From 4e5dfcbe81b89fe271b2835ea65ccdc7673f0b2f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 00:26:50 +0000 Subject: [PATCH] generated content from 2024-02-09 --- mapping.csv | 89 +++++++++++++++++++ ...-00b07f1b-9fd2-484b-85fb-75604588dd31.json | 22 +++++ ...-02cfe5f8-0e66-4320-ab6e-52b87ca50369.json | 22 +++++ ...-067a3b34-52d8-48ca-b51a-8b6f47041f49.json | 22 +++++ ...-06d2218b-a6a4-4264-9c8f-6558e7507907.json | 22 +++++ ...-0d39161e-7414-4297-9f22-7fda3c992862.json | 22 +++++ ...-0f6b94cc-172f-406d-90dd-50d0258affef.json | 22 +++++ ...-10b507b8-121b-447d-90bd-92aa4e4f8706.json | 22 +++++ ...-17f125b5-f90a-4413-8fa4-cd6c76947f85.json | 22 +++++ ...-183a40fe-d23b-4068-9d18-9c6634bd373d.json | 22 +++++ ...-1e31dc5a-0eff-4dc2-845e-1a97432fe654.json | 22 +++++ ...-1f1ee9bf-4657-4ce3-bbff-a2413d380e17.json | 22 +++++ ...-299409f9-e258-44ab-b24c-eeb273b97093.json | 22 +++++ ...-2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4.json | 22 +++++ ...-2f03984d-eefa-4e9f-bfb1-6abeca09b235.json | 22 +++++ ...-2f3e4900-13ec-482d-9963-7e4b6198ab12.json | 22 +++++ ...-3090df76-dcae-40c6-91f8-b329218bdda2.json | 22 +++++ ...-35b3368e-6aea-4b54-97a1-c2fd4691e42f.json | 22 +++++ ...-35d3dd20-9d8a-42f4-ad05-2163424e6b1a.json | 22 +++++ ...-3df9ebf7-4da6-4ee9-92ed-727b375dd6c7.json | 22 +++++ ...-3fe01c6d-dd8f-46de-b500-90e7f88c40f4.json | 22 +++++ ...-43b340cb-b64a-415a-b415-fadff0c58642.json | 22 +++++ ...-492d9be8-0b14-43de-ae8f-0cab91fdc565.json | 22 +++++ ...-4f7397f0-dea1-427b-aa73-4048bf2ce983.json | 22 +++++ ...-50212b87-141f-4fe2-92e3-6842ae5601b2.json | 22 +++++ ...-52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b.json | 22 +++++ ...-584bc6e7-d3d1-48c5-af71-dae3214106d5.json | 22 +++++ ...-5a65cf53-fdb8-497d-b275-6dc6b67e738a.json | 22 +++++ ...-5b32abfe-ed94-430d-bff3-89ecebfe6501.json | 22 +++++ ...-6018d8d2-c126-4cd7-92d6-e51590159295.json | 22 +++++ ...-636a2b2d-e1b9-4238-8e47-53134d6bce20.json | 22 +++++ ...-65dd19b7-6073-42b1-a3e3-4bbdff2c0d03.json | 22 +++++ ...-681233d2-63b3-4039-b523-898290958737.json | 22 +++++ ...-68667195-5b26-4da7-a365-54b0f159b35a.json | 22 +++++ ...-6e6c330e-9d34-44a3-9271-9d2b5e832859.json | 22 +++++ ...-70f88780-d25d-4c6d-903c-cba702ff1433.json | 22 +++++ ...-71a76839-ad72-4fd2-a460-2845caa5fe9d.json | 22 +++++ ...-76b5f1f6-fe73-4ffa-9e24-7528743ba636.json | 22 +++++ ...-7709acef-5740-48cf-b66c-3bd2d928b7a4.json | 22 +++++ ...-79db44c2-d745-4999-b4b9-45ecce960e39.json | 22 +++++ ...-7f65b5ec-e876-4fb2-872b-fdea5b03cf9a.json | 22 +++++ ...-8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b.json | 22 +++++ ...-8b49da36-9199-45fd-842f-95ab25e75a95.json | 22 +++++ ...-8ceffcaf-5bce-4ae2-822b-875a9f21fc87.json | 22 +++++ ...-8dbaae05-4c42-4cab-8844-9f61a0415a61.json | 22 +++++ ...-8e747570-25dc-4843-bb4c-016dcc55a2d3.json | 22 +++++ ...-8f6008e5-fa24-4b01-807b-92321a66a903.json | 22 +++++ ...-90ed0889-f39d-4c82-b130-ecfa36af4e63.json | 22 +++++ ...-912a11f6-f682-4d45-acc3-2955de202af0.json | 22 +++++ ...-914db902-3e92-47bb-90cc-40dfdd17e287.json | 22 +++++ ...-92a03d5b-bf71-4951-8769-f8173d9a6db1.json | 22 +++++ ...-94812110-23df-4f64-a3eb-3c75abcc4c92.json | 22 +++++ ...-95392fd8-a6ee-4741-bcc9-897b3d7fbf52.json | 22 +++++ ...-992913a9-e1d1-4f28-aa2c-a993b9c76a8e.json | 22 +++++ ...-9e4135b0-93c1-4bea-adc3-59e280772806.json | 22 +++++ ...-a881d6f1-2f4e-4764-928d-ee2f682267e1.json | 22 +++++ ...-aa305e23-89b2-4b3b-b278-7777f8d21656.json | 22 +++++ ...-ac0ac2dc-9be3-4404-9169-b30603d816a2.json | 22 +++++ ...-b20bb0ec-247f-41b1-a3ed-7cff7a853c80.json | 22 +++++ ...-b9df823b-d471-43cd-b95f-89f2b0fb67db.json | 22 +++++ ...-c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc.json | 22 +++++ ...-ca445945-bc02-42c8-85e9-380eb3a87d78.json | 22 +++++ ...-cc77fb9a-ea27-4177-974a-f90e4382eff0.json | 22 +++++ ...-ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4.json | 22 +++++ ...-d676505d-fb4e-4cb6-bcc2-dbfea23a97f6.json | 22 +++++ ...-db6a82cb-a555-4c9d-b936-50de143014cf.json | 22 +++++ ...-dc37c29c-c252-40af-a90e-dc0e7ded3881.json | 22 +++++ ...-dc526664-0d0a-445b-92c9-5f0c18469c16.json | 22 +++++ ...-e0abbf48-c489-43d2-ac46-e51d5727fa8c.json | 22 +++++ ...-e212f06b-3c7c-4afa-b792-1fae42880ecc.json | 22 +++++ ...-e22bf95f-28cb-4434-87fc-974239e9fdbc.json | 22 +++++ ...-e29fe1fd-3de9-4b8f-a500-7646b14bae91.json | 22 +++++ ...-e32d7124-70c3-4b4e-979a-196703c618d9.json | 22 +++++ ...-e3e433af-5a26-435b-b728-7d68f301b1a6.json | 22 +++++ ...-e3e5e6cb-1567-4fe3-b5a6-5a392e41645a.json | 22 +++++ ...-e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d.json | 22 +++++ ...-e63de127-ff15-425c-8af4-06cd9d9bb4bd.json | 22 +++++ ...-e64090dc-4063-4686-9079-29e3e4845294.json | 22 +++++ ...-e79868da-f3c3-4fbe-abdb-c73323ef6005.json | 22 +++++ ...-e8fc8d87-ccd1-4cc9-ad97-268118ad4624.json | 22 +++++ ...-f2487aaf-7669-44bf-96f1-ba3cc656d6dc.json | 22 +++++ ...-f30d7c24-942b-4d2e-b506-ba59b418724d.json | 22 +++++ ...-f32833c5-7ee7-406f-a213-3a17ba3dc6f6.json | 22 +++++ ...-f3801fd8-8cf6-465f-85af-d7ea74c4f456.json | 22 +++++ ...-f6868b12-1fe4-4ced-9a8a-8de05017e28d.json | 22 +++++ ...-f688f91c-e3af-4232-815f-9746a3711ffa.json | 22 +++++ ...-f996fa01-52e5-4bc7-9402-f2f31693004e.json | 22 +++++ ...-fa26887d-6f92-4f1b-8991-14e1f26a510c.json | 22 +++++ ...-fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d.json | 22 +++++ ...-fa9add93-11ce-4ac9-8f2e-08b2550af114.json | 22 +++++ 90 files changed, 2047 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31.json create mode 100644 objects/vulnerability/vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369.json create mode 100644 objects/vulnerability/vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49.json create mode 100644 objects/vulnerability/vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907.json create mode 100644 objects/vulnerability/vulnerability--0d39161e-7414-4297-9f22-7fda3c992862.json create mode 100644 objects/vulnerability/vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef.json create mode 100644 objects/vulnerability/vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706.json create mode 100644 objects/vulnerability/vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85.json create mode 100644 objects/vulnerability/vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d.json create mode 100644 objects/vulnerability/vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654.json create mode 100644 objects/vulnerability/vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17.json create mode 100644 objects/vulnerability/vulnerability--299409f9-e258-44ab-b24c-eeb273b97093.json create mode 100644 objects/vulnerability/vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4.json create mode 100644 objects/vulnerability/vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235.json create mode 100644 objects/vulnerability/vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12.json create mode 100644 objects/vulnerability/vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2.json create mode 100644 objects/vulnerability/vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f.json create mode 100644 objects/vulnerability/vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a.json create mode 100644 objects/vulnerability/vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7.json create mode 100644 objects/vulnerability/vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4.json