From 308b1f471dfdddb538ddcc0a0f79f35f60d8415f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 00:28:55 +0000 Subject: [PATCH] generated content from 2024-01-13 --- mapping.csv | 129 ++++++++++++++++++ ...-03094c96-ba42-4155-99db-b2af03e33534.json | 22 +++ ...-053cbb7c-d00b-4664-8c37-274aa8eb21f7.json | 22 +++ ...-066cfbd9-b198-46da-b1bb-2dd73e6640ad.json | 22 +++ ...-07761e21-97b2-450a-827f-3cecacd812b0.json | 22 +++ ...-086fdd54-7aaa-4dc7-8c97-7a5527fe42cc.json | 22 +++ ...-0b102a5d-49fa-4b2b-8013-79240036036c.json | 22 +++ ...-0d8ffc61-d826-4a55-84bc-2f897b3313ee.json | 22 +++ ...-0dd49e7d-f086-4c18-9f49-a02d0c3f7a00.json | 22 +++ ...-10f0ebbe-842a-474e-9e21-9ff41d444153.json | 22 +++ ...-13db15a4-b5e9-46cb-90fe-cd7bb5de374d.json | 22 +++ ...-1ad40576-0a5d-42a9-b9e0-59309e20d46c.json | 22 +++ ...-1c973b85-e511-4eee-9031-53bfd0902793.json | 22 +++ ...-1e0b16c7-32e8-47da-8d62-d3b40093866f.json | 22 +++ ...-1fff9fef-c66c-4362-889a-28f557af33e3.json | 22 +++ ...-21a06598-61f9-48c1-9189-d1c5db03cea4.json | 22 +++ ...-227cebdb-8131-4e55-828b-04b18678cb0d.json | 22 +++ ...-255209af-ac00-4952-ad84-1d8ca39146a5.json | 22 +++ ...-25df2234-0251-4d1b-a5f1-11e6872f4bd0.json | 22 +++ ...-280a3eaa-fea1-4a27-8a2e-c56f8c54e43d.json | 22 +++ ...-2a653d89-6ee0-44d5-9730-8ccf3269f83f.json | 22 +++ ...-2ea3860a-8a25-401b-9fee-dbb054a6e380.json | 22 +++ ...-309df6aa-5780-4b36-87fc-acf7277cfb05.json | 22 +++ ...-30a936e7-2e1d-4519-ba8f-fb884d4f23c9.json | 22 +++ ...-3695133f-cb2a-43ef-a8d9-c80fe8ef026d.json | 22 +++ ...-372c33d0-2f83-4cc0-a550-a03a101d3efa.json | 22 +++ ...-379dc69c-055b-43ae-a91c-12c18a149be0.json | 22 +++ ...-40954a00-310a-4717-928d-1dc4312f685e.json | 22 +++ ...-435b77ec-faef-4403-839d-a0905f4ba4d3.json | 22 +++ ...-43a6457d-9722-484f-b9ed-cd2c203e3db8.json | 22 +++ ...-4614a1a8-03dc-45a8-9e38-58f6e076fd34.json | 22 +++ ...-467e8ba4-c079-42c6-a7e6-f10134c71b9f.json | 22 +++ ...-473743d4-e54c-4338-b564-431ffb3a0069.json | 22 +++ ...-4785d978-96c5-4f26-b37e-1d0687284071.json | 22 +++ ...-4c8891d1-40b3-48ca-ad92-dc8cc1d237a3.json | 22 +++ ...-4cb3c394-52b9-499c-9685-e6c0978567c7.json | 22 +++ ...-517c4e55-5f24-4b3d-8f58-40c274073ca2.json | 22 +++ ...-519a799b-c3b7-4b2d-977a-f7bf7cd74c63.json | 22 +++ ...-51c266ba-165f-4d65-8916-cb4798f4ac5e.json | 22 +++ ...-53cc8c1f-0a11-4226-ba56-60260e71ad5b.json | 22 +++ ...-54f2c24f-5ccd-4138-b596-5b86fd811d2f.json | 22 +++ ...-57977edd-870e-4dc3-85bb-4699f171ca79.json | 22 +++ ...-5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5.json | 22 +++ ...-625e2d9a-288d-48f9-8861-1e841c8d9f9f.json | 22 +++ ...-6320d74a-1d7b-4534-a303-7d8737e30347.json | 22 +++ ...-63bfe16d-0d22-4076-b375-d41490bb7941.json | 22 +++ ...-6901785c-7f6a-4129-a44b-7f4108d74c46.json | 22 +++ ...-6af41b7a-43c2-436f-a53e-f06fa5d1bdf5.json | 22 +++ ...-6dee4368-3531-4121-983e-9f31fb333879.json | 22 +++ ...-6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0.json | 22 +++ ...-6fd08d8c-8ac4-4436-a472-67d04c1568a1.json | 22 +++ ...-73f6b3a2-cee5-45e7-899b-bfe82ad769f2.json | 22 +++ ...-75987cee-2251-40ae-9707-1e056e18a600.json | 22 +++ ...-7a709d19-8422-407d-8f65-1a3a36e6ca21.json | 22 +++ ...-7d5c65dd-5abf-4481-9aae-a03dc2da2447.json | 22 +++ ...-7d5eff1b-de30-47fa-bdfb-74b28305c145.json | 22 +++ ...-7d83caf1-7443-439f-9154-e763181dc602.json | 22 +++ ...-813d4970-7dfb-480d-8ca9-54b1a128c1a7.json | 22 +++ ...-8357af51-c9d7-4543-8ec7-fdbecc498adf.json | 22 +++ ...-83c3be31-8541-4925-94e1-cee7ff35e562.json | 22 +++ ...-84da451f-a3da-47e0-bfaa-b4a3bf6d095b.json | 22 +++ ...-887f3f50-ddcb-413b-9835-03ca8faec992.json | 22 +++ ...-899242fb-5638-480f-8f19-8d6e3bfe2a11.json | 22 +++ ...-8c2a569e-f752-4144-8a52-1725f04fa88e.json | 22 +++ ...-8c3da32d-7f80-4571-bfb7-fe7179d298d4.json | 22 +++ ...-8ccf1077-0644-4943-a680-1f6f4ba34444.json | 22 +++ ...-8ed330b3-0a85-48e3-b7ee-44b21f85f228.json | 22 +++ ...-900e998c-c1e2-4e00-aa51-6a0ec8959325.json | 22 +++ ...-9089d152-e572-4d16-a463-c7df65e0665f.json | 22 +++ ...-92d8812e-9d54-474e-9c9d-97f8a316eec8.json | 22 +++ ...-93f88a77-4f73-49c8-a281-3a7afd55d053.json | 22 +++ ...-957b4a2f-1ba4-41d8-9383-d781b802fda3.json | 22 +++ ...-9942c649-9292-4cba-94e3-33d9941e89f3.json | 22 +++ ...-995987e9-91f6-4381-b929-2314242e38d1.json | 22 +++ ...-9ac0c304-385d-4e69-943e-6ff6621a9b42.json | 22 +++ ...-a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157.json | 22 +++ ...-a15b091f-084c-433c-99b5-005bd20dccf4.json | 22 +++ ...-a165cdbe-c5b1-4104-b748-559a87c20b8f.json | 22 +++ ...-a2fafd41-45d3-4946-813a-d05ceccc37b9.json | 22 +++ ...-a445b4c9-1db1-4575-b7c9-e146027fe937.json | 22 +++ ...-a69f9eef-87de-44ba-83d2-5a35d2b64508.json | 22 +++ ...-a8327979-2b5b-40ee-9b81-e4520f6c67fa.json | 22 +++ ...-a8c4e19e-0ce0-4376-aa02-70654c6eeb1a.json | 22 +++ ...-aac30230-6b26-4497-b4dd-57cda4856d23.json | 22 +++ ...-ac652b4a-db5e-49d5-957b-a7f8f566a052.json | 22 +++ ...-ad6c1bb9-cf21-4682-8a1d-83613778c324.json | 22 +++ ...-aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7.json | 22 +++ ...-b09b6150-cd78-4885-ab91-3796c3d426f9.json | 22 +++ ...-b0be1ee7-078c-45fa-9287-d2912fd487e4.json | 22 +++ ...-b464e40f-3d3b-4a69-847b-8ce48abed1df.json | 22 +++ ...-b683c079-b7a5-48da-8731-a3839bd5efd3.json | 22 +++ ...-b72049ab-5161-48c5-9a20-40bbe82f664f.json | 22 +++ ...-b74cbce8-54a3-4935-b999-45d624491354.json | 22 +++ ...-b7a1006a-04d6-4500-a5c4-fb3ce84d3841.json | 22 +++ ...-b87ae984-97f5-4f0b-b280-88f9351bfd25.json | 22 +++ ...-ba4a5d1a-b370-4583-9f02-73d151515fe0.json | 22 +++ ...-bea77cf8-68f2-4365-83bd-8b5bc47ea281.json | 22 +++ ...-beec453f-0185-49da-aa12-fe00d80968ff.json | 22 +++ ...-bf56683a-d9de-403d-bb22-63f9989537f1.json | 22 +++ ...-c2c96b02-670f-45d6-af32-c08ceffe571f.json | 22 +++ ...-c3536761-847f-445f-9bea-fb2714226380.json | 22 +++ ...-c3a45434-5f0a-4eb2-9300-2478375899d0.json | 22 +++ ...-c8e0a32f-422f-45ba-bc62-30bc56a3f870.json | 22 +++ ...-c976b0b2-5934-4340-89e4-99453d31a9a7.json | 22 +++ ...-cadaf612-7999-43be-bc12-8c8c21762d94.json | 22 +++ ...-cbbc66a0-822d-4a04-b6a9-0fceb43739b5.json | 22 +++ ...-cd4d11a1-c91f-4588-81d8-c21361e11334.json | 22 +++ ...-ce15b4e1-a70b-4713-b60e-f35bde03ac17.json | 22 +++ ...-cff8bf2d-5106-48a4-ad89-67e385d8beb9.json | 22 +++ ...-d0229be1-a7f5-4d83-9d7e-c30b9bb83916.json | 22 +++ ...-d26c97cf-3ec6-4371-985d-efe7d3e856cf.json | 22 +++ ...-d518a581-6ea6-460b-a9ac-06aa1c90f568.json | 22 +++ ...-d6f7e012-344f-406a-8eb9-eb59dc2d104d.json | 22 +++ ...-d76bf4cc-858d-4b88-99f1-0ddb0a5174e6.json | 22 +++ ...-d785d5a6-2518-4b4b-9d27-5fd41cdc49aa.json | 22 +++ ...-db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6.json | 22 +++ ...-e0cd1c21-3567-44e9-b044-f09d01bcbf47.json | 22 +++ ...-e183728a-7007-4e9d-952e-775fc8c0cae6.json | 22 +++ ...-e2912f84-af28-43ee-8e2b-f27c4c0095af.json | 22 +++ ...-e37772a6-1f66-4408-8e00-e360e15919ad.json | 22 +++ ...-e40169f0-3f56-44a9-837c-a548096b8f57.json | 22 +++ ...-e4697c8d-b8cd-4957-8162-27a3432f2fd7.json | 22 +++ ...-e65432c2-7226-4be2-9a37-941f849056a2.json | 22 +++ ...-e70bbc25-b2b5-4cab-821a-b5df3a5f14d1.json | 22 +++ ...-eaac9a77-fa43-41ff-bc08-d679806d483b.json | 22 +++ ...-eec781c5-b5c4-40ca-acc0-5ccc17505bba.json | 22 +++ ...-f31d2048-de77-482c-b59e-27d3cbe20f9f.json | 22 +++ ...-f3c71516-5cac-4e0e-8793-aede439d6d95.json | 22 +++ ...-f41c8048-f576-444e-80ff-60b57eb81fbd.json | 22 +++ ...-f64facb0-8d54-44af-8f85-1bf4d60033b8.json | 22 +++ 130 files changed, 2967 insertions(+) create mode 100644 objects/vulnerability/vulnerability--03094c96-ba42-4155-99db-b2af03e33534.json create mode 100644 objects/vulnerability/vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7.json create mode 100644 objects/vulnerability/vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad.json create mode 100644 objects/vulnerability/vulnerability--07761e21-97b2-450a-827f-3cecacd812b0.json create mode 100644 objects/vulnerability/vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc.json create mode 100644 objects/vulnerability/vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c.json create mode 100644 objects/vulnerability/vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee.json create mode 100644 objects/vulnerability/vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00.json create mode 100644 objects/vulnerability/vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153.json create mode 100644 objects/vulnerability/vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d.json create mode 100644 objects/vulnerability/vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c.json create mode 100644 objects/vulnerability/vulnerability--1c973b85-e511-4eee-9031-53bfd0902793.json create mode 100644 objects/vulnerability/vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f.json create mode 100644 objects/vulnerability/vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3.json create mode 100644 objects/vulnerability/vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4.json create mode 100644 objects/vulnerability/vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d.json create mode 100644 objects/vulnerability/vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5.json create mode 100644 objects/vulnerability/vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0.json create mode 100644 objects/vulnerability/vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d.json create mode 100644 objects/vulnerability/vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f.json create mode 100644 objects/vulnerability/vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380.json create mode 100644 objects/vulnerability/vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05.json create mode 100644 objects/vulnerability/vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9.json create mode 100644 objects/vulnerability/vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d.json create mode 100644 objects/vulnerability/vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa.json create mode 100644 objects/vulnerability/vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0.json create mode 100644 objects/vulnerability/vulnerability--40954a00-310a-4717-928d-1dc4312f685e.json create mode 100644 objects/vulnerability/vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3.json create mode 100644 objects/vulnerability/vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8.json create mode 100644 objects/vulnerability/vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34.json create mode 100644 objects/vulnerability/vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f.json create mode 100644 objects/vulnerability/vulnerability--473743d4-e54c-4338-b564-431ffb3a0069.json create mode 100644 objects/vulnerability/vulnerability--4785d978-96c5-4f26-b37e-1d0687284071.json create mode 100644 objects/vulnerability/vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3.json create mode 100644 objects/vulnerability/vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7.json create mode 100644 objects/vulnerability/vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2.json create mode 100644 objects/vulnerability/vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63.json create mode 100644 objects/vulnerability/vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e.json create mode 100644 objects/vulnerability/vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b.json create mode 100644 objects/vulnerability/vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f.json create mode 100644 objects/vulnerability/vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79.json create mode 100644 objects/vulnerability/vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5.json create mode 100644 objects/vulnerability/vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f.json create mode 100644 objects/vulnerability/vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347.json create mode 100644 objects/vulnerability/vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941.json create mode 100644 objects/vulnerability/vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46.json create mode 100644 objects/vulnerability/vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5.json create mode 100644 objects/vulnerability/vulnerability--6dee4368-3531-4121-983e-9f31fb333879.json create mode 100644 objects/vulnerability/vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0.json create mode 100644 objects/vulnerability/vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1.json create mode 100644 objects/vulnerability/vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2.json create mode 100644 objects/vulnerability/vulnerability--75987cee-2251-40ae-9707-1e056e18a600.json create mode 100644 objects/vulnerability/vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21.json create mode 100644 objects/vulnerability/vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447.json create mode 100644 objects/vulnerability/vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145.json create mode 100644 objects/vulnerability/vulnerability--7d83caf1-7443-439f-9154-e763181dc602.json create mode 100644 objects/vulnerability/vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7.json create mode 100644 objects/vulnerability/vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf.json create mode 100644 objects/vulnerability/vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562.json create mode 100644 objects/vulnerability/vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b.json create mode 100644 objects/vulnerability/vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992.json create mode 100644 objects/vulnerability/vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11.json create mode 100644 objects/vulnerability/vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e.json create mode 100644 objects/vulnerability/vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4.json create mode 100644 objects/vulnerability/vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444.json create mode 100644 objects/vulnerability/vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228.json create mode 100644 objects/vulnerability/vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325.json create mode 100644 objects/vulnerability/vulnerability--9089d152-e572-4d16-a463-c7df65e0665f.json create mode 100644 objects/vulnerability/vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8.json create mode 100644 objects/vulnerability/vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053.json create mode 100644 objects/vulnerability/vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3.json create