE-2024-44201", + "description": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d385dd5a-3376-4fb5-b7ec-0bf4221aaac0.json b/objects/vulnerability/vulnerability--d385dd5a-3376-4fb5-b7ec-0bf4221aaac0.json new file mode 100644 index 00000000000..0ea6b585da2 --- /dev/null +++ b/objects/vulnerability/vulnerability--d385dd5a-3376-4fb5-b7ec-0bf4221aaac0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ffab926-a1af-464c-95fb-3ad591a51d81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d385dd5a-3376-4fb5-b7ec-0bf4221aaac0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.43981Z", + "modified": "2024-12-13T00:40:40.43981Z", + "name": "CVE-2024-8233", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3af349d-f070-46ba-b721-19cf917a842f.json b/objects/vulnerability/vulnerability--d3af349d-f070-46ba-b721-19cf917a842f.json new file mode 100644 index 00000000000..f9c4df899ff --- /dev/null +++ b/objects/vulnerability/vulnerability--d3af349d-f070-46ba-b721-19cf917a842f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d64f666-71a1-4f6a-8ccc-12884e3e3154", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3af349d-f070-46ba-b721-19cf917a842f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.050343Z", + "modified": "2024-12-13T00:40:40.050343Z", + "name": "CVE-2024-11914", + "description": "The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11914" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d76b73af-a965-415f-82f7-26e3e0684517.json b/objects/vulnerability/vulnerability--d76b73af-a965-415f-82f7-26e3e0684517.json new file mode 100644 index 00000000000..cc641173751 --- /dev/null +++ b/objects/vulnerability/vulnerability--d76b73af-a965-415f-82f7-26e3e0684517.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b0e6dd9-3c8b-4f72-8587-184a685c2a87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d76b73af-a965-415f-82f7-26e3e0684517", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.436261Z", + "modified": "2024-12-13T00:40:40.436261Z", + "name": "CVE-2024-8647", + "description": "An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7721f87-fe4b-4af5-b929-652dd85022b9.json b/objects/vulnerability/vulnerability--d7721f87-fe4b-4af5-b929-652dd85022b9.json new file mode 100644 index 00000000000..e182f07a6f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7721f87-fe4b-4af5-b929-652dd85022b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8fe6261-7586-452e-8e6b-6252833fe52d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7721f87-fe4b-4af5-b929-652dd85022b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.476611Z", + "modified": "2024-12-13T00:40:39.476611Z", + "name": "CVE-2024-12201", + "description": "The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d794b13e-db4d-4a91-8a3c-0340917adde6.json b/objects/vulnerability/vulnerability--d794b13e-db4d-4a91-8a3c-0340917adde6.json new file mode 100644 index 00000000000..7bf2f63aa09 --- /dev/null +++ b/objects/vulnerability/vulnerability--d794b13e-db4d-4a91-8a3c-0340917adde6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a936568-1904-464e-b03c-a76452e5b591", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d794b13e-db4d-4a91-8a3c-0340917adde6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.190163Z", + "modified": "2024-12-13T00:40:41.190163Z", + "name": "CVE-2024-55888", + "description": "Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55888" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d99777a7-6b81-411e-90f8-4c8b5fe39497.json b/objects/vulnerability/vulnerability--d99777a7-6b81-411e-90f8-4c8b5fe39497.json new file mode 100644 index 00000000000..d27a2f828eb --- /dev/null +++ b/objects/vulnerability/vulnerability--d99777a7-6b81-411e-90f8-4c8b5fe39497.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee5bb7f1-14cb-469e-8c9e-5f7d3d7bd15d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d99777a7-6b81-411e-90f8-4c8b5fe39497", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.172159Z", + "modified": "2024-12-13T00:40:41.172159Z", + "name": "CVE-2024-54101", + "description": "Denial of service (DoS) vulnerability in the installation module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54101" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da9df3e8-c51e-4e06-8022-3f3a30c93049.json b/objects/vulnerability/vulnerability--da9df3e8-c51e-4e06-8022-3f3a30c93049.json new file mode 100644 index 00000000000..e798e4ab7fa --- /dev/null +++ b/objects/vulnerability/vulnerability--da9df3e8-c51e-4e06-8022-3f3a30c93049.