create mode 100644 objects/vulnerability/vulnerability--43b340cb-b64a-415a-b415-fadff0c58642.json create mode 100644 objects/vulnerability/vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565.json create mode 100644 objects/vulnerability/vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983.json create mode 100644 objects/vulnerability/vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2.json create mode 100644 objects/vulnerability/vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b.json create mode 100644 objects/vulnerability/vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5.json create mode 100644 objects/vulnerability/vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a.json create mode 100644 objects/vulnerability/vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501.json create mode 100644 objects/vulnerability/vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295.json create mode 100644 objects/vulnerability/vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20.json create mode 100644 objects/vulnerability/vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03.json create mode 100644 objects/vulnerability/vulnerability--681233d2-63b3-4039-b523-898290958737.json create mode 100644 objects/vulnerability/vulnerability--68667195-5b26-4da7-a365-54b0f159b35a.json create mode 100644 objects/vulnerability/vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859.json create mode 100644 objects/vulnerability/vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433.json create mode 100644 objects/vulnerability/vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d.json create mode 100644 objects/vulnerability/vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636.json create mode 100644 objects/vulnerability/vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4.json create mode 100644 objects/vulnerability/vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39.json create mode 100644 objects/vulnerability/vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a.json create mode 100644 objects/vulnerability/vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b.json create mode 100644 objects/vulnerability/vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95.json create mode 100644 objects/vulnerability/vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87.json create mode 100644 objects/vulnerability/vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61.json create mode 100644 objects/vulnerability/vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3.json create mode 100644 objects/vulnerability/vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903.json create mode 100644 objects/vulnerability/vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63.json create mode 100644 objects/vulnerability/vulnerability--912a11f6-f682-4d45-acc3-2955de202af0.json create mode 100644 objects/vulnerability/vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287.json create mode 100644 objects/vulnerability/vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1.json create mode 100644 objects/vulnerability/vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92.json create mode 100644 objects/vulnerability/vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52.json create mode 100644 objects/vulnerability/vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e.json create mode 100644 objects/vulnerability/vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806.json create mode 100644 objects/vulnerability/vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1.json create mode 100644 objects/vulnerability/vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656.json create mode 100644 objects/vulnerability/vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2.json create mode 100644 objects/vulnerability/vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80.json create mode 100644 objects/vulnerability/vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db.json create mode 100644 objects/vulnerability/vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc.json create mode 100644 objects/vulnerability/vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78.json create mode 100644 objects/vulnerability/vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0.json create mode 100644 objects/vulnerability/vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4.json create mode 100644 objects/vulnerability/vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6.json create mode 100644 objects/vulnerability/vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf.json create mode 100644 objects/vulnerability/vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881.json create mode 100644 objects/vulnerability/vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16.json create mode 100644 objects/vulnerability/vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c.json create mode 100644 objects/vulnerability/vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc.json create mode 100644 objects/vulnerability/vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc.json create mode 100644 objects/vulnerability/vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91.json create mode 100644 objects/vulnerability/vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9.json create mode 100644 objects/vulnerability/vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6.json create mode 100644 objects/vulnerability/vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a.json create mode 100644 objects/vulnerability/vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d.json create mode 100644 objects/vulnerability/vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd.json create mode 100644 objects/vulnerability/vulnerability--e64090dc-4063-4686-9079-29e3e4845294.json create mode 100644 objects/vulnerability/vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005.json create mode 100644 objects/vulnerability/vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624.json create mode 100644 objects/vulnerability/vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc.json create mode 100644 objects/vulnerability/vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d.json create mode 100644 objects/vulnerability/vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6.json create mode 100644 objects/vulnerability/vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456.json create mode 100644 objects/vulnerability/vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d.json create mode 100644 objects/vulnerability/vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa.json create mode 100644 objects/vulnerability/vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e.json create mode 100644 objects/vulnerability/vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c.json create mode 100644 objects/vulnerability/vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d.json create mode 100644 objects/vulnerability/vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114.json diff --git a/mapping.csv b/mapping.csv index 34b020c849b..c9ef9c62720 100644 --- a/mapping.csv +++ b/mapping.csv @@ -224828,3 +224828,92 @@ vulnerability,CVE-2023-38369,vulnerability--e17882d7-8dcc-4911-833f-5291cc7491b9 vulnerability,CVE-2023-38995,vulnerability--9e99db4b-ecfb-4791-9374-7d61340250a5 