mode 100644 objects/vulnerability/vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3.json create mode 100644 objects/vulnerability/vulnerability--995987e9-91f6-4381-b929-2314242e38d1.json create mode 100644 objects/vulnerability/vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42.json create mode 100644 objects/vulnerability/vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157.json create mode 100644 objects/vulnerability/vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4.json create mode 100644 objects/vulnerability/vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f.json create mode 100644 objects/vulnerability/vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9.json create mode 100644 objects/vulnerability/vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937.json create mode 100644 objects/vulnerability/vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508.json create mode 100644 objects/vulnerability/vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa.json create mode 100644 objects/vulnerability/vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a.json create mode 100644 objects/vulnerability/vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23.json create mode 100644 objects/vulnerability/vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052.json create mode 100644 objects/vulnerability/vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324.json create mode 100644 objects/vulnerability/vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7.json create mode 100644 objects/vulnerability/vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9.json create mode 100644 objects/vulnerability/vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4.json create mode 100644 objects/vulnerability/vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df.json create mode 100644 objects/vulnerability/vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3.json create mode 100644 objects/vulnerability/vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f.json create mode 100644 objects/vulnerability/vulnerability--b74cbce8-54a3-4935-b999-45d624491354.json create mode 100644 objects/vulnerability/vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841.json create mode 100644 objects/vulnerability/vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25.json create mode 100644 objects/vulnerability/vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0.json create mode 100644 objects/vulnerability/vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281.json create mode 100644 objects/vulnerability/vulnerability--beec453f-0185-49da-aa12-fe00d80968ff.json create mode 100644 objects/vulnerability/vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1.json create mode 100644 objects/vulnerability/vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f.json create mode 100644 objects/vulnerability/vulnerability--c3536761-847f-445f-9bea-fb2714226380.json create mode 100644 objects/vulnerability/vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0.json create mode 100644 objects/vulnerability/vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870.json create mode 100644 objects/vulnerability/vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7.json create mode 100644 objects/vulnerability/vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94.json create mode 100644 objects/vulnerability/vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5.json create mode 100644 objects/vulnerability/vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334.json create mode 100644 objects/vulnerability/vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17.json create mode 100644 objects/vulnerability/vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9.json create mode 100644 objects/vulnerability/vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916.json create mode 100644 objects/vulnerability/vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf.json create mode 100644 objects/vulnerability/vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568.json create mode 100644 objects/vulnerability/vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d.json create mode 100644 objects/vulnerability/vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6.json create mode 100644 objects/vulnerability/vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa.json create mode 100644 objects/vulnerability/vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6.json create mode 100644 objects/vulnerability/vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47.json create mode 100644 objects/vulnerability/vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6.json create mode 100644 objects/vulnerability/vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af.json create mode 100644 objects/vulnerability/vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad.json create mode 100644 objects/vulnerability/vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57.json create mode 100644 objects/vulnerability/vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7.json create mode 100644 objects/vulnerability/vulnerability--e65432c2-7226-4be2-9a37-941f849056a2.json create mode 100644 objects/vulnerability/vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1.json create mode 100644 objects/vulnerability/vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b.json create mode 100644 objects/vulnerability/vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba.json create mode 100644 objects/vulnerability/vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f.json create mode 100644 objects/vulnerability/vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95.json create mode 100644 objects/vulnerability/vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd.json create mode 100644 objects/vulnerability/vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8.json diff --git a/mapping.csv b/mapping.csv index 8b846224ece..7c518a36f2f 100644 --- a/mapping.csv +++ b/mapping.csv @@ -222623,3 +222623,132 @@ vulnerability,CVE-2024-0422,vulnerability--62da88a6-9f92-4c74-9d1f-2b8e6c18b8ac vulnerability,CVE-2022-4958,vulnerability--68c41ba0-8cee-44b3-aa8c-bc598190e2af vulnerability,CVE-2022-4959,vulnerability--68342e6f-eff1-4fe7-8430-669b43c40e04 vulnerability,CVE-2022-40361,vulnerability--1e734a09-7736-4959-899c-c7ad53c65a6a +vulnerability,CVE-2023-5356,vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf +vulnerability,CVE-2023-7028,vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23 +vulnerability,CVE-2023-52339,vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992 +vulnerability,CVE-2023-52026,vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3 +vulnerability,CVE-2023-4812,vulnerability--07761e21-97b2-450a-827f-3cecacd812b0 +vulnerability,CVE-2023-28897,vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568 +vulnerability,CVE-2023-28899,vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3 +vulnerability,CVE-2023-28898,vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2 +vulnerability,CVE-2023-42463,vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1 +vulnerability,CVE-2023-30014,vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d +vulnerability,CVE-2023-30015,vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f +vulnerability,CVE-2023-30016,vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c +vulnerability,CVE-2023-37117,vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f +vulnerability,CVE-2023-34061,vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3 +vulnerability,CVE-2023-49801,vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa +vulnerability,CVE-2023-49261,vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f +vulnerability,CVE-2023-49258,vulnerability--1c973b85-e511-4eee-9031-53bfd0902793 +vulnerability,CVE-2023-49647,vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d +vulnerability,CVE-2023-49099,vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145 +vulnerability,CVE-2023-49253,vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11 +vulnerability,CVE-2023-49260,vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0 +vulnerability,CVE-2023-49259,vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57 +vulnerability,CVE-2023-49262,vulnerability--c3536761-847f-445f-9bea-fb2714226380 +vulnerability,CVE-2023-49569,vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc +vulnerability,CVE-2023-49255,vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f +vulnerability,CVE-2023-49568,vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1 +vulnerability,CVE-2023-49098,vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9 +vulnerability,CVE-2023-49257,vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf +vulnerability,CVE-2023-49256,vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba +vulnerability,CVE-2023-49254,vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2 +vulnerability,CVE-2023-51806,vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508 +vulnerability,CVE-2023-51698,vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df +vulnerability,CVE-2023-51978,vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153 +vulnerability,CVE-2023-51790,vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7 +vulnerability,CVE-2023-51949,vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6 +vulnerability,CVE-2023-46805,vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444 +vulnerability,CVE-2023-2030,vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8 +vulnerability,CVE-2023-48297,vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347 +vulnerability,CVE-2023-48909,vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b +vulnerability,CVE-2023-48166,vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa +vulnerability,CVE-2023-31033,vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325 +vulnerability,CVE-2023-31024,vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916 +vulnerability,CVE-2023-31030,vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f +vulnerability,CVE-2023-31025,vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3 +vulnerability,CVE-2023-31031,vulnerability--75987cee-2251-40ae-9707-1e056e18a600 +vulnerability,CVE-2023-31035,vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af +vulnerability,CVE-2023-31034,vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f +vulnerability,CVE-2023-31036,vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21 +vulnerability,CVE-2023-31032,vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd +vulnerability,CVE-2023-31211,vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941 +vulnerability,CVE-2023-31029,vulnerability--40954a00-310a-4717-928d-1dc4312f685e +vulnerability,CVE-2023-0437,vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa +vulnerability,CVE-2023-50919,vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17 +vulnerability,CVE-2023-50920,vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34 +vulnerability,CVE-2023-36842,vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4 +vulnerability,CVE-2023-6740,vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6 +vulnerability,CVE-2023-6040,vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d +vulnerability,CVE-2023-6683,vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937 +vulnerability,CVE-2023-6955,vulnerability--473743d4-e54c-4338-b564-431ffb3a0069 +vulnerability,CVE-2023-6735,vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a +vulnerability,CVE-2023-40250,vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f +vulnerability,CVE-2023-40362,vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95 +vulnerability,CVE-2010-10011,vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7 +vulnerability,CVE-2016-20021,vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4 +vulnerability,CVE-2024-23173,vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6 +vulnerability,CVE-2024-23177,vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1 +vulnerability,CVE-2024-23178,vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7 +vulnerability,CVE-2024-23172,vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5 +vulnerability,CVE-2024-23171,vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05 +vulnerability,CVE-2024-23179,vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d +vulnerability,CVE-2024-23301,vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7 +vulnerability,CVE-2024-23174,vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e +vulnerability,CVE-2024-21587,vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94 +vulnerability,CVE-2024-21606,vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46 +vulnerability,CVE-2024-21600,vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63 +vulnerability,CVE-2024-21585,vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47 +vulnerability,CVE-2024-21612,vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0 +vulnerability,CVE-2024-21887,vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8 +vulnerability,CVE-2024-21594,vulnerability--03094c96-ba42-4155-99db-b2af03e33534 +vulnerability,CVE-2024-21607,vulnerability--e65432c2-7226-4be2-9a37-941f849056a2 +vulnerability,CVE-2024-21601,vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42 +vulnerability,CVE-2024-21595,vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228 +vulnerability,CVE-2024-21604,vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334 +vulnerability,CVE-2024-21639,vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0 +vulnerability,CVE-2024-21603,vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281 +vulnerability,CVE-2024-21614,vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841 +vulnerability,CVE-2024-21613,vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8 +vulnerability,CVE-2024-21589,vulnerability--beec453f-0185-49da-aa12-fe00d80968ff +vulnerability,CVE-2024-21655,vulnerability--6dee4368-3531-4121-983e-9f31fb333879 +vulnerability,CVE-2024-21597,vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f +vulnerability,CVE-2024-21591,vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5 +vulnerability,CVE-2024-21611,vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4 +vulnerability,CVE-2024-21616,vulnerability--9089d152-e572-4d16-a463-c7df65e0665f +vulnerability,CVE-2024-21596,vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee +vulnerability,CVE-2024-21654,vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7 +vulnerability,CVE-2024-21617,vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4 +vulnerability,CVE-2024-21602,vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052 +vulnerability,CVE-2024-21599,vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7 +vulnerability,CVE-2024-22206,vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25 +vulnerability,CVE-2024-22494,vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870 +vulnerability,CVE-2024-22137,vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562 +vulnerability,CVE-2024-22027,vulnerability--995987e9-91f6-4381-b929-2314242e38d1 +vulnerability,CVE-2024-22493,vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9 +vulnerability,CVE-2024-22142,vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053 +vulnerability,CVE-2024-22492,vulnerability--b74cbce8-54a3-4935-b999-45d624491354 +vulnerability,CVE-2024-0475,vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d +vulnerability,CVE-2024-0454,vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3 +vulnerability,CVE-2024-0464,vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f +vulnerability,CVE-2024-0467,vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157 +vulnerability,CVE-2024-0466,vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3 +vulnerability,CVE-2024-0460,vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c +vulnerability,CVE-2024-0474,vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad +vulnerability,CVE-2024-0472,vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad +vulnerability,CVE-2024-0468,vulnerability--4785d978-96c5-4f26-b37e-1d0687284071 +vulnerability,CVE-2024-0463,vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e +vulnerability,CVE-2024-0462,vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b +vulnerability,CVE-2024-0470,vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00 +vulnerability,CVE-2024-0230,vulnerability--7d83caf1-7443-439f-9154-e763181dc602 +vulnerability,CVE-2024-0471,vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5 +vulnerability,CVE-2024-0469,vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b +vulnerability,CVE-2024-0473,vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79 +vulnerability,CVE-2024-0461,vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0 +vulnerability,CVE-2024-0465,vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380 +vulnerability,CVE-2024-0459,vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447 +vulnerability,CVE-2022-4960,vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9 +vulnerability,CVE-2022-4961,vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5 +vulnerability,CVE-2022-4962,vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324 +vulnerability,CVE-2022-48619,vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0 +vulnerability,CVE-2022-48620,vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9 diff --git a/objects/vulnerability/vulnerability--03094c96-ba42-4155-99db-b2af03e33534.json b/objects/vulnerability/vulnerability--03094c96-ba42-4155-99db-b2af03e33534.json new file mode 100644 index 00000000000..c5ce45102b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--03094c96-ba42-4155-99db-b2af03e33534.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--459f9e4c-096d-4bca-9b9c-f931e229d541", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03094c96-ba42-4155-99db-b2af03e33534", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.125606Z", + "modified": "2024-01-13T00:28:39.125606Z", + "name": "CVE-2024-21594", + "description": "\nA Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS).\n\nOn an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash.\n\nThe NSD process has to be restarted to restore services.\n\nIf this issue occurs, it can be checked with the following command:\n\nuser@host> request security policies check\nThe following log message can also be observed:\n\nError: policies are out of sync for PFE node.fpc.pic.\nThis issue affects:\n\nJuniper Networks Junos OS on SRX 5000 Series\n\n\n\n * All versions earlier than 20.4R3-S6;\n * 21.1 versions earlier than 21.1R3-S5;\n * 21.2 versions earlier than 21.2R3-S4;\n * 21.3 versions earlier than 21.3R3-S3;\n * 21.4 versions earlier than 21.4R3-S3;\n * 22.1 versions earlier than 22.1R3-S1;\n * 22.2 versions earlier than 22.2R3;\n * 22.3 versions earlier than 22.3R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21594" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7.json b/objects/vulnerability/vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7.json new file mode 100644 index 00000000000..0208fd0fede --- /dev/null +++ b/objects/vulnerability/vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0954668d-7bd9-493f-bbf0-5ce9ed95a26d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--053cbb7c-d00b-4664-8c37-274aa8eb21f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:32.645012Z", + "modified": "2024-01-13T00:28:32.645012Z", + "name": "CVE-2010-10011", + "description": "A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2010-10011" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad.json b/objects/vulnerability/vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad.json new file mode 100644 index 00000000000..306081f9059 --- /dev/null +++ b/objects/vulnerability/vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e7b9ead-ecaf-40ce-984b-53b5d4d3d9e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--066cfbd9-b198-46da-b1bb-2dd73e6640ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.283545Z", + "modified": "2024-01-13T00:28:39.283545Z", + "name": "CVE-2024-0474", + "description": "A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07761e21-97b2-450a-827f-3cecacd812b0.json b/objects/vulnerability/vulnerability--07761e21-97b2-450a-827f-3cecacd812b0.json new file mode 100644 index 00000000000..fd4a636cac7 --- /dev/null +++ b/objects/vulnerability/vulnerability--07761e21-97b2-450a-827f-3cecacd812b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42857f86-a27c-4f7a-b509-91340cfb05e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07761e21-97b2-450a-827f-3cecacd812b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.519368Z", + "modified": "2024-01-13T00:28:29.519368Z", + "name": "CVE-2023-4812", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4812" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc.json b/objects/vulnerability/vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc.json new file mode 100644 index 00000000000..05e204053b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f4f03c9-589c-49f9-8135-0ccf2473156e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--086fdd54-7aaa-4dc7-8c97-7a5527fe42cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.356887Z", + "modified": "2024-01-13T00:28:30.356887Z", + "name": "CVE-2023-49569", + "description": "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\n\nApplications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS  or in-memory filesystems are not affected by this issue.\nThis is a go-git implementation issue and does not affect the upstream git cli.\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c.json b/objects/vulnerability/vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c.json new file mode 100644 index 00000000000..680d0bbb092 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5585027f-e19f-4d15-8bc5-8d06c09c799d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b102a5d-49fa-4b2b-8013-79240036036c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.281964Z", + "modified": "2024-01-13T00:28:39.281964Z", + "name": "CVE-2024-0460", + "description": "A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0460" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee.json b/objects/vulnerability/vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee.json new file mode 100644 index 00000000000..762df06c481 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fd6ed77-5064-4dd4-a433-70674889e65c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d8ffc61-d826-4a55-84bc-2f897b3313ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.157464Z", + "modified": "2024-01-13T00:28:39.157464Z", + "name": "CVE-2024-21596", + "description": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00.json b/objects/vulnerability/vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00.json new file mode 100644 index 00000000000..86749f925dc --- /dev/null +++ b/objects/vulnerability/vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--574e845a-fd86-4c88-8696-08ca81f25383", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0dd49e7d-f086-4c18-9f49-a02d0c3f7a00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.29663Z", + "modified": "2024-01-13T00:28:39.29663Z", + "name": "CVE-2024-0470", + "description": "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153.json b/objects/vulnerability/vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153.json new file mode 100644 index 00000000000..14529dc92ec --- /dev/null +++ b/objects/vulnerability/vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c38a1871-f6ee-4f3e-8690-b97927c9992f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10f0ebbe-842a-474e-9e21-9ff41d444153", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.420825Z", + "modified": "2024-01-13T00:28:30.420825Z", + "name": "CVE-2023-51978", + "description": "In PHPGurukul Art Gallery Management System v1.1, \"Update Artist Image\" functionality of \"imageid\" parameter is vulnerable to SQL Injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d.json b/objects/vulnerability/vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d.json new file mode 100644 index 00000000000..ec3d4d434ec --- /dev/null +++ b/objects/vulnerability/vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94acf027-52e5-485f-a231-8972547652bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13db15a4-b5e9-46cb-90fe-cd7bb5de374d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.333478Z", + "modified": "2024-01-13T00:28:30.333478Z", + "name": "CVE-2023-49647", + "description": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c.json b/objects/vulnerability/vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c.json new file mode 100644 index 00000000000..2c46caac27e --- /dev/null +++ b/objects/vulnerability/vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eff4a736-09b9-481c-a243-66c5d6df5ff8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ad40576-0a5d-42a9-b9e0-59309e20d46c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.722705Z", + "modified": "2024-01-13T00:28:29.722705Z", + "name": "CVE-2023-30016", + "description": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c973b85-e511-4eee-9031-53bfd0902793.json b/objects/vulnerability/vulnerability--1c973b85-e511-4eee-9031-53bfd0902793.json new file mode 100644 index 00000000000..df665e8ae7d --- /dev/null +++ b/objects/vulnerability/vulnerability--1c973b85-e511-4eee-9031-53bfd0902793.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--385dc3a0-c578-467d-bd17-0faae17638ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c973b85-e511-4eee-9031-53bfd0902793", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.331646Z", + "modified": "2024-01-13T00:28:30.331646Z", + "name": "CVE-2023-49258", + "description": "User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at \"/gui/terminal_tool.cgi\" in the \"data\" parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f.json b/objects/vulnerability/vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f.json new file mode 100644 index 00000000000..01304c3e27d --- /dev/null +++ b/objects/vulnerability/vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c811c68e-3e97-43ef-922c-188ec7a577c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e0b16c7-32e8-47da-8d62-d3b40093866f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.360499Z", + "modified": "2024-01-13T00:28:30.360499Z", + "name": "CVE-2023-49255", + "description": "The router console is accessible without authentication at \"data\" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49255" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3.json b/objects/vulnerability/vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3.json new file mode 100644 index 00000000000..d09049ba3fe --- /dev/null +++ b/objects/vulnerability/vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e76518f-3cd2-4448-838a-7865faa23946", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fff9fef-c66c-4362-889a-28f557af33e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.271732Z", + "modified": "2024-01-13T00:28:39.271732Z", + "name": "CVE-2024-0454", + "description": "ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.\nThis fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.