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd544992-dfa3-4310-9a34-bb8ecf1010a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da9df3e8-c51e-4e06-8022-3f3a30c93049", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.113062Z", + "modified": "2024-12-13T00:40:41.113062Z", + "name": "CVE-2024-54115", + "description": "Out-of-bounds read vulnerability in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db29d780-ff4b-4dad-a457-c088cfca1c29.json b/objects/vulnerability/vulnerability--db29d780-ff4b-4dad-a457-c088cfca1c29.json new file mode 100644 index 00000000000..658a9530ad0 --- /dev/null +++ b/objects/vulnerability/vulnerability--db29d780-ff4b-4dad-a457-c088cfca1c29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e35f1d1-5677-4bd7-9fad-5449e8263567", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db29d780-ff4b-4dad-a457-c088cfca1c29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.468479Z", + "modified": "2024-12-13T00:40:39.468479Z", + "name": "CVE-2024-12483", + "description": "A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc9fdbb5-c08b-49ce-a0ef-b1f72433af19.json b/objects/vulnerability/vulnerability--dc9fdbb5-c08b-49ce-a0ef-b1f72433af19.json new file mode 100644 index 00000000000..f4541344b0e --- /dev/null +++ b/objects/vulnerability/vulnerability--dc9fdbb5-c08b-49ce-a0ef-b1f72433af19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--083f5a0d-2e11-44ee-86db-34523d9db7e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc9fdbb5-c08b-49ce-a0ef-b1f72433af19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.573364Z", + "modified": "2024-12-13T00:40:39.573364Z", + "name": "CVE-2024-10182", + "description": "The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de2c0032-643f-4ed3-8287-ee6e4ba2290d.json b/objects/vulnerability/vulnerability--de2c0032-643f-4ed3-8287-ee6e4ba2290d.json new file mode 100644 index 00000000000..77d072ecd0d --- /dev/null +++ b/objects/vulnerability/vulnerability--de2c0032-643f-4ed3-8287-ee6e4ba2290d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--132defb4-9b0a-44e9-9d09-9a1d2994bf7c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de2c0032-643f-4ed3-8287-ee6e4ba2290d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.759508Z", + "modified": "2024-12-13T00:40:39.759508Z", + "name": "CVE-2024-47599", + "description": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dfc10598-1a36-4b6c-b773-2e2084e09d12.json b/objects/vulnerability/vulnerability--dfc10598-1a36-4b6c-b773-2e2084e09d12.json new file mode 100644 index 00000000000..1022b91a212 --- /dev/null +++ b/objects/vulnerability/vulnerability--dfc10598-1a36-4b6c-b773-2e2084e09d12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97a58313-7375-4c0b-adf6-ed0befde637a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dfc10598-1a36-4b6c-b773-2e2084e09d12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.214807Z", + "modified": "2024-12-13T00:40:41.214807Z", + "name": "CVE-2024-55633", + "description": "Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0082a01-4b60-443c-9b96-226df6528fee.json b/objects/vulnerability/vulnerability--e0082a01-4b60-443c-9b96-226df6528fee.json new file mode 100644 index 00000000000..9ee11f8df83 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0082a01-4b60-443c-9b96-226df6528fee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71adb245-7fce-4620-af71-794c48a5278f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0082a01-4b60-443c-9b96-226df6528fee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.742328Z", + "modified": "2024-12-13T00:40:39.742328Z", + "name": "CVE-2024-47607", + "description": "GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0188da7-b21b-4758-8669-041f001ad7e1.json b/objects/vulnerability/vulnerability--e0188da7-b21b-4758-8669-041f001ad7e1.json new file mode 100644 index 00000000000..2edcd257e34 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0188da7-b21b-4758-8669-041f001ad7e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0af43ee-63e0-4f16-9d9f-fea157b59380", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0188da7-b21b-4758-8669-041f001ad7e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.112092Z", + "modified": "2024-12-13T00:40:41.112092Z", + "name": "CVE-2024-54494", + "description": "A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1dfdd6a-173a-4663-a518-f4c8d54ffb60.json