vulnerability,CVE-2023-46914,vulnerability--8c83cabd-d323-45b9-b3a1-c38baad10d2f vulnerability,CVE-2023-43017,vulnerability--db54d9dd-9b8c-44cd-aecb-fb96fd9b5b61 +vulnerability,CVE-2024-1329,vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4 +vulnerability,CVE-2024-1150,vulnerability--912a11f6-f682-4d45-acc3-2955de202af0 +vulnerability,CVE-2024-1149,vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005 +vulnerability,CVE-2024-1312,vulnerability--68667195-5b26-4da7-a365-54b0f159b35a +vulnerability,CVE-2024-1207,vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e +vulnerability,CVE-2024-0985,vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61 +vulnerability,CVE-2024-0242,vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1 +vulnerability,CVE-2024-0511,vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d +vulnerability,CVE-2024-0965,vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565 +vulnerability,CVE-2024-24113,vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c +vulnerability,CVE-2024-24885,vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85 +vulnerability,CVE-2024-24836,vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287 +vulnerability,CVE-2024-24820,vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d +vulnerability,CVE-2024-24881,vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87 +vulnerability,CVE-2024-24014,vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20 +vulnerability,CVE-2024-24498,vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369 +vulnerability,CVE-2024-24003,vulnerability--299409f9-e258-44ab-b24c-eeb273b97093 +vulnerability,CVE-2024-24829,vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d +vulnerability,CVE-2024-24880,vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295 +vulnerability,CVE-2024-24215,vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806 +vulnerability,CVE-2024-24879,vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a +vulnerability,CVE-2024-24017,vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d +vulnerability,CVE-2024-24494,vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92 +vulnerability,CVE-2024-24018,vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1 +vulnerability,CVE-2024-24216,vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2 +vulnerability,CVE-2024-24321,vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624 +vulnerability,CVE-2024-24830,vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a +vulnerability,CVE-2024-24495,vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b +vulnerability,CVE-2024-24024,vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31 +vulnerability,CVE-2024-24393,vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db +vulnerability,CVE-2024-24213,vulnerability--e64090dc-4063-4686-9079-29e3e4845294 +vulnerability,CVE-2024-24821,vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7 +vulnerability,CVE-2024-24115,vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91 +vulnerability,CVE-2024-24021,vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6 +vulnerability,CVE-2024-24202,vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235 +vulnerability,CVE-2024-24825,vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a +vulnerability,CVE-2024-24834,vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4 +vulnerability,CVE-2024-24023,vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903 +vulnerability,CVE-2024-24350,vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d +vulnerability,CVE-2024-24886,vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656 +vulnerability,CVE-2024-24499,vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52 +vulnerability,CVE-2024-24877,vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd +vulnerability,CVE-2024-24878,vulnerability--43b340cb-b64a-415a-b415-fadff0c58642 +vulnerability,CVE-2024-24871,vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456 +vulnerability,CVE-2024-24091,vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4 +vulnerability,CVE-2024-24496,vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80 +vulnerability,CVE-2024-24025,vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17 +vulnerability,CVE-2024-24497,vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6 +vulnerability,CVE-2024-24026,vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2 +vulnerability,CVE-2024-24034,vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654 +vulnerability,CVE-2024-23452,vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e +vulnerability,CVE-2024-23764,vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f +vulnerability,CVE-2024-23756,vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78 +vulnerability,CVE-2024-23660,vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49 +vulnerability,CVE-2024-22464,vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983 +vulnerability,CVE-2024-22795,vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5 +vulnerability,CVE-2024-22394,vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63 +vulnerability,CVE-2024-22836,vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef +vulnerability,CVE-2024-25146,vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39 +vulnerability,CVE-2024-25107,vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc +vulnerability,CVE-2024-25189,vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa +vulnerability,CVE-2024-25191,vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2 +vulnerability,CVE-2024-25106,vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0 +vulnerability,CVE-2024-25190,vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501 +vulnerability,CVE-2024-25144,vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95 +vulnerability,CVE-2024-25148,vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03 +vulnerability,CVE-2023-42282,vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114 +vulnerability,CVE-2023-6517,vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9 +vulnerability,CVE-2023-6564,vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c +vulnerability,CVE-2023-6515,vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4 +vulnerability,CVE-2023-6519,vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc +vulnerability,CVE-2023-6518,vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d +vulnerability,CVE-2023-49101,vulnerability--681233d2-63b3-4039-b523-898290958737 +vulnerability,CVE-2023-50061,vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3 +vulnerability,CVE-2023-47131,vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b +vulnerability,CVE-2023-47020,vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12 +vulnerability,CVE-2023-47798,vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433 +vulnerability,CVE-2023-47132,vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881 +vulnerability,CVE-2023-48974,vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc +vulnerability,CVE-2023-51630,vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6 +vulnerability,CVE-2023-40265,vulnerability--0d39161e-7414-4297-9f22-7fda3c992862 +vulnerability,CVE-2023-40263,vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706 +vulnerability,CVE-2023-40262,vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636 +vulnerability,CVE-2023-40264,vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16 +vulnerability,CVE-2023-40266,vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc +vulnerability,CVE-2023-7169,vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf +vulnerability,CVE-2023-25365,vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907 +vulnerability,CVE-2023-5665,vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a +vulnerability,CVE-2023-27001,vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859 diff --git a/objects/vulnerability/vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31.json b/objects/vulnerability/vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31.json new file mode 100644 index 00000000000..b2a910e0aa7 --- /dev/null +++ b/objects/vulnerability/vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3b69df0-ed28-473b-aa92-da02ae8886c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00b07f1b-9fd2-484b-85fb-75604588dd31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.255587Z", + "modified": "2024-02-09T00:26:26.255587Z", + "name": "CVE-2024-24024", + "description": "An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369.json b/objects/vulnerability/vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369.json new file mode 100644 index 00000000000..cfda3477543 --- /dev/null +++ b/objects/vulnerability/vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--50043fbd-f9b3-4d80-8503-b7edc664cae5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02cfe5f8-0e66-4320-ab6e-52b87ca50369", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.231207Z", + "modified": "2024-02-09T00:26:26.231207Z", + "name": "CVE-2024-24498", + "description": "Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49.json b/objects/vulnerability/vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49.json new file mode 100644 index 00000000000..1550b8d7ef0 --- /dev/null +++ b/objects/vulnerability/vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--142ccc5e-e3d9-487b-b16f-39a9531c9a0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--067a3b34-52d8-48ca-b51a-8b6f47041f49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.33998Z", + "modified": "2024-02-09T00:26:26.33998Z", + "name": "CVE-2024-23660", + "description": "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907.json b/objects/vulnerability/vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907.json new file mode 100644 index 00000000000..b0f3cd1abb9 --- /dev/null +++ b/objects/vulnerability/vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd3dafab-b050-4409-938b-0dd65cd3d662", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06d2218b-a6a4-4264-9c8f-6558e7507907", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:31.052161Z", + "modified": "2024-02-09T00:26:31.052161Z", + "name": "CVE-2023-25365", + "description": "Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-25365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d39161e-7414-4297-9f22-7fda3c992862.json b/objects/vulnerability/vulnerability--0d39161e-7414-4297-9f22-7fda3c992862.json new file mode 100644 index 00000000000..cca13c5aaf1 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d39161e-7414-4297-9f22-7fda3c992862.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9112e81-f14e-4005-b403-9f0db7d0dfa5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d39161e-7414-4297-9f22-7fda3c992862", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.524053Z", + "modified": "2024-02-09T00:26:30.524053Z", + "name": "CVE-2023-40265", + "description": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40265" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef.json b/objects/vulnerability/vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef.json new file mode 100644 index 00000000000..d11ae62034b --- /dev/null +++ b/objects/vulnerability/vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe662998-f4cc-4f60-8c02-fa47e15d768b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f6b94cc-172f-406d-90dd-50d0258affef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.397951Z", + "modified": "2024-02-09T00:26:26.397951Z", + "name": "CVE-2024-22836", + "description": "An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22836" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706.json b/objects/vulnerability/vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706.json new file mode 100644 index 00000000000..b083b7fcac3 --- /dev/null +++ b/objects/vulnerability/vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a52b0e81-3236-4981-b78e-6077d4c53980", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10b507b8-121b-447d-90bd-92aa4e4f8706", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.530757Z", + "modified": "2024-02-09T00:26:30.530757Z", + "name": "CVE-2023-40263", + "description": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85.json b/objects/vulnerability/vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85.json new file mode 100644 index 00000000000..a85de0b6f81 --- /dev/null +++ b/objects/vulnerability/vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a5da09c-e006-4a69-8d2b-4913691eaa50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17f125b5-f90a-4413-8fa4-cd6c76947f85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.222027Z", + "modified": "2024-02-09T00:26:26.222027Z", + "name": "CVE-2024-24885", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24885" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d.json b/objects/vulnerability/vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d.json new file mode 100644 index 00000000000..1066e4e079e --- /dev/null +++ b/objects/vulnerability/vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d3ac7fa-3649-471d-a003-b1a96c36e935", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--183a40fe-d23b-4068-9d18-9c6634bd373d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.241188Z", + "modified": "2024-02-09T00:26:26.241188Z", + "name": "CVE-2024-24017", + "description": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654.json b/objects/vulnerability/vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654.json new file mode 100644 index 00000000000..83a495194be --- /dev/null +++ b/objects/vulnerability/vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b05ce5d-e397-44b1-93b9-10a1f04459c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e31dc5a-0eff-4dc2-845e-1a97432fe654", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.297505Z", + "modified": "2024-02-09T00:26:26.297505Z", + "name": "CVE-2024-24034", + "description": "Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17.json b/objects/vulnerability/vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17.json new file mode 100644 index 00000000000..7abce7ef7b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87d71691-e61b-4ac5-aba5-d5072df16070", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f1ee9bf-4657-4ce3-bbff-a2413d380e17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.287639Z", + "modified": "2024-02-09T00:26:26.287639Z", + "name": "CVE-2024-24025", + "description": "An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--299409f9-e258-44ab-b24c-eeb273b97093.json b/objects/vulnerability/vulnerability--299409f9-e258-44ab-b24c-eeb273b97093.json new file mode 100644 index 00000000000..90b1b88d265 --- /dev/null +++ b/objects/vulnerability/vulnerability--299409f9-e258-44ab-b24c-eeb273b97093.