\nVersion which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4.json b/objects/vulnerability/vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4.json new file mode 100644 index 00000000000..768a868a965 --- /dev/null +++ b/objects/vulnerability/vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14b8a878-f434-4737-9f81-c9d39547c6cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21a06598-61f9-48c1-9189-d1c5db03cea4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:33.889749Z", + "modified": "2024-01-13T00:28:33.889749Z", + "name": "CVE-2016-20021", + "description": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2016-20021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d.json b/objects/vulnerability/vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d.json new file mode 100644 index 00000000000..675803246d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3ee1a15-68b3-4975-b130-237a67c8a70b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--227cebdb-8131-4e55-828b-04b18678cb0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.708039Z", + "modified": "2024-01-13T00:28:29.708039Z", + "name": "CVE-2023-30014", + "description": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5.json b/objects/vulnerability/vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5.json new file mode 100644 index 00000000000..56701a00f7b --- /dev/null +++ b/objects/vulnerability/vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfc0e623-30df-451b-a060-7e6c7764460e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--255209af-ac00-4952-ad84-1d8ca39146a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.299462Z", + "modified": "2024-01-13T00:28:39.299462Z", + "name": "CVE-2024-0471", + "description": "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0.json b/objects/vulnerability/vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0.json new file mode 100644 index 00000000000..343177a46d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07be23c9-b964-40d6-a8ea-9b8148e8e92a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25df2234-0251-4d1b-a5f1-11e6872f4bd0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.119325Z", + "modified": "2024-01-13T00:28:39.119325Z", + "name": "CVE-2024-21612", + "description": "\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d.json b/objects/vulnerability/vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d.json new file mode 100644 index 00000000000..72f875c577f --- /dev/null +++ b/objects/vulnerability/vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dee18642-4343-43aa-a525-d0bd47b71bbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--280a3eaa-fea1-4a27-8a2e-c56f8c54e43d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.269835Z", + "modified": "2024-01-13T00:28:39.269835Z", + "name": "CVE-2024-0475", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f.json b/objects/vulnerability/vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f.json new file mode 100644 index 00000000000..8a57be4905d --- /dev/null +++ b/objects/vulnerability/vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d440ac9-01fe-462d-91c9-f6fa5255e5c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a653d89-6ee0-44d5-9730-8ccf3269f83f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.709995Z", + "modified": "2024-01-13T00:28:29.709995Z", + "name": "CVE-2023-30015", + "description": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380.json b/objects/vulnerability/vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380.json new file mode 100644 index 00000000000..07b6f29be5d --- /dev/null +++ b/objects/vulnerability/vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b1459d2-5e49-4743-8ce6-8521e8dd08cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ea3860a-8a25-401b-9fee-dbb054a6e380", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.308858Z", + "modified": "2024-01-13T00:28:39.308858Z", + "name": "CVE-2024-0465", + "description": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0465" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05.json b/objects/vulnerability/vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05.json new file mode 100644 index 00000000000..b6da376b4c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98a6eab4-fcf0-4e5c-b3e1-604d3e86d92c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--309df6aa-5780-4b36-87fc-acf7277cfb05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.095498Z", + "modified": "2024-01-13T00:28:39.095498Z", + "name": "CVE-2024-23171", + "description": "An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9.json b/objects/vulnerability/vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9.json new file mode 100644 index 00000000000..97dbe3946a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ada09ed4-20e4-4ab3-a9ba-ebff8a3f5f32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30a936e7-2e1d-4519-ba8f-fb884d4f23c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:41.362573Z", + "modified": "2024-01-13T00:28:41.362573Z", + "name": "CVE-2022-48620", + "description": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-48620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d.json b/objects/vulnerability/vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d.json new file mode 100644 index 00000000000..3d1e3a4efb7 --- /dev/null +++ b/objects/vulnerability/vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb94dbbe-1e43-4635-beac-88878ac39eb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3695133f-cb2a-43ef-a8d9-c80fe8ef026d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.097172Z", + "modified": "2024-01-13T00:28:39.097172Z", + "name": "CVE-2024-23179", + "description": "An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa.json b/objects/vulnerability/vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa.json new file mode 100644 index 00000000000..ecce1be46ce --- /dev/null +++ b/objects/vulnerability/vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3520271-fe45-4f28-99bb-7017fe840f73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--372c33d0-2f83-4cc0-a550-a03a101d3efa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.324708Z", + "modified": "2024-01-13T00:28:30.324708Z", + "name": "CVE-2023-49801", + "description": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0.json b/objects/vulnerability/vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0.json new file mode 100644 index 00000000000..6af70982370 --- /dev/null +++ b/objects/vulnerability/vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--624d3a31-fbfd-4b74-9b80-5055b700f32e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--379dc69c-055b-43ae-a91c-12c18a149be0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.344881Z", + "modified": "2024-01-13T00:28:30.344881Z", + "name": "CVE-2023-49260", + "description": "An XSS attack can be performed by changing the MOTD banner and pointing the victim to the \"terminal_tool.cgi\" path. It can be used together with the vulnerability CVE-2023-49255.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40954a00-310a-4717-928d-1dc4312f685e.json b/objects/vulnerability/vulnerability--40954a00-310a-4717-928d-1dc4312f685e.json new file mode 100644 index 00000000000..52568ace289 --- /dev/null +++ b/objects/vulnerability/vulnerability--40954a00-310a-4717-928d-1dc4312f685e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34ceb6fe-7de5-4267-9713-be67bf9847f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40954a00-310a-4717-928d-1dc4312f685e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.980116Z", + "modified": "2024-01-13T00:28:30.980116Z", + "name": "CVE-2023-31029", + "description": "NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31029" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3.json b/objects/vulnerability/vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3.json new file mode 100644 index 00000000000..01c32d8a5c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c04cfbb9-6eac-408e-b713-e667a8cd2ec5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--435b77ec-faef-4403-839d-a0905f4ba4d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.95014Z", + "modified": "2024-01-13T00:28:30.95014Z", + "name": "CVE-2023-31025", + "description": "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8.json b/objects/vulnerability/vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8.json new file mode 100644 index 00000000000..57656825825 --- /dev/null +++ b/objects/vulnerability/vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4ef5ed3-c592-471c-a02f-2ff0427cb038", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43a6457d-9722-484f-b9ed-cd2c203e3db8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.142926Z", + "modified": "2024-01-13T00:28:39.142926Z", + "name": "CVE-2024-21613", + "description": "\nA Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.\n\nThe memory usage can be monitored using the below command.\n\nuser@host> show task memory detail | match patroot\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 21.2R3-S3;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-EVO;\n * 22.1 versions earlier than 22.1R3-EVO;\n * 22.2 versions earlier than 22.2R3-EVO.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34.json b/objects/vulnerability/vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34.json new file mode 100644 index 00000000000..cae97e21349 --- /dev/null +++ b/objects/vulnerability/vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30c89477-6acb-48aa-b0f0-f348d695ff5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4614a1a8-03dc-45a8-9e38-58f6e076fd34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.255348Z", + "modified": "2024-01-13T00:28:31.255348Z", + "name": "CVE-2023-50920", + "description": "An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f.json b/objects/vulnerability/vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f.json new file mode 100644 index 00000000000..de7b0e2a158 --- /dev/null +++ b/objects/vulnerability/vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dfd7a6a-51db-40c7-b68f-24a0c898daaf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--467e8ba4-c079-42c6-a7e6-f10134c71b9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.947846Z", + "modified": "2024-01-13T00:28:30.947846Z", + "name": "CVE-2023-31030", + "description": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31030" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--473743d4-e54c-4338-b564-431ffb3a0069.json b/objects/vulnerability/vulnerability--473743d4-e54c-4338-b564-431ffb3a0069.json new file mode 100644 index 00000000000..63973334bda --- /dev/null +++ b/objects/vulnerability/vulnerability--473743d4-e54c-4338-b564-431ffb3a0069.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9bb61ced-408b-4e95-9974-901bb9d0c0cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--473743d4-e54c-4338-b564-431ffb3a0069", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.364226Z", + "modified": "2024-01-13T00:28:31.364226Z", + "name": "CVE-2023-6955", + "description": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4785d978-96c5-4f26-b37e-1d0687284071.json b/objects/vulnerability/vulnerability--4785d978-96c5-4f26-b37e-1d0687284071.json new file mode 100644 index 00000000000..9863ac5e1e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4785d978-96c5-4f26-b37e-1d0687284071.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65be4e42-e6a1-4e52-8541-5066cda229cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4785d978-96c5-4f26-b37e-1d0687284071", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.286602Z", + "modified": "2024-01-13T00:28:39.286602Z", + "name": "CVE-2024-0468", + "description": "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3.json b/objects/vulnerability/vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3.json new file mode 100644 index 00000000000..1114164317e --- /dev/null +++ b/objects/vulnerability/vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3809b472-a3c6-41b3-a59e-5e2102fea46e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c8891d1-40b3-48ca-ad92-dc8cc1d237a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.602487Z", + "modified": "2024-01-13T00:28:29.602487Z", + "name": "CVE-2023-28899", + "description": "By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7.json b/objects/vulnerability/vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7.json new file mode 100644 index 00000000000..a596a9b93fc --- /dev/null +++ b/objects/vulnerability/vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cd338f8-dbdf-43f8-83ab-474f7335233d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cb3c394-52b9-499c-9685-e6c0978567c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.175575Z", + "modified": "2024-01-13T00:28:39.175575Z", + "name": "CVE-2024-21599", + "description": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart.\n\nTo monitor for this issue, please use the following FPC vty level commands:\n\nshow heap\nshows an increase in \"LAN buffer\" utilization and\n\nshow clksync ptp nbr-upd-info\nshows non-zero \"Pending PFEs\" counter.\n\nThis issue affects Juniper Networks Junos OS on MX Series with MPC3E:\n\n\n\n * All versions earlier than 20.4R3-S3;\n * 21.1 versions earlier than 21.1R3-S4;\n * 21.2 versions earlier than 21.2R3;\n * 21.3 versions earlier than 21.3R2-S1, 21.3R3;\n * 21.4 versions earlier than 21.4R2;\n * 22.1 versions earlier than 22.1R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2.json b/objects/vulnerability/vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2.json new file mode 100644 index 00000000000..748a221b115 --- /dev/null +++ b/objects/vulnerability/vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e4b6fdb-6bb3-40ca-978b-f78d99ebe3ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--517c4e55-5f24-4b3d-8f58-40c274073ca2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.375632Z", + "modified": "2024-01-13T00:28:30.375632Z", + "name": "CVE-2023-49254", + "description": "Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \"destination\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63.json b/objects/vulnerability/vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63.json new file mode 100644 index 00000000000..a082c53a521 --- /dev/null +++ b/objects/vulnerability/vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c6f2e91-0208-49bb-9f6d-ca77ec9cf529", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--519a799b-c3b7-4b2d-977a-f7bf7cd74c63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.111527Z", + "modified": "2024-01-13T00:28:39.111527Z", + "name": "CVE-2024-21600", + "description": "\nAn Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover.\n\nPlease note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected.\n\nThe following log message can be seen when the issue occurs:\n\nCmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID (URI: /fpc//pfe//cm//Host_Loopback//HOST_LOOPBACK_MAKE_CMERROR_ID[])\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions earlier than 20.4R3-S8;\n * 21.1 versions earlier than 21.1R3-S4;\n * 21.2 versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S3;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R2-S2, 22.1R3;\n * 22.2 versions earlier than 22.2R2-S1, 22.2R3.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e.json b/objects/vulnerability/vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e.json new file mode 100644 index 00000000000..0c9767e8407 --- /dev/null +++ b/objects/vulnerability/vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec01b69c-d559-48e1-87f4-217ee455ea62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51c266ba-165f-4d65-8916-cb4798f4ac5e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.103432Z", + "modified": "2024-01-13T00:28:39.103432Z", + "name": "CVE-2024-23174", + "description": "An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b.json b/objects/vulnerability/vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b.json new file mode 100644 index 00000000000..b8273f953eb --- /dev/null +++ b/objects/vulnerability/vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d263acf-f5be-41dc-bb57-35a2b31406cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53cc8c1f-0a11-4226-ba56-60260e71ad5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.842328Z", + "modified": "2024-01-13T00:28:30.842328Z", + "name": "CVE-2023-48909", + "description": "An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-48909" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f.json b/objects/vulnerability/vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f.json new file mode 100644 index 00000000000..a1ae3b67519 --- /dev/null +++ b/objects/vulnerability/vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--347f8a31-8fcf-45e7-ad89-56a01d397726", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54f2c24f-5ccd-4138-b596-5b86fd811d2f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.146976Z", + "modified": "2024-01-13T00:28:39.146976Z", + "name": "CVE-2024-21597", + "description": "\nAn Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.