b/objects/vulnerability/vulnerability--e1dfdd6a-173a-4663-a518-f4c8d54ffb60.json new file mode 100644 index 00000000000..39c468ea690 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1dfdd6a-173a-4663-a518-f4c8d54ffb60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1b042aa-2c29-4c2d-9fad-fc0d9f16d6f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1dfdd6a-173a-4663-a518-f4c8d54ffb60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.045055Z", + "modified": "2024-12-13T00:40:40.045055Z", + "name": "CVE-2024-11750", + "description": "The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3d0a621-8df6-44fc-9d5f-d593e0db885c.json b/objects/vulnerability/vulnerability--e3d0a621-8df6-44fc-9d5f-d593e0db885c.json new file mode 100644 index 00000000000..9ba09e66762 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3d0a621-8df6-44fc-9d5f-d593e0db885c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--644f0406-1fc9-459e-b751-1cd726771ea8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3d0a621-8df6-44fc-9d5f-d593e0db885c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.808747Z", + "modified": "2024-12-13T00:40:41.808747Z", + "name": "CVE-2024-28146", + "description": "The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3f07063-f982-4037-8e3f-96b6425f89d0.json b/objects/vulnerability/vulnerability--e3f07063-f982-4037-8e3f-96b6425f89d0.json new file mode 100644 index 00000000000..e747b36364f --- /dev/null +++ b/objects/vulnerability/vulnerability--e3f07063-f982-4037-8e3f-96b6425f89d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--186aef2c-8d9f-46ff-b56a-d855ba131552", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3f07063-f982-4037-8e3f-96b6425f89d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.148155Z", + "modified": "2024-12-13T00:40:41.148155Z", + "name": "CVE-2024-54122", + "description": "Concurrent variable access vulnerability in the ability module\nImpact: Successful exploitation of this vulnerability may affect availability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54122" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e575d488-edc6-440a-95a1-4416bf514170.json b/objects/vulnerability/vulnerability--e575d488-edc6-440a-95a1-4416bf514170.json new file mode 100644 index 00000000000..45d72d74901 --- /dev/null +++ b/objects/vulnerability/vulnerability--e575d488-edc6-440a-95a1-4416bf514170.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c1effed-f302-4170-a7a4-513659d1ae33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e575d488-edc6-440a-95a1-4416bf514170", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.090008Z", + "modified": "2024-12-13T00:40:41.090008Z", + "name": "CVE-2024-54489", + "description": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54489" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5767328-50d8-4b8f-b15b-24437854372c.json b/objects/vulnerability/vulnerability--e5767328-50d8-4b8f-b15b-24437854372c.json new file mode 100644 index 00000000000..b24c65c61d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--e5767328-50d8-4b8f-b15b-24437854372c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47836e1f-c254-423a-9ca2-b584bfed9565", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5767328-50d8-4b8f-b15b-24437854372c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.220761Z", + "modified": "2024-12-13T00:40:41.220761Z", + "name": "CVE-2024-55587", + "description": "python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e61ef356-e274-4cbf-a99a-2bb4fb39b932.json b/objects/vulnerability/vulnerability--e61ef356-e274-4cbf-a99a-2bb4fb39b932.json new file mode 100644 index 00000000000..68b328a2ab1 --- /dev/null +++ b/objects/vulnerability/vulnerability--e61ef356-e274-4cbf-a99a-2bb4fb39b932.