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--715bf747-c1c4-4ff6-9727-3f473efe299a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--299409f9-e258-44ab-b24c-eeb273b97093", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.232208Z", + "modified": "2024-02-09T00:26:26.232208Z", + "name": "CVE-2024-24003", + "description": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4.json b/objects/vulnerability/vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4.json new file mode 100644 index 00000000000..bb3b651d2b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--50e4efa9-e7f8-42d8-9eb0-f5e7f539109f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2da9c2e4-f3e8-4ca2-94bb-950b736e7ba4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.266309Z", + "modified": "2024-02-09T00:26:26.266309Z", + "name": "CVE-2024-24834", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24834" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235.json b/objects/vulnerability/vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235.json new file mode 100644 index 00000000000..591544e982c --- /dev/null +++ b/objects/vulnerability/vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--697a53d2-b665-4010-84bf-5ba5e9dea1c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f03984d-eefa-4e9f-bfb1-6abeca09b235", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.263877Z", + "modified": "2024-02-09T00:26:26.263877Z", + "name": "CVE-2024-24202", + "description": "An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24202" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12.json b/objects/vulnerability/vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12.json new file mode 100644 index 00000000000..8e81321ccd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa436b77-5073-45b9-91d1-6b877bf9804b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f3e4900-13ec-482d-9963-7e4b6198ab12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.037639Z", + "modified": "2024-02-09T00:26:30.037639Z", + "name": "CVE-2023-47020", + "description": "Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2.json b/objects/vulnerability/vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2.json new file mode 100644 index 00000000000..adb94fbc6b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59e3f097-2e27-4085-a4ac-3b3721bc833e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3090df76-dcae-40c6-91f8-b329218bdda2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.246938Z", + "modified": "2024-02-09T00:26:26.246938Z", + "name": "CVE-2024-24216", + "description": "Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f.json b/objects/vulnerability/vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f.json new file mode 100644 index 00000000000..fecb7bcfea4 --- /dev/null +++ b/objects/vulnerability/vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0282cbc7-898d-498f-a4f6-a1aaa6f52eba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35b3368e-6aea-4b54-97a1-c2fd4691e42f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.323226Z", + "modified": "2024-02-09T00:26:26.323226Z", + "name": "CVE-2024-23764", + "description": "Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23764" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a.json b/objects/vulnerability/vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a.json new file mode 100644 index 00000000000..3b3b2af4ee9 --- /dev/null +++ b/objects/vulnerability/vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f8cb2aa-6ac4-4900-9f28-e0e1c4de7d16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35d3dd20-9d8a-42f4-ad05-2163424e6b1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.252666Z", + "modified": "2024-02-09T00:26:26.252666Z", + "name": "CVE-2024-24830", + "description": "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the \"/api/{org_id}/users\" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24830" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7.json b/objects/vulnerability/vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7.json new file mode 100644 index 00000000000..2b3e80a9962 --- /dev/null +++ b/objects/vulnerability/vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20aacbbf-520f-4a6e-bdcb-2c245ee60812", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3df9ebf7-4da6-4ee9-92ed-727b375dd6c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.259784Z", + "modified": "2024-02-09T00:26:26.259784Z", + "name": "CVE-2024-24821", + "description": "Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh\nrm vendor/composer/installed.php vendor/composer/InstalledVersions.php\ncomposer install --no-scripts --no-plugins\n```", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24821" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4.json b/objects/vulnerability/vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4.json new file mode 100644 index 00000000000..ea5fc077de5 --- /dev/null +++ b/objects/vulnerability/vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d85213c0-69de-4091-b200-b374e19f7332", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3fe01c6d-dd8f-46de-b500-90e7f88c40f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.283629Z", + "modified": "2024-02-09T00:26:26.283629Z", + "name": "CVE-2024-24091", + "description": "Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24091" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43b340cb-b64a-415a-b415-fadff0c58642.json b/objects/vulnerability/vulnerability--43b340cb-b64a-415a-b415-fadff0c58642.json new file mode 100644 index 00000000000..4c8c95c76cd --- /dev/null +++ b/objects/vulnerability/vulnerability--43b340cb-b64a-415a-b415-fadff0c58642.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58f2a256-7626-4443-a5fb-e53a5632c939", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43b340cb-b64a-415a-b415-fadff0c58642", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.280857Z", + "modified": "2024-02-09T00:26:26.280857Z", + "name": "CVE-2024-24878", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565.json b/objects/vulnerability/vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565.json new file mode 100644 index 00000000000..6828b310c1c --- /dev/null +++ b/objects/vulnerability/vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c09c4afe-1a8a-4978-8556-b4ebff305123", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--492d9be8-0b14-43de-ae8f-0cab91fdc565", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.203303Z", + "modified": "2024-02-09T00:26:26.203303Z", + "name": "CVE-2024-0965", + "description": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983.json b/objects/vulnerability/vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983.json new file mode 100644 index 00000000000..44da7cb4b7b --- /dev/null +++ b/objects/vulnerability/vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e79b859a-c809-4445-907f-6bbb4652330f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f7397f0-dea1-427b-aa73-4048bf2ce983", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.35353Z", + "modified": "2024-02-09T00:26:26.35353Z", + "name": "CVE-2024-22464", + "description": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2.json b/objects/vulnerability/vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2.json new file mode 100644 index 