\n\nIn an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S3;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3;\n * 22.3 versions earlier than 22.3R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79.json b/objects/vulnerability/vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79.json new file mode 100644 index 00000000000..9fc29d6f0d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62fcd7aa-9e50-4fd7-9db9-d77f6bfba724", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57977edd-870e-4dc3-85bb-4699f171ca79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.303228Z", + "modified": "2024-01-13T00:28:39.303228Z", + "name": "CVE-2024-0473", + "description": "A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5.json b/objects/vulnerability/vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5.json new file mode 100644 index 00000000000..0e06163f9b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9218152-5935-49cb-a170-1c9700cfe351", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b65b2aa-82a0-4f9b-a046-7e0249e3e7e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.148956Z", + "modified": "2024-01-13T00:28:39.148956Z", + "name": "CVE-2024-21591", + "description": "\nAn Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.\n\nThis issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.\n\nThis issue affects Juniper Networks Junos OS SRX Series and EX Series:\n\n\n\n * Junos OS versions earlier than 20.4R3-S9;\n * Junos OS 21.2 versions earlier than 21.2R3-S7;\n * Junos OS 21.3 versions earlier than 21.3R3-S5;\n * Junos OS 21.4 versions earlier than 21.4R3-S5;\n * Junos OS 22.1 versions earlier than 22.1R3-S4;\n * Junos OS 22.2 versions earlier than 22.2R3-S3;\n * Junos OS 22.3 versions earlier than 22.3R3-S2;\n * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f.json b/objects/vulnerability/vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f.json new file mode 100644 index 00000000000..542bc7de2db --- /dev/null +++ b/objects/vulnerability/vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a87f1c1-8870-4af3-b69a-ada6bac79a74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--625e2d9a-288d-48f9-8861-1e841c8d9f9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.965603Z", + "modified": "2024-01-13T00:28:30.965603Z", + "name": "CVE-2023-31034", + "description": "NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347.json b/objects/vulnerability/vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347.json new file mode 100644 index 00000000000..28a975f6e9b --- /dev/null +++ b/objects/vulnerability/vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c410e6b-8eec-4708-9f81-f35d6f9a8a21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6320d74a-1d7b-4534-a303-7d8737e30347", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.828546Z", + "modified": "2024-01-13T00:28:30.828546Z", + "name": "CVE-2023-48297", + "description": "Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-48297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941.json b/objects/vulnerability/vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941.json new file mode 100644 index 00000000000..03aa3d3ff2d --- /dev/null +++ b/objects/vulnerability/vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f908a849-e1b3-40fb-8298-35a452f6359d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63bfe16d-0d22-4076-b375-d41490bb7941", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.973615Z", + "modified": "2024-01-13T00:28:30.973615Z", + "name": "CVE-2023-31211", + "description": "Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46.json b/objects/vulnerability/vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46.json new file mode 100644 index 00000000000..b074ea0ea79 --- /dev/null +++ b/objects/vulnerability/vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f11af906-fbf2-4888-81f4-c475f920d349", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6901785c-7f6a-4129-a44b-7f4108d74c46", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.107584Z", + "modified": "2024-01-13T00:28:39.107584Z", + "name": "CVE-2024-21606", + "description": "\nA Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIn a remote access VPN scenario, if a \"tcp-encap-profile\" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions earlier than 20.4R3-S8;\n * 21.2 versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S3;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5.json b/objects/vulnerability/vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5.json new file mode 100644 index 00000000000..80fa09ab5aa --- /dev/null +++ b/objects/vulnerability/vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7727837-1466-448b-a39c-a26324e7f1b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6af41b7a-43c2-436f-a53e-f06fa5d1bdf5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:40.259568Z", + "modified": "2024-01-13T00:28:40.259568Z", + "name": "CVE-2022-4961", + "description": "A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\\src\\main\\resources\\com\\platform\\dao\\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4961" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6dee4368-3531-4121-983e-9f31fb333879.json b/objects/vulnerability/vulnerability--6dee4368-3531-4121-983e-9f31fb333879.json new file mode 100644 index 00000000000..b839d967417 --- /dev/null +++ b/objects/vulnerability/vulnerability--6dee4368-3531-4121-983e-9f31fb333879.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4bc7be3-265c-487a-9241-f344f331cdfb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6dee4368-3531-4121-983e-9f31fb333879", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.145995Z", + "modified": "2024-01-13T00:28:39.145995Z", + "name": "CVE-2024-21655", + "description": "Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0.json b/objects/vulnerability/vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0.json new file mode 100644 index 00000000000..aff08388a42 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--975fb7f8-954c-4da1-b156-4adc96bef08e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ea8638d-6f7f-4ccc-bf3b-ae6b795551c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.306696Z", + "modified": "2024-01-13T00:28:39.306696Z", + "name": "CVE-2024-0461", + "description": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1.json b/objects/vulnerability/vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1.json new file mode 100644 index 00000000000..9ade0d2c5ed --- /dev/null +++ b/objects/vulnerability/vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc81511d-6097-437f-919c-e15422f57f55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fd08d8c-8ac4-4436-a472-67d04c1568a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.368146Z", + "modified": "2024-01-13T00:28:30.368146Z", + "name": "CVE-2023-49568", + "description": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.\n\nApplications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.\nThis is a go-git implementation issue and does not affect the upstream git cli.\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2.json b/objects/vulnerability/vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2.json new file mode 100644 index 00000000000..a5442f5b34e --- /dev/null +++ b/objects/vulnerability/vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0af7de29-409b-40f2-8847-1c698e013d1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73f6b3a2-cee5-45e7-899b-bfe82ad769f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.613217Z", + "modified": "2024-01-13T00:28:29.613217Z", + "name": "CVE-2023-28898", + "description": "The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.\n\nVulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28898" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75987cee-2251-40ae-9707-1e056e18a600.json b/objects/vulnerability/vulnerability--75987cee-2251-40ae-9707-1e056e18a600.json new file mode 100644 index 00000000000..c63727ffa6c --- /dev/null +++ b/objects/vulnerability/vulnerability--75987cee-2251-40ae-9707-1e056e18a600.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edea5cbd-0964-42c6-a8a1-d1fe09247e1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75987cee-2251-40ae-9707-1e056e18a600", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.956773Z", + "modified": "2024-01-13T00:28:30.956773Z", + "name": "CVE-2023-31031", + "description": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31031" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21.json b/objects/vulnerability/vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21.json new file mode 100644 index 00000000000..cc81fef796d --- /dev/null +++ b/objects/vulnerability/vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c083ad5-3260-4af8-908e-5f40e02d969a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a709d19-8422-407d-8f65-1a3a36e6ca21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.969772Z", + "modified": "2024-01-13T00:28:30.969772Z", + "name": "CVE-2023-31036", + "description": "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31036" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447.json b/objects/vulnerability/vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447.json new file mode 100644 index 00000000000..e753d5a4b79 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67772bb7-abca-4f8c-b2ee-e7e232b542d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d5c65dd-5abf-4481-9aae-a03dc2da2447", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.31062Z", + "modified": "2024-01-13T00:28:39.31062Z", + "name": "CVE-2024-0459", + "description": "A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0459" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145.json b/objects/vulnerability/vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145.json new file mode 100644 index 00000000000..e52acc7dfe3 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79e18fa1-26e5-4cc0-b0c1-8d10ab765c00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d5eff1b-de30-47fa-bdfb-74b28305c145", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.335158Z", + "modified": "2024-01-13T00:28:30.335158Z", + "name": "CVE-2023-49099", + "description": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d83caf1-7443-439f-9154-e763181dc602.json b/objects/vulnerability/vulnerability--7d83caf1-7443-439f-9154-e763181dc602.json new file mode 100644 index 00000000000..352d09d38e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d83caf1-7443-439f-9154-e763181dc602.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f999569a-a063-4376-924b-7f438527b913", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d83caf1-7443-439f-9154-e763181dc602", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.297962Z", + "modified": "2024-01-13T00:28:39.297962Z", + "name": "CVE-2024-0230", + "description": "A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7.json b/objects/vulnerability/vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7.json new file mode 100644 index 00000000000..873022a9cda --- /dev/null +++ b/objects/vulnerability/vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c006ce11-8faa-4f21-af97-62e2a01f49bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--813d4970-7dfb-480d-8ca9-54b1a128c1a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.42641Z", + "modified": "2024-01-13T00:28:30.42641Z", + "name": "CVE-2023-51790", + "description": "Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf.json b/objects/vulnerability/vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf.json new file mode 100644 index 00000000000..0e8520c8243 --- /dev/null +++ b/objects/vulnerability/vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c73be4d8-435b-4e88-9998-6f4b3f028a30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8357af51-c9d7-4543-8ec7-fdbecc498adf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.371187Z", + "modified": "2024-01-13T00:28:30.371187Z", + "name": "CVE-2023-49257", + "description": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49257" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562.json b/objects/vulnerability/vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562.json new file mode 100644 index 00000000000..85ae8e918d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59afec02-a593-49f2-8528-aada50335639", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83c3be31-8541-4925-94e1-cee7ff35e562", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.201085Z", + "modified": "2024-01-13T00:28:39.201085Z", + "name": "CVE-2024-22137", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b.json b/objects/vulnerability/vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b.json new file mode 100644 index 00000000000..5c1355531e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5dd82dc-420b-49e8-8c7a-ea76119616e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84da451f-a3da-47e0-bfaa-b4a3bf6d095b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.301581Z", + "modified": "2024-01-13T00:28:39.301581Z", + "name": "CVE-2024-0469", + "description": "A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0469" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992.json b/objects/vulnerability/vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992.json new file mode 100644 index 00000000000..1022f97938b --- /dev/null +++ b/objects/vulnerability/vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afba00c0-c2bf-4383-80aa-d2a13f41bf2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--887f3f50-ddcb-413b-9835-03ca8faec992", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.336913Z", + "modified": "2024-01-13T00:28:29.336913Z", + "name": "CVE-2023-52339", + "description": "In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11.json b/objects/vulnerability/vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11.json new file mode 100644 index 00000000000..32e7cdc9d2e --- /dev/null +++ b/objects/vulnerability/vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25a8f08d-a8e4-4442-ab51-cfe0d5997fe0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--899242fb-5638-480f-8f19-8d6e3bfe2a11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.339008Z", + "modified": "2024-01-13T00:28:30.339008Z", + "name": "CVE-2023-49253", + "description": "Root user password is hardcoded into the device and cannot be changed in the user interface.