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1eb080f7-1cbf-435e-beef-bf932b9cbd6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e61ef356-e274-4cbf-a99a-2bb4fb39b932", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.426224Z", + "modified": "2024-12-13T00:40:39.426224Z", + "name": "CVE-2024-12484", + "description": "A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e81973a2-4fbb-418f-9696-7fc51534feb1.json b/objects/vulnerability/vulnerability--e81973a2-4fbb-418f-9696-7fc51534feb1.json new file mode 100644 index 00000000000..e58c42cd16d --- /dev/null +++ b/objects/vulnerability/vulnerability--e81973a2-4fbb-418f-9696-7fc51534feb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce0bc0d2-c17d-4075-90e7-6a77d03a0fd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e81973a2-4fbb-418f-9696-7fc51534feb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.243788Z", + "modified": "2024-12-13T00:40:41.243788Z", + "name": "CVE-2024-55884", + "description": "In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55884" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8ce542b-3bf2-44a6-8dc5-5b12140127f0.json b/objects/vulnerability/vulnerability--e8ce542b-3bf2-44a6-8dc5-5b12140127f0.json new file mode 100644 index 00000000000..24ace89f7d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8ce542b-3bf2-44a6-8dc5-5b12140127f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11171415-3865-46e8-9a0c-07e6503cff5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8ce542b-3bf2-44a6-8dc5-5b12140127f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.744165Z", + "modified": "2024-12-13T00:40:39.744165Z", + "name": "CVE-2024-47597", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb7f9091-9e39-46a9-9337-ea5223999b52.json b/objects/vulnerability/vulnerability--eb7f9091-9e39-46a9-9337-ea5223999b52.json new file mode 100644 index 00000000000..c6617cfb7f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb7f9091-9e39-46a9-9337-ea5223999b52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e816725-1b98-4577-8d6e-49607810c631", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb7f9091-9e39-46a9-9337-ea5223999b52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.114149Z", + "modified": "2024-12-13T00:40:41.114149Z", + "name": "CVE-2024-54119", + "description": "Cross-process screen stack vulnerability in the UIExtension module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54119" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec08285a-bc6b-4eeb-9453-a9df0bd083ef.json b/objects/vulnerability/vulnerability--ec08285a-bc6b-4eeb-9453-a9df0bd083ef.json new file mode 100644 index 00000000000..4905c46b1aa --- /dev/null +++ b/objects/vulnerability/vulnerability--ec08285a-bc6b-4eeb-9453-a9df0bd083ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22ad6d04-00de-44b9-b289-61c897feb87a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec08285a-bc6b-4eeb-9453-a9df0bd083ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.161388Z", + "modified": "2024-12-13T00:40:41.161388Z", + "name": "CVE-2024-54096", + "description": "Vulnerability of improper access control in the MTP module\nImpact: Successful exploitation of this vulnerability may affect integrity and accuracy.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec4c90e7-bebb-4f91-ad4b-4d545f07e478.json b/objects/vulnerability/vulnerability--ec4c90e7-bebb-4f91-ad4b-4d545f07e478.json new file mode 100644 index 00000000000..5e804c9ca4c --- /dev/null +++ b/objects/vulnerability/vulnerability--ec4c90e7-bebb-4f91-ad4b-4d545f07e478.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7654621-8593-4180-befa-b134204dffab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec4c90e7-bebb-4f91-ad4b-4d545f07e478", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.696059Z", + "modified": "2024-12-13T00:40:39.696059Z", + "name": "CVE-2024-47775", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47775" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ecea997e-cabe-4125-bfae-f13516fab54d.json b/objects/vulnerability/vulnerability--ecea997e-cabe-4125-bfae-f13516fab54d.json new file mode 100644 index 00000000000..a815ee70adc --- /dev/null +++ b/objects/vulnerability/vulnerability--ecea997e-cabe-4125-bfae-f13516fab54d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca7557d7-5134-4a60-8ba6-eefe4ee2422d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ecea997e-cabe-4125-bfae-f13516fab54d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.092922Z", + "modified": "2024-12-13T00:40:40.092922Z", + "name": "CVE-2024-11015", + "description": "The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed46f5e6-db14-4f95-826e-9038af551342.json b/objects/vulnerability/vulnerability--ed46f5e6-db14-4f95-826e-9038af551342.json new file mode 100644 index 00000000000..3e397d44d2e --- /dev/null +++ b/objects/vulnerability/vulnerability--ed46f5e6-db14-4f95-826e-9038af551342.