00000000000..7197a4ca5d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a0634b1-b5e3-46f6-9142-f25bdc1a8705", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50212b87-141f-4fe2-92e3-6842ae5601b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.414305Z", + "modified": "2024-02-09T00:26:26.414305Z", + "name": "CVE-2024-25191", + "description": "php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b.json b/objects/vulnerability/vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b.json new file mode 100644 index 00000000000..7e58f2ecd6d --- /dev/null +++ b/objects/vulnerability/vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18ae3297-aedd-4587-af40-170020c82c43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52e65e48-afaa-4dd4-aaa1-bb8eb5b21d1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.253662Z", + "modified": "2024-02-09T00:26:26.253662Z", + "name": "CVE-2024-24495", + "description": "SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5.json b/objects/vulnerability/vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5.json new file mode 100644 index 00000000000..0fee7221686 --- /dev/null +++ b/objects/vulnerability/vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ffd9689-81b0-464e-b465-8f1bc4356467", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--584bc6e7-d3d1-48c5-af71-dae3214106d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.357398Z", + "modified": "2024-02-09T00:26:26.357398Z", + "name": "CVE-2024-22795", + "description": "Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a.json b/objects/vulnerability/vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a.json new file mode 100644 index 00000000000..89f5bf7679e --- /dev/null +++ b/objects/vulnerability/vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca388cba-c8f2-4829-a600-553e84e6de4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a65cf53-fdb8-497d-b275-6dc6b67e738a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:31.103773Z", + "modified": "2024-02-09T00:26:31.103773Z", + "name": "CVE-2023-5665", + "description": "The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501.json b/objects/vulnerability/vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501.json new file mode 100644 index 00000000000..9207774fe58 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04baa210-8f5f-46e7-8957-8338941b397c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b32abfe-ed94-430d-bff3-89ecebfe6501", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.424206Z", + "modified": "2024-02-09T00:26:26.424206Z", + "name": "CVE-2024-25190", + "description": "l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25190" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295.json b/objects/vulnerability/vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295.json new file mode 100644 index 00000000000..5453a6d5bec --- /dev/null +++ b/objects/vulnerability/vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b2f22d9-a91d-42bc-a7e5-f41dbf118ce1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6018d8d2-c126-4cd7-92d6-e51590159295", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.237339Z", + "modified": "2024-02-09T00:26:26.237339Z", + "name": "CVE-2024-24880", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24880" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20.json b/objects/vulnerability/vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20.json new file mode 100644 index 00000000000..f9b70eb26a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a654b8f-763b-4bb5-8121-2a5121d1fb39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--636a2b2d-e1b9-4238-8e47-53134d6bce20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.228914Z", + "modified": "2024-02-09T00:26:26.228914Z", + "name": "CVE-2024-24014", + "description": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03.json b/objects/vulnerability/vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03.json new file mode 100644 index 00000000000..ad5eccb15c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1c9791c-fa1b-4dcf-b8fa-5ecdd6c35ae1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65dd19b7-6073-42b1-a3e3-4bbdff2c0d03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.427771Z", + "modified": "2024-02-09T00:26:26.427771Z", + "name": "CVE-2024-25148", + "description": "In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25148" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--681233d2-63b3-4039-b523-898290958737.json b/objects/vulnerability/vulnerability--681233d2-63b3-4039-b523-898290958737.json new file mode 100644 index 00000000000..516fe5a1c43 --- /dev/null +++ b/objects/vulnerability/vulnerability--681233d2-63b3-4039-b523-898290958737.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40aaa797-28e9-4403-a3c8-d69baaae53e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--681233d2-63b3-4039-b523-898290958737", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.829247Z", + "modified": "2024-02-09T00:26:29.829247Z", + "name": "CVE-2023-49101", + "description": "WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49101" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68667195-5b26-4da7-a365-54b0f159b35a.json b/objects/vulnerability/vulnerability--68667195-5b26-4da7-a365-54b0f159b35a.json new file mode 100644 index 00000000000..fc5d329742f --- /dev/null +++ b/objects/vulnerability/vulnerability--68667195-5b26-4da7-a365-54b0f159b35a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c252c8ef-f9a2-4359-834c-1d88c555fb0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68667195-5b26-4da7-a365-54b0f159b35a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.14707Z", + "modified": "2024-02-09T00:26:26.14707Z", + "name": "CVE-2024-1312", + "description": "A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1312" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859.json b/objects/vulnerability/vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859.json new file mode 100644 index 00000000000..f7bf4161b08 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--170cbc5d-c8cc-4468-b686-e1caa05d7a0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e6c330e-9d34-44a3-9271-9d2b5e832859", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:31.158307Z", + "modified": "2024-02-09T00:26:31.158307Z", + "name": "CVE-2023-27001", + "description": "An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-27001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433.json b/objects/vulnerability/vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433.json new file mode 100644 index 00000000000..3b437adf536 --- /dev/null +++ b/objects/vulnerability/vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa47dd77-d607-48f9-91e7-0ed6dda67dc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70f88780-d25d-4c6d-903c-cba702ff1433", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.039375Z", + "modified": "2024-02-09T00:26:30.039375Z", + "name": "CVE-2023-47798", + "description": "Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d.json b/objects/vulnerability/vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d.json new file mode 100644 index 00000000000..c4d3ad6ec7b --- /dev/null +++ b/objects/vulnerability/vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09b23031-10fb-48e5-bb48-c525674983a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71a76839-ad72-4fd2-a460-2845caa5fe9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.191449Z", + "modified": "2024-02-09T00:26:26.191449Z", + "name": "CVE-2024-0511", + "description": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636.json