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49253" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e.json b/objects/vulnerability/vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e.json new file mode 100644 index 00000000000..cd7479f672d --- /dev/null +++ b/objects/vulnerability/vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95bda411-1201-43f4-b59c-e55752da8563", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c2a569e-f752-4144-8a52-1725f04fa88e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.289693Z", + "modified": "2024-01-13T00:28:39.289693Z", + "name": "CVE-2024-0463", + "description": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4.json b/objects/vulnerability/vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4.json new file mode 100644 index 00000000000..b5aee605879 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eca23981-886f-439d-accd-9465c9808211", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c3da32d-7f80-4571-bfb7-fe7179d298d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.153612Z", + "modified": "2024-01-13T00:28:39.153612Z", + "name": "CVE-2024-21611", + "description": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIn a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.\n\nThread level memory utilization for the areas where the leak occurs can be checked using the below command:\n\nuser@host> show task memory detail | match so_in\nso_in6 28 32 344450 11022400 344760 11032320\nso_in 8 16 1841629 29466064 1841734 29467744\nThis issue affects:\n\nJunos OS\n\n\n\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJunos OS Evolved\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-EVO;\n * 22.1-EVO versions earlier than 22.1R3-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO.\n\n\n\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions earlier than 21.4R1.\n\nJuniper Networks Junos OS Evolved versions earlier than 21.4R1.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444.json b/objects/vulnerability/vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444.json new file mode 100644 index 00000000000..52a9c8f8e42 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fad201c3-4aea-4caa-96cd-d65a79090cc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ccf1077-0644-4943-a680-1f6f4ba34444", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.499827Z", + "modified": "2024-01-13T00:28:30.499827Z", + "name": "CVE-2023-46805", + "description": "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46805" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228.json b/objects/vulnerability/vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228.json new file mode 100644 index 00000000000..99cae79d549 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfabf92d-a718-4220-81bb-7098c537c8b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ed330b3-0a85-48e3-b7ee-44b21f85f228", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.132816Z", + "modified": "2024-01-13T00:28:39.132816Z", + "name": "CVE-2024-21595", + "description": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4R3 versions earlier than 21.4R3-S4;\n * 22.1R3 versions earlier than 22.1R3-S3;\n * 22.2R2 versions earlier than 22.2R3-S1;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R2;\n * 23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325.json b/objects/vulnerability/vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325.json new file mode 100644 index 00000000000..b7b15e4a51f --- /dev/null +++ b/objects/vulnerability/vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5197b662-2c9d-42b4-a8a5-89bf1f14a3c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--900e998c-c1e2-4e00-aa51-6a0ec8959325", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.927731Z", + "modified": "2024-01-13T00:28:30.927731Z", + "name": "CVE-2023-31033", + "description": "NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31033" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9089d152-e572-4d16-a463-c7df65e0665f.json b/objects/vulnerability/vulnerability--9089d152-e572-4d16-a463-c7df65e0665f.json new file mode 100644 index 00000000000..48dc3ef71fb --- /dev/null +++ b/objects/vulnerability/vulnerability--9089d152-e572-4d16-a463-c7df65e0665f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9405b5af-e8c4-4fe9-9a3b-d95bea5f1de7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9089d152-e572-4d16-a463-c7df65e0665f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.15608Z", + "modified": "2024-01-13T00:28:39.15608Z", + "name": "CVE-2024-21616", + "description": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx> show security nat resource-usage source-pool \n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% <<<<<\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n * All versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8.json b/objects/vulnerability/vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8.json new file mode 100644 index 00000000000..3fd8d8ccb24 --- /dev/null +++ b/objects/vulnerability/vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95b1cc33-1256-4042-a55b-ce6fe03c4c9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92d8812e-9d54-474e-9c9d-97f8a316eec8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.123868Z", + "modified": "2024-01-13T00:28:39.123868Z", + "name": "CVE-2024-21887", + "description": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053.json b/objects/vulnerability/vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053.json new file mode 100644 index 00000000000..0ef2559089d --- /dev/null +++ b/objects/vulnerability/vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a77a47b-dea1-4001-80a1-1e6b9a3cfec5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93f88a77-4f73-49c8-a281-3a7afd55d053", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.210954Z", + "modified": "2024-01-13T00:28:39.210954Z", + "name": "CVE-2024-22142", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3.json b/objects/vulnerability/vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3.json new file mode 100644 index 00000000000..745824d3aaa --- /dev/null +++ b/objects/vulnerability/vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7481fbe0-49b6-4544-b296-ca1b98562fb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--957b4a2f-1ba4-41d8-9383-d781b802fda3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.340189Z", + "modified": "2024-01-13T00:28:29.340189Z", + "name": "CVE-2023-52026", + "description": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52026" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3.json b/objects/vulnerability/vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3.json new file mode 100644 index 00000000000..34f44d06d52 --- /dev/null +++ b/objects/vulnerability/vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca9d29fd-4c85-4bf5-bc57-5b78e859dd95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9942c649-9292-4cba-94e3-33d9941e89f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.214753Z", + "modified": "2024-01-13T00:28:30.214753Z", + "name": "CVE-2023-34061", + "description": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--995987e9-91f6-4381-b929-2314242e38d1.json b/objects/vulnerability/vulnerability--995987e9-91f6-4381-b929-2314242e38d1.json new file mode 100644 index 00000000000..522a9873d29 --- /dev/null +++ b/objects/vulnerability/vulnerability--995987e9-91f6-4381-b929-2314242e38d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b559ba7-85fb-43cb-8b09-141384b26684", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--995987e9-91f6-4381-b929-2314242e38d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.203429Z", + "modified": "2024-01-13T00:28:39.203429Z", + "name": "CVE-2024-22027", + "description": "Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22027" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42.json b/objects/vulnerability/vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42.json new file mode 100644 index 00000000000..ca3960436c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66c9ac52-b9dc-4db2-9d57-bf5c14458486", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ac0c304-385d-4e69-943e-6ff6621a9b42", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.130114Z", + "modified": "2024-01-13T00:28:39.130114Z", + "name": "CVE-2024-21601", + "description": "\nA Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\n\nOn SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.\n\nContinued exploitation of this issue will lead to a sustained DoS.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S3;\n * 22.2 versions earlier than 22.2R3-S1;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R2-S1, 22.4R3.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157.json b/objects/vulnerability/vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157.json new file mode 100644 index 00000000000..c0d4fe1996a --- /dev/null +++ b/objects/vulnerability/vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57557281-c7a9-4f94-a8c2-1c8cd5261cd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a07dfd8c-2d90-4b10-a4ce-8f46f2dc2157", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.275171Z", + "modified": "2024-01-13T00:28:39.275171Z", + "name": "CVE-2024-0467", + "description": "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4.json b/objects/vulnerability/vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4.json new file mode 100644 index 00000000000..cfdeb0f4e70 --- /dev/null +++ b/objects/vulnerability/vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b64dfd2-f2df-4dbc-b2f8-c2b375663cc8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a15b091f-084c-433c-99b5-005bd20dccf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.286267Z", + "modified": "2024-01-13T00:28:31.286267Z", + "name": "CVE-2023-36842", + "description": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS).\n\nOn Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f.json b/objects/vulnerability/vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f.json new file mode 100644 index 00000000000..e2ad8d3685d --- /dev/null +++ b/objects/vulnerability/vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--430b5d90-7bb8-483c-a9f5-7bd6712ca688", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a165cdbe-c5b1-4104-b748-559a87c20b8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.801408Z", + "modified": "2024-01-13T00:28:29.801408Z", + "name": "CVE-2023-37117", + "description": "A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9.json b/objects/vulnerability/vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9.json new file mode 100644 index 00000000000..0d08a52ceca --- /dev/null +++ b/objects/vulnerability/vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8039605a-91dd-47ff-871c-631120602141", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2fafd41-45d3-4946-813a-d05ceccc37b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:40.23194Z", + "modified": "2024-01-13T00:28:40.23194Z", + "name": "CVE-2022-4960", + "description": "A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937.json b/objects/vulnerability/vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937.json new file mode 100644 index 00000000000..89be9cdf5a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c12bb4e9-6c2a-4523-a2c0-20fd693f28a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a445b4c9-1db1-4575-b7c9-e146027fe937", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.347423Z", + "modified": "2024-01-13T00:28:31.347423Z", + "name": "CVE-2023-6683", + "description": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508.json b/objects/vulnerability/vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508.json new file mode 100644 index 00000000000..c8eed578ed6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3478413d-38c0-4732-b6d0-ded7af69ddaa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a69f9eef-87de-44ba-83d2-5a35d2b64508", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.390973Z", + "modified": "2024-01-13T00:28:30.390973Z", + "name": "CVE-2023-51806", + "description": "File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51806" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa.json b/objects/vulnerability/vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa.json new file mode 100644 index 00000000000..1356ac775fa --- /dev/null +++ b/objects/vulnerability/vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--faee95f2-2d4b-4f87-ace9-f8bf1b127d66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8327979-2b5b-40ee-9b81-e4520f6c67fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.856535Z", + "modified": "2024-01-13T00:28:30.856535Z", + "name": "CVE-2023-48166", + "description": "A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-48166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a.json b/objects/vulnerability/vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a.json new file mode 100644 index 00000000000..01197614b6d --- /dev/null +++ b/objects/vulnerability/vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be3f9335-b3e1-47a2-9609-484ba90e35fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8c4e19e-0ce0-4376-aa02-70654c6eeb1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.366208Z", + "modified": "2024-01-13T00:28:31.366208Z", + "name": "CVE-2023-6735", + "description": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6735" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23.json b/objects/vulnerability/vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23.json new file mode 100644 index 00000000000..6b2a698cc38 --- /dev/null +++ b/objects/vulnerability/vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4509510f-238c-4fa5-a619-a0d318d395a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aac30230-6b26-4497-b4dd-57cda4856d23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.322858Z", + "modified": "2024-01-13T00:28:29.322858Z", + "name": "CVE-2023-7028", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052.json b/objects/vulnerability/vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052.json new file mode 100644 index 00000000000..3834878f6b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b25522c-f180-411b-868b-49d078803028", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac652b4a-db5e-49d5-957b-a7f8f566a052", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.171653Z", + "modified": "2024-01-13T00:28:39.171653Z", + "name": "CVE-2024-21602", + "description": "\nA NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.