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81308ee6-1fbf-4389-898e-6e851a10e105", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed46f5e6-db14-4f95-826e-9038af551342", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.532397Z", + "modified": "2024-12-13T00:40:39.532397Z", + "name": "CVE-2024-10043", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10043" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee130fde-7230-48b1-a74d-f8ddce1d3faf.json b/objects/vulnerability/vulnerability--ee130fde-7230-48b1-a74d-f8ddce1d3faf.json new file mode 100644 index 00000000000..3ff6532f740 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee130fde-7230-48b1-a74d-f8ddce1d3faf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6b4c1a3-e6c5-4381-bac5-bafe500f5cfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee130fde-7230-48b1-a74d-f8ddce1d3faf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.129632Z", + "modified": "2024-12-13T00:40:41.129632Z", + "name": "CVE-2024-54484", + "description": "The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef0ef356-f1d5-4880-92c3-67bb5ceadca7.json b/objects/vulnerability/vulnerability--ef0ef356-f1d5-4880-92c3-67bb5ceadca7.json new file mode 100644 index 00000000000..93ca69cda66 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef0ef356-f1d5-4880-92c3-67bb5ceadca7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b876b741-1a7c-4ad8-a0f9-27fdd3851b75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef0ef356-f1d5-4880-92c3-67bb5ceadca7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.453056Z", + "modified": "2024-12-13T00:40:39.453056Z", + "name": "CVE-2024-12406", + "description": "The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef69ad38-aa93-4363-badd-79a630115d9b.json b/objects/vulnerability/vulnerability--ef69ad38-aa93-4363-badd-79a630115d9b.json new file mode 100644 index 00000000000..e3a510dd8bf --- /dev/null +++ b/objects/vulnerability/vulnerability--ef69ad38-aa93-4363-badd-79a630115d9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93d732ac-6923-45e6-8e3c-326be1c1d57e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef69ad38-aa93-4363-badd-79a630115d9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.064932Z", + "modified": "2024-12-13T00:40:40.064932Z", + "name": "CVE-2024-11781", + "description": "The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f05c8410-0f8b-4b6c-ade3-c3de61cc6ac1.json b/objects/vulnerability/vulnerability--f05c8410-0f8b-4b6c-ade3-c3de61cc6ac1.json new file mode 100644 index 00000000000..9cde13a0ce6 --- /dev/null +++ b/objects/vulnerability/vulnerability--f05c8410-0f8b-4b6c-ade3-c3de61cc6ac1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c204a6f2-8960-49fb-b214-671485b153de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f05c8410-0f8b-4b6c-ade3-c3de61cc6ac1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.212312Z", + "modified": "2024-12-13T00:40:41.212312Z", + "name": "CVE-2024-55658", + "description": "SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f17a8b62-fb00-4416-ae23-6697add378e9.json b/objects/vulnerability/vulnerability--f17a8b62-fb00-4416-ae23-6697add378e9.json new file mode 100644 index 00000000000..f2e310b0779 --- /dev/null +++ b/objects/vulnerability/vulnerability--f17a8b62-fb00-4416-ae23-6697add378e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--805cb66f-cd99-44a7-b7c8-cf8951a97b09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f17a8b62-fb00-4416-ae23-6697add378e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.143214Z", + "modified": "2024-12-13T00:40:41.143214Z", + "name": "CVE-2024-54524", + "description": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54524" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f553b6cb-2958-4f45-86d6-9f3b8dd60177.json b/objects/vulnerability/vulnerability--f553b6cb-2958-4f45-86d6-9f3b8dd60177.json new file mode 100644 index 00000000000..e1259d23fa1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f553b6cb-2958-4f45-86d6-9f3b8dd60177.