b/objects/vulnerability/vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636.json new file mode 100644 index 00000000000..abf65608e8f --- /dev/null +++ b/objects/vulnerability/vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a9d84a7-8eba-439c-9064-89d7fbf02e45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76b5f1f6-fe73-4ffa-9e24-7528743ba636", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.533379Z", + "modified": "2024-02-09T00:26:30.533379Z", + "name": "CVE-2023-40262", + "description": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40262" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4.json b/objects/vulnerability/vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4.json new file mode 100644 index 00000000000..ba6fe8dea5e --- /dev/null +++ b/objects/vulnerability/vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2388d794-c650-446d-aa23-fe75f0454bf9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7709acef-5740-48cf-b66c-3bd2d928b7a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.131083Z", + "modified": "2024-02-09T00:26:26.131083Z", + "name": "CVE-2024-1329", + "description": "HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39.json b/objects/vulnerability/vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39.json new file mode 100644 index 00000000000..7dcdd943c3b --- /dev/null +++ b/objects/vulnerability/vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--960e90b9-b539-4f6c-9385-3cfbf45e903d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79db44c2-d745-4999-b4b9-45ecce960e39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.404181Z", + "modified": "2024-02-09T00:26:26.404181Z", + "name": "CVE-2024-25146", + "description": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a.json b/objects/vulnerability/vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a.json new file mode 100644 index 00000000000..b1aca253338 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42d42b05-8ad1-4695-9c0b-7fa68e952df3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f65b5ec-e876-4fb2-872b-fdea5b03cf9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.264791Z", + "modified": "2024-02-09T00:26:26.264791Z", + "name": "CVE-2024-24825", + "description": "DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24825" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b.json b/objects/vulnerability/vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b.json new file mode 100644 index 00000000000..099fd258d7c --- /dev/null +++ b/objects/vulnerability/vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0cd101a2-04ed-4c64-9c71-b56787440945", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a1c5d9b-ffcf-454b-9cc9-b42a30f35d0b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.002429Z", + "modified": "2024-02-09T00:26:30.002429Z", + "name": "CVE-2023-47131", + "description": "The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95.json b/objects/vulnerability/vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95.json new file mode 100644 index 00000000000..991880550f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96657df5-c4ac-49a4-8068-953c49673c1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b49da36-9199-45fd-842f-95ab25e75a95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.425282Z", + "modified": "2024-02-09T00:26:26.425282Z", + "name": "CVE-2024-25144", + "description": "The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87.json b/objects/vulnerability/vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87.json new file mode 100644 index 00000000000..8dc21eda64f --- /dev/null +++ b/objects/vulnerability/vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fb4a114-7087-4944-98c2-0fbf0d7add0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ceffcaf-5bce-4ae2-822b-875a9f21fc87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.226093Z", + "modified": "2024-02-09T00:26:26.226093Z", + "name": "CVE-2024-24881", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24881" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61.json b/objects/vulnerability/vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61.json new file mode 100644 index 00000000000..5b0be03acb9 --- /dev/null +++ b/objects/vulnerability/vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdb312c0-9020-4394-95bd-936ee174f4ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dbaae05-4c42-4cab-8844-9f61a0415a61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.167278Z", + "modified": "2024-02-09T00:26:26.167278Z", + "name": "CVE-2024-0985", + "description": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0985" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3.json b/objects/vulnerability/vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3.json new file mode 100644 index 00000000000..e8ad0a551b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a214569f-9186-42c0-afb5-27f23ccd0a0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e747570-25dc-4843-bb4c-016dcc55a2d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.87831Z", + "modified": "2024-02-09T00:26:29.87831Z", + "name": "CVE-2023-50061", + "description": "PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903.json b/objects/vulnerability/vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903.json new file mode 100644 index 00000000000..f148e188f77 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3883e55d-4492-4599-8087-716363fbac0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f6008e5-fa24-4b01-807b-92321a66a903", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.26929Z", + "modified": "2024-02-09T00:26:26.26929Z", + "name": "CVE-2024-24023", + "description": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63.json b/objects/vulnerability/vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63.json new file mode 100644 index 00000000000..cfc46e6b58b --- /dev/null +++ b/objects/vulnerability/vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11a19df8-86e7-4907-885f-ccf33e661068", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90ed0889-f39d-4c82-b130-ecfa36af4e63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.379892Z", + "modified": "2024-02-09T00:26:26.379892Z", + "name": "CVE-2024-22394", + "description": "An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. \n\nThis issue affects only firmware version SonicOS 7.1.1-7040.