\n\nThis issue does not happen with IPv6 packets.\n\nThis issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-S6-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S5-EVO;\n * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324.json b/objects/vulnerability/vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324.json new file mode 100644 index 00000000000..f223a62f95e --- /dev/null +++ b/objects/vulnerability/vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1fd81820-ae8c-4670-9f28-67ecac14a7b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad6c1bb9-cf21-4682-8a1d-83613778c324", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:40.26896Z", + "modified": "2024-01-13T00:28:40.26896Z", + "name": "CVE-2022-4962", + "description": "** DISPUTED ** A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7.json b/objects/vulnerability/vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7.json new file mode 100644 index 00000000000..e21756cddd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--608ee351-6599-4d8e-a944-adaf7b160051", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aef4eb7f-a4db-4cf9-b3cb-dea2ce72faf7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.083566Z", + "modified": "2024-01-13T00:28:39.083566Z", + "name": "CVE-2024-23178", + "description": "An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9.json b/objects/vulnerability/vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9.json new file mode 100644 index 00000000000..0f5bfc38896 --- /dev/null +++ b/objects/vulnerability/vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57877448-f98e-4653-ba7d-5bcd917dd941", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b09b6150-cd78-4885-ab91-3796c3d426f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.204472Z", + "modified": "2024-01-13T00:28:39.204472Z", + "name": "CVE-2024-22493", + "description": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4.json b/objects/vulnerability/vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4.json new file mode 100644 index 00000000000..0d971d6c3b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e1f9502-f422-480e-8daa-203fc0c84c79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0be1ee7-078c-45fa-9287-d2912fd487e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.159884Z", + "modified": "2024-01-13T00:28:39.159884Z", + "name": "CVE-2024-21617", + "description": "\nAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).\n\nOn all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.\n\nThe memory usage can be monitored using the below commands.\n\nuser@host> show chassis routing-engine no-forwarding\nuser@host> show system memory | no-more\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S1, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2.\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 20.4R3-S7.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df.json b/objects/vulnerability/vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df.json new file mode 100644 index 00000000000..9ec1f518f34 --- /dev/null +++ b/objects/vulnerability/vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24784121-e073-4a46-b1f9-e2e9b10fa11c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b464e40f-3d3b-4a69-847b-8ce48abed1df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.410086Z", + "modified": "2024-01-13T00:28:30.410086Z", + "name": "CVE-2023-51698", + "description": "Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3.json b/objects/vulnerability/vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3.json new file mode 100644 index 00000000000..fc43f2a3dd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ddac11c-bc86-42ca-b672-128e0e921e3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b683c079-b7a5-48da-8731-a3839bd5efd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.278147Z", + "modified": "2024-01-13T00:28:39.278147Z", + "name": "CVE-2024-0466", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f.json b/objects/vulnerability/vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f.json new file mode 100644 index 00000000000..674ed50773d --- /dev/null +++ b/objects/vulnerability/vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2688ded0-7f38-4d1e-9a3c-71ff9ed5caef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b72049ab-5161-48c5-9a20-40bbe82f664f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.274187Z", + "modified": "2024-01-13T00:28:39.274187Z", + "name": "CVE-2024-0464", + "description": "A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b74cbce8-54a3-4935-b999-45d624491354.json b/objects/vulnerability/vulnerability--b74cbce8-54a3-4935-b999-45d624491354.json new file mode 100644 index 00000000000..3bc1c716b71 --- /dev/null +++ b/objects/vulnerability/vulnerability--b74cbce8-54a3-4935-b999-45d624491354.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3da1a29-c4b6-4c80-a9ca-62da9b2a1587", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b74cbce8-54a3-4935-b999-45d624491354", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.212286Z", + "modified": "2024-01-13T00:28:39.212286Z", + "name": "CVE-2024-22492", + "description": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841.json b/objects/vulnerability/vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841.json new file mode 100644 index 00000000000..99fdcba19f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb18ca2c-3616-43af-86ae-ad3c5257ab1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7a1006a-04d6-4500-a5c4-fb3ce84d3841", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.141913Z", + "modified": "2024-01-13T00:28:39.141913Z", + "name": "CVE-2024-21614", + "description": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 22.2 versions earlier than 22.2R2-S2, 22.2R3;\n * 22.3 versions earlier than 22.3R2, 22.3R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks:\n\nJunos OS versions earlier than 22.2R1;\n\nJunos OS Evolved versions earlier than 22.2R1-EVO.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25.json b/objects/vulnerability/vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25.json new file mode 100644 index 00000000000..eb24a49fb34 --- /dev/null +++ b/objects/vulnerability/vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd2b2e18-c759-4add-bec3-655f22e8b2ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b87ae984-97f5-4f0b-b280-88f9351bfd25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.187578Z", + "modified": "2024-01-13T00:28:39.187578Z", + "name": "CVE-2024-22206", + "description": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0.json b/objects/vulnerability/vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0.json new file mode 100644 index 00000000000..558b0dd7d05 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2417a68-d093-4e47-85b3-58ba0394c0d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba4a5d1a-b370-4583-9f02-73d151515fe0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:41.360891Z", + "modified": "2024-01-13T00:28:41.360891Z", + "name": "CVE-2022-48619", + "description": "An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-48619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281.json b/objects/vulnerability/vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281.json new file mode 100644 index 00000000000..52f835a5907 --- /dev/null +++ b/objects/vulnerability/vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d851d91-51ad-4297-8bf6-340d8b39f14c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bea77cf8-68f2-4365-83bd-8b5bc47ea281", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.138466Z", + "modified": "2024-01-13T00:28:39.138466Z", + "name": "CVE-2024-21603", + "description": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service.\n\nIf a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS.\n\nThis issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R2;\n * 22.3 versions earlier than 22.3R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--beec453f-0185-49da-aa12-fe00d80968ff.json b/objects/vulnerability/vulnerability--beec453f-0185-49da-aa12-fe00d80968ff.json new file mode 100644 index 00000000000..3e9eac5f0fb --- /dev/null +++ b/objects/vulnerability/vulnerability--beec453f-0185-49da-aa12-fe00d80968ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78152626-5a59-45f5-813f-5d6afc7aae3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--beec453f-0185-49da-aa12-fe00d80968ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.144447Z", + "modified": "2024-01-13T00:28:39.144447Z", + "name": "CVE-2024-21589", + "description": "\nAn Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information.\n\nA feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data.\n\nNote that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue.\n\nThis issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0.\n\nThis issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21589" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1.json b/objects/vulnerability/vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1.json new file mode 100644 index 00000000000..dca985927c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91f26584-b6cc-45de-83bd-2c040892c75a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf56683a-d9de-403d-bb22-63f9989537f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.080911Z", + "modified": "2024-01-13T00:28:39.080911Z", + "name": "CVE-2024-23177", + "description": "An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f.json b/objects/vulnerability/vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f.json new file mode 100644 index 00000000000..9d2099d0033 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc0c3175-6696-4903-9b63-4d504459593a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2c96b02-670f-45d6-af32-c08ceffe571f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.328503Z", + "modified": "2024-01-13T00:28:30.328503Z", + "name": "CVE-2023-49261", + "description": "The \"tokenKey\" value used in user authorization is visible in the HTML source of the login page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49261" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3536761-847f-445f-9bea-fb2714226380.json b/objects/vulnerability/vulnerability--c3536761-847f-445f-9bea-fb2714226380.json new file mode 100644 index 00000000000..ad292051940 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3536761-847f-445f-9bea-fb2714226380.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65807b0d-1eff-4e63-b16a-979c49d723f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3536761-847f-445f-9bea-fb2714226380", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.351362Z", + "modified": "2024-01-13T00:28:30.351362Z", + "name": "CVE-2023-49262", + "description": "The authentication mechanism can be bypassed by overflowing the value of the Cookie \"authentication\" field, provided there is an active user session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49262" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0.json b/objects/vulnerability/vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0.json new file mode 100644 index 00000000000..91d8c303ef2 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43b2f5d0-47fd-4a18-8e68-d2df72339512", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3a45434-5f0a-4eb2-9300-2478375899d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.135274Z", + "modified": "2024-01-13T00:28:39.135274Z", + "name": "CVE-2024-21639", + "description": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870.json b/objects/vulnerability/vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870.json new file mode 100644 index 00000000000..85fe3652c35 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff9bcfb8-b0d7-48e9-8c56-b7a6c81f4a23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8e0a32f-422f-45ba-bc62-30bc56a3f870", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.199359Z", + "modified": "2024-01-13T00:28:39.199359Z", + "name": "CVE-2024-22494", + "description": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7.json b/objects/vulnerability/vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7.json new file mode 100644 index 00000000000..8f4ada1e3d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--031d35e0-b4e4-4c59-8e12-3212ca1e21c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c976b0b2-5934-4340-89e4-99453d31a9a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.158547Z", + "modified": "2024-01-13T00:28:39.158547Z", + "name": "CVE-2024-21654", + "description": "Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94.json b/objects/vulnerability/vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94.json new file mode 100644 index 00000000000..8988a632715 --- /dev/null +++ b/objects/vulnerability/vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6debe754-8244-41c2-a8fd-94c3a38bee92", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cadaf612-7999-43be-bc12-8c8c21762d94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.105753Z", + "modified": "2024-01-13T00:28:39.105753Z", + "name": "CVE-2024-21587", + "description": "\nAn Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.\n\nThis issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.\n\nIndication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.\n\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}\n13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}\n...\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}\n13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}\n...\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5.json b/objects/vulnerability/vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5.json new file mode 100644 index 00000000000..b372b0c9cd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b65c8d3a-64f9-4096-b73e-d8fdc1b099c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbbc66a0-822d-4a04-b6a9-0fceb43739b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.09093Z", + "modified": "2024-01-13T00:28:39.09093Z", + "name": "CVE-2024-23172", + "description": "An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334.json b/objects/vulnerability/vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334.json new file mode 100644 index 00000000000..3e5613b5213 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55443421-71b6-4e2f-9a52-06a9e4445c7c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd4d11a1-c91f-4588-81d8-c21361e11334", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.133777Z", + "modified": "2024-01-13T00:28:39.133777Z", + "name": "CVE-2024-21604", + "description": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.