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb54940a-a3de-4c83-a279-f5261806de04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f553b6cb-2958-4f45-86d6-9f3b8dd60177", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.183506Z", + "modified": "2024-12-13T00:40:41.183506Z", + "name": "CVE-2024-54476", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f558a2ec-1d3e-422e-92cc-74b7b2cadae8.json b/objects/vulnerability/vulnerability--f558a2ec-1d3e-422e-92cc-74b7b2cadae8.json new file mode 100644 index 00000000000..cd71c809221 --- /dev/null +++ b/objects/vulnerability/vulnerability--f558a2ec-1d3e-422e-92cc-74b7b2cadae8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d935ab39-12d4-4112-924b-584819005fc8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f558a2ec-1d3e-422e-92cc-74b7b2cadae8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.215967Z", + "modified": "2024-12-13T00:40:40.215967Z", + "name": "CVE-2024-44290", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f563b949-10f3-492c-afcc-dc3d41beffad.json b/objects/vulnerability/vulnerability--f563b949-10f3-492c-afcc-dc3d41beffad.json new file mode 100644 index 00000000000..899c2116a88 --- /dev/null +++ b/objects/vulnerability/vulnerability--f563b949-10f3-492c-afcc-dc3d41beffad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5aeb254-4e76-458f-ac5a-210658f9078d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f563b949-10f3-492c-afcc-dc3d41beffad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.060414Z", + "modified": "2024-12-13T00:40:40.060414Z", + "name": "CVE-2024-11689", + "description": "The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displaySettingsPage() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5e12fbb-2b86-4afc-a0e0-24b2ed13df29.json b/objects/vulnerability/vulnerability--f5e12fbb-2b86-4afc-a0e0-24b2ed13df29.json new file mode 100644 index 00000000000..f50c1d271ba --- /dev/null +++ b/objects/vulnerability/vulnerability--f5e12fbb-2b86-4afc-a0e0-24b2ed13df29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c7576f8-2d9c-4030-9ab8-c6d62114e543", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5e12fbb-2b86-4afc-a0e0-24b2ed13df29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:40.071485Z", + "modified": "2024-12-13T00:40:40.071485Z", + "name": "CVE-2024-11279", + "description": "The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f67ba32b-e5fe-42e7-b481-f390d49f44f7.json b/objects/vulnerability/vulnerability--f67ba32b-e5fe-42e7-b481-f390d49f44f7.json new file mode 100644 index 00000000000..1861ab0515e --- /dev/null +++ b/objects/vulnerability/vulnerability--f67ba32b-e5fe-42e7-b481-f390d49f44f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b57b8516-965f-424f-bc5d-e2ff66d4f537", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f67ba32b-e5fe-42e7-b481-f390d49f44f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.603708Z", + "modified": "2024-12-13T00:40:39.603708Z", + "name": "CVE-2024-9881", + "description": "The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9881" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6dd374a-fb50-4520-bba3-74b90e6140e5.json b/objects/vulnerability/vulnerability--f6dd374a-fb50-4520-bba3-74b90e6140e5.json new file mode 100644 index 00000000000..a7f14a8011f --- /dev/null +++ b/objects/vulnerability/vulnerability--f6dd374a-fb50-4520-bba3-74b90e6140e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7009f695-7de6-405d-8685-1b1bca5c2c27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6dd374a-fb50-4520-bba3-74b90e6140e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.747574Z", + "modified": "2024-12-13T00:40:39.747574Z", + "name": "CVE-2024-47778", + "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47778" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f71378fb-ac94-4a09-a27c-d48e735fcec3.json b/objects/vulnerability/vulnerability--f71378fb-ac94-4a09-a27c-d48e735fcec3.json new file mode 100644 index 00000000000..57c956d39d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--f71378fb-ac94-4a09-a27c-d48e735fcec3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1d3ef3d-a877-484b-87bf-1a1de102f69e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f71378fb-ac94-4a09-a27c-d48e735fcec3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.54844Z", + "modified": "2024-12-13T00:40:39.54844Z", + "name": "CVE-2024-10590", + "description": "The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7223eaf-cccb-47f0-9196-bc6275a9f426.json b/objects/vulnerability/vulnerability--f7223eaf-cccb-47f0-9196-bc6275a9f426.json new file mode 100644 index 00000000000..0ba189fceda --- /dev/null +++ b/objects/vulnerability/vulnerability--f7223eaf-cccb-47f0-9196-bc6275a9f426.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce69c5e9-98b9-494b-98fe-f6a9025dc82a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7223eaf-cccb-47f0-9196-bc6275a9f426", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.22784Z", + "modified": "2024-12-13T00:40:41.22784Z", + "name": "CVE-2024-55877", + "description": "XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55877" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8090853-a3cc-4444-833f-b124f00a72d2.json b/objects/vulnerability/vulnerability--f8090853-a3cc-4444-833f-b124f00a72d2.json new file mode 100644 index 00000000000..c59cfcbc90a --- /dev/null +++ b/objects/vulnerability/vulnerability--f8090853-a3cc-4444-833f-b124f00a72d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e854fe2-ab1d-4132-bfb1-417d1adb4b24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8090853-a3cc-4444-833f-b124f00a72d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:41.209526Z", + "modified": "2024-12-13T00:40:41.209526Z", + "name": "CVE-2024-55662", + "description": "XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8d94da2-9bd4-40ac-81ce-721cba2f92b7.json b/objects/vulnerability/vulnerability--f8d94da2-9bd4-40ac-81ce-721cba2f92b7.json new file mode 100644 index 00000000000..bed03fafdf1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8d94da2-9bd4-40ac-81ce-721cba2f92b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be4cf8c9-3a69-429f-a86d-732d0b906197", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8d94da2-9bd4-40ac-81ce-721cba2f92b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.479893Z", + "modified": "2024-12-13T00:40:39.479893Z", + "name": "CVE-2024-12255", + "description": "The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12255" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb891272-07a5-4a36-bd37-bac1648e7844.json b/objects/vulnerability/vulnerability--fb891272-07a5-4a36-bd37-bac1648e7844.json new file mode 100644 index 00000000000..b64ff018d92 --- /dev/null +++ b/objects/vulnerability/vulnerability--fb891272-07a5-4a36-bd37-bac1648e7844.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16234e4f-04d2-49ca-9cc5-5ee5e6bb92ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb891272-07a5-4a36-bd37-bac1648e7844", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.722664Z", + "modified": "2024-12-13T00:40:39.722664Z", + "name": "CVE-2024-47947", + "description": "Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The \"Edit Disclaimer Text\" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL\n\n\n\n\n\n\n\n\n\nhttps://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre\n\nThe stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47947" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdb6ac6f-bcca-4778-9414-48cd24d18cdb.json b/objects/vulnerability/vulnerability--fdb6ac6f-bcca-4778-9414-48cd24d18cdb.json new file mode 100644 index 00000000000..e3e759aad7c --- /dev/null +++ b/objects/vulnerability/vulnerability--fdb6ac6f-bcca-4778-9414-48cd24d18cdb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91e0a0ed-1243-4dc4-94d9-5f503eb01535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdb6ac6f-bcca-4778-9414-48cd24d18cdb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.537463Z", + "modified": "2024-12-13T00:40:39.537463Z", + "name": "CVE-2024-10518", + "description": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff11a6f6-4ab8-45af-951a-a22542c19cfd.json b/objects/vulnerability/vulnerability--ff11a6f6-4ab8-45af-951a-a22542c19cfd.json new file mode 100644 index 00000000000..cdbf76ea144 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff11a6f6-4ab8-45af-951a-a22542c19cfd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f3219a0-e8b0-4d5f-b87a-8736157010a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff11a6f6-4ab8-45af-951a-a22542c19cfd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-13T00:40:39.432545Z", + "modified": "2024-12-13T00:40:39.432545Z", + "name": "CVE-2024-12059", + "description": "The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12059" + } + ] + } + ] +} \ No newline at end of file