\n\nThe following log messages can be seen when this issue occurs:\n\n kernel: nf_conntrack: nf_conntrack: table full, dropping packet\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions earlier than 20.4R3-S7-EVO;\n * 21.2R1-EVO and later versions;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S2-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO;\n * 22.4-EVO versions earlier than 22.4R2-EVO.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17.json b/objects/vulnerability/vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17.json new file mode 100644 index 00000000000..9e907940355 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f84c9018-f7df-4f9b-8b4d-08ca2f271ad9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce15b4e1-a70b-4713-b60e-f35bde03ac17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.147268Z", + "modified": "2024-01-13T00:28:31.147268Z", + "name": "CVE-2023-50919", + "description": "An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50919" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9.json b/objects/vulnerability/vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9.json new file mode 100644 index 00000000000..0aeb08c0cd6 --- /dev/null +++ b/objects/vulnerability/vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de8fcbc2-9ccf-4e30-991d-60e79e08e827", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cff8bf2d-5106-48a4-ad89-67e385d8beb9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.370038Z", + "modified": "2024-01-13T00:28:30.370038Z", + "name": "CVE-2023-49098", + "description": "Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916.json b/objects/vulnerability/vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916.json new file mode 100644 index 00000000000..d5b10839601 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14ab4a2a-7d03-4f83-b9d5-a83982410b35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0229be1-a7f5-4d83-9d7e-c30b9bb83916", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.938161Z", + "modified": "2024-01-13T00:28:30.938161Z", + "name": "CVE-2023-31024", + "description": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf.json b/objects/vulnerability/vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf.json new file mode 100644 index 00000000000..1ae6428885e --- /dev/null +++ b/objects/vulnerability/vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8fb3ef3-3b23-4b2e-98e3-9b56544f76e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d26c97cf-3ec6-4371-985d-efe7d3e856cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.16649Z", + "modified": "2024-01-13T00:28:29.16649Z", + "name": "CVE-2023-5356", + "description": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568.json b/objects/vulnerability/vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568.json new file mode 100644 index 00000000000..0e5be6fa0b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3707d3a3-71a8-41c3-b3f5-aa1b5bd6b9f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d518a581-6ea6-460b-a9ac-06aa1c90f568", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.57245Z", + "modified": "2024-01-13T00:28:29.57245Z", + "name": "CVE-2023-28897", + "description": "The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.\n\nVulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d.json b/objects/vulnerability/vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d.json new file mode 100644 index 00000000000..3bf7d35809d --- /dev/null +++ b/objects/vulnerability/vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a320ce89-3449-4cde-8485-837f3016b8f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6f7e012-344f-406a-8eb9-eb59dc2d104d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.345244Z", + "modified": "2024-01-13T00:28:31.345244Z", + "name": "CVE-2023-6040", + "description": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6.json b/objects/vulnerability/vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6.json new file mode 100644 index 00000000000..0c9562d6a57 --- /dev/null +++ b/objects/vulnerability/vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aebd56ac-133e-4161-99b6-73273cc13aad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d76bf4cc-858d-4b88-99f1-0ddb0a5174e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.427591Z", + "modified": "2024-01-13T00:28:30.427591Z", + "name": "CVE-2023-51949", + "description": "Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa.json b/objects/vulnerability/vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa.json new file mode 100644 index 00000000000..3352ce0c4e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f8e78cb-f14d-4280-ad19-090be0dfc981", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d785d5a6-2518-4b4b-9d27-5fd41cdc49aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.014357Z", + "modified": "2024-01-13T00:28:31.014357Z", + "name": "CVE-2023-0437", + "description": "When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-0437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6.json b/objects/vulnerability/vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6.json new file mode 100644 index 00000000000..a307df5dea2 --- /dev/null +++ b/objects/vulnerability/vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66bdb741-7c19-4288-bea3-15d97dce17cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db8f435b-1339-4e4f-bfc2-7b1a70bd4cc6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.330636Z", + "modified": "2024-01-13T00:28:31.330636Z", + "name": "CVE-2023-6740", + "description": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47.json b/objects/vulnerability/vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47.json new file mode 100644 index 00000000000..3a07385ac12 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--657d9891-69f3-41bc-9f68-a3142489a661", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0cd1c21-3567-44e9-b044-f09d01bcbf47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.115803Z", + "modified": "2024-01-13T00:28:39.115803Z", + "name": "CVE-2024-21585", + "description": "\nAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.\n\nWhen the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S1-EVO;\n * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6.json b/objects/vulnerability/vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6.json new file mode 100644 index 00000000000..9b7108b8713 --- /dev/null +++ b/objects/vulnerability/vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b0ea2f6-bec6-4c4b-8849-2200d77802d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e183728a-7007-4e9d-952e-775fc8c0cae6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.07799Z", + "modified": "2024-01-13T00:28:39.07799Z", + "name": "CVE-2024-23173", + "description": "An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af.json b/objects/vulnerability/vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af.json new file mode 100644 index 00000000000..d6129ba8ddb --- /dev/null +++ b/objects/vulnerability/vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca8cec1d-59e7-4e9e-a6b2-1b28d9a3536a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2912f84-af28-43ee-8e2b-f27c4c0095af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.960492Z", + "modified": "2024-01-13T00:28:30.960492Z", + "name": "CVE-2023-31035", + "description": "NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31035" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad.json b/objects/vulnerability/vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad.json new file mode 100644 index 00000000000..fdf767e8693 --- /dev/null +++ b/objects/vulnerability/vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4257ecb-c781-4a33-b101-1bbdf47e7b53", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e37772a6-1f66-4408-8e00-e360e15919ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.285628Z", + "modified": "2024-01-13T00:28:39.285628Z", + "name": "CVE-2024-0472", + "description": "A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0472" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57.json b/objects/vulnerability/vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57.json new file mode 100644 index 00000000000..0d6429dba26 --- /dev/null +++ b/objects/vulnerability/vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cdf47207-1cb8-4f09-ac18-92a2c296b9de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e40169f0-3f56-44a9-837c-a548096b8f57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.346376Z", + "modified": "2024-01-13T00:28:30.346376Z", + "name": "CVE-2023-49259", + "description": "The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49259" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7.json b/objects/vulnerability/vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7.json new file mode 100644 index 00000000000..30724766f1b --- /dev/null +++ b/objects/vulnerability/vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0aa75e2-e24b-47c9-ab61-bcf4f2d2785e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4697c8d-b8cd-4957-8162-27a3432f2fd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.101063Z", + "modified": "2024-01-13T00:28:39.101063Z", + "name": "CVE-2024-23301", + "description": "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23301" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e65432c2-7226-4be2-9a37-941f849056a2.json b/objects/vulnerability/vulnerability--e65432c2-7226-4be2-9a37-941f849056a2.json new file mode 100644 index 00000000000..2ebbfdd27e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--e65432c2-7226-4be2-9a37-941f849056a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd8401dc-4b24-4189-b634-b4d5526c67a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e65432c2-7226-4be2-9a37-941f849056a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.127136Z", + "modified": "2024-01-13T00:28:39.127136Z", + "name": "CVE-2024-21607", + "description": "\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\n\nIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\n\nThis issue doesn't affect IPv4 firewall filters.\n\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\n\n\n\n * All versions earlier than 20.4R3-S7;\n * 21.1 versions earlier than 21.1R3-S5;\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1.json b/objects/vulnerability/vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1.json new file mode 100644 index 00000000000..6cc13b328d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--457c1b77-06c1-47f4-9aa5-23ec0b00dbe1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e70bbc25-b2b5-4cab-821a-b5df3a5f14d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:29.653776Z", + "modified": "2024-01-13T00:28:29.653776Z", + "name": "CVE-2023-42463", + "description": "Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b.json b/objects/vulnerability/vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b.json new file mode 100644 index 00000000000..3833b97a893 --- /dev/null +++ b/objects/vulnerability/vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33b0ee9b-7240-484e-ac71-a431b1f0187f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eaac9a77-fa43-41ff-bc08-d679806d483b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:39.29145Z", + "modified": "2024-01-13T00:28:39.29145Z", + "name": "CVE-2024-0462", + "description": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0462" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba.json b/objects/vulnerability/vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba.json new file mode 100644 index 00000000000..ee97fb6855e --- /dev/null +++ b/objects/vulnerability/vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51907d36-39f7-45f9-88d1-3c640f560a4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eec781c5-b5c4-40ca-acc0-5ccc17505bba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.374517Z", + "modified": "2024-01-13T00:28:30.374517Z", + "name": "CVE-2023-49256", + "description": "It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f.json b/objects/vulnerability/vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f.json new file mode 100644 index 00000000000..fb2c0d2e8e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a3a8f64-a85a-483e-9ea6-6351a0342cb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f31d2048-de77-482c-b59e-27d3cbe20f9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.406435Z", + "modified": "2024-01-13T00:28:31.406435Z", + "name": "CVE-2023-40250", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95.json b/objects/vulnerability/vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95.json new file mode 100644 index 00000000000..6865bfeb461 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--874245d1-8951-4ef2-97ba-3a987ced3d31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3c71516-5cac-4e0e-8793-aede439d6d95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:31.430058Z", + "modified": "2024-01-13T00:28:31.430058Z", + "name": "CVE-2023-40362", + "description": "An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd.json b/objects/vulnerability/vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd.json new file mode 100644 index 00000000000..6863753799c --- /dev/null +++ b/objects/vulnerability/vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--285211f0-4a12-4042-90c6-5179a944953e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f41c8048-f576-444e-80ff-60b57eb81fbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.971507Z", + "modified": "2024-01-13T00:28:30.971507Z", + "name": "CVE-2023-31032", + "description": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31032" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8.json b/objects/vulnerability/vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8.json new file mode 100644 index 00000000000..d84c5c837b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc361b1a-d9c0-4ca1-ac21-dcb5473fcb26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f64facb0-8d54-44af-8f85-1bf4d60033b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-13T00:28:30.666654Z", + "modified": "2024-01-13T00:28:30.666654Z", + "name": "CVE-2023-2030", + "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2030" + } + ] + } + ] +} \ No newline at end of file