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22394" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--912a11f6-f682-4d45-acc3-2955de202af0.json b/objects/vulnerability/vulnerability--912a11f6-f682-4d45-acc3-2955de202af0.json new file mode 100644 index 00000000000..1af6af44b26 --- /dev/null +++ b/objects/vulnerability/vulnerability--912a11f6-f682-4d45-acc3-2955de202af0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37bdf127-7c4d-4c0c-a5a2-079735b01761", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--912a11f6-f682-4d45-acc3-2955de202af0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.144058Z", + "modified": "2024-02-09T00:26:26.144058Z", + "name": "CVE-2024-1150", + "description": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1150" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287.json b/objects/vulnerability/vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287.json new file mode 100644 index 00000000000..1976c61eb66 --- /dev/null +++ b/objects/vulnerability/vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a0afa4d-56b2-4078-a913-07cf4b202a9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--914db902-3e92-47bb-90cc-40dfdd17e287", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.223141Z", + "modified": "2024-02-09T00:26:26.223141Z", + "name": "CVE-2024-24836", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24836" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1.json b/objects/vulnerability/vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1.json new file mode 100644 index 00000000000..2c0ab9fd92c --- /dev/null +++ b/objects/vulnerability/vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5fe8583-c27f-44f5-a4a6-9a32e65d928d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92a03d5b-bf71-4951-8769-f8173d9a6db1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.182923Z", + "modified": "2024-02-09T00:26:26.182923Z", + "name": "CVE-2024-0242", + "description": "Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0242" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92.json b/objects/vulnerability/vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92.json new file mode 100644 index 00000000000..6a354024245 --- /dev/null +++ b/objects/vulnerability/vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cef6c2f4-9b1a-4c38-b9ae-3788fd61ab73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94812110-23df-4f64-a3eb-3c75abcc4c92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.244906Z", + "modified": "2024-02-09T00:26:26.244906Z", + "name": "CVE-2024-24494", + "description": "Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52.json b/objects/vulnerability/vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52.json new file mode 100644 index 00000000000..1de4b08179d --- /dev/null +++ b/objects/vulnerability/vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3cbea73-906c-463a-8a7e-00b406edc9c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95392fd8-a6ee-4741-bcc9-897b3d7fbf52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.278801Z", + "modified": "2024-02-09T00:26:26.278801Z", + "name": "CVE-2024-24499", + "description": "SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e.json b/objects/vulnerability/vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e.json new file mode 100644 index 00000000000..4a55b7afe5a --- /dev/null +++ b/objects/vulnerability/vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e2dc7e4-1142-47c0-bfc9-8ca8d8a6fa4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--992913a9-e1d1-4f28-aa2c-a993b9c76a8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.152215Z", + "modified": "2024-02-09T00:26:26.152215Z", + "name": "CVE-2024-1207", + "description": "The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806.json b/objects/vulnerability/vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806.json new file mode 100644 index 00000000000..02a85210f75 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e80fe1b-d61a-4752-92e9-4ea9091da24d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e4135b0-93c1-4bea-adc3-59e280772806", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.238975Z", + "modified": "2024-02-09T00:26:26.238975Z", + "name": "CVE-2024-24215", + "description": "An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24215" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1.json b/objects/vulnerability/vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1.json new file mode 100644 index 00000000000..628ffe031e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--626be6df-4208-4a82-9b9e-400f04882ec4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a881d6f1-2f4e-4764-928d-ee2f682267e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.246029Z", + "modified": "2024-02-09T00:26:26.246029Z", + "name": "CVE-2024-24018", + "description": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656.json b/objects/vulnerability/vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656.json new file mode 100644 index 00000000000..3691dda817a --- /dev/null +++ b/objects/vulnerability/vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f1698b5-b16c-4b90-9f98-f09b72aac4b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa305e23-89b2-4b3b-b278-7777f8d21656", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.27677Z", + "modified": "2024-02-09T00:26:26.27677Z", + "name": "CVE-2024-24886", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2.json b/objects/vulnerability/vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2.json new file mode 100644 index 00000000000..ed28ab9b38f --- /dev/null +++ b/objects/vulnerability/vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8727a67a-f527-4e68-8488-0e636b709550", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac0ac2dc-9be3-4404-9169-b30603d816a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.296556Z", + "modified": "2024-02-09T00:26:26.296556Z", + "name": "CVE-2024-24026", + "description": "An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24026" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80.json b/objects/vulnerability/vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80.json new file mode 100644 index 00000000000..f68033e9049 --- /dev/null +++ b/objects/vulnerability/vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2b75c37-55e3-4416-8ad9-489491254d15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b20bb0ec-247f-41b1-a3ed-7cff7a853c80", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.286517Z", + "modified": "2024-02-09T00:26:26.286517Z", + "name": "CVE-2024-24496", + "description": "An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db.json b/objects/vulnerability/vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db.json new file mode 100644 index 00000000000..52aef283b2d --- /dev/null +++ b/objects/vulnerability/vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c62d700c-6794-4c91-8595-c9064165d50e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9df823b-d471-43cd-b95f-89f2b0fb67db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.256702Z", + "modified": "2024-02-09T00:26:26.256702Z", + "name": "CVE-2024-24393", + "description": "File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc.json b/objects/vulnerability/vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc.json new file mode 100644 index 00000000000..dcdc2c0c92b --- /dev/null +++ b/objects/vulnerability/vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfd0c3bf-3bec-457c-8f90-3911074962e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c80f4d1a-3bb4-4ac9-bee6-4d9d06cdf7dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.560298Z", + "modified": "2024-02-09T00:26:30.560298Z", + "name": "CVE-2023-40266", + "description": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40266" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78.json b/objects/vulnerability/vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78.json new file mode 100644 index 00000000000..2b5943f078e --- /dev/null +++ b/objects/vulnerability/vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--586a228b-a540-416e-8fac-4713f5993f35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca445945-bc02-42c8-85e9-380eb3a87d78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.327355Z", + "modified": "2024-02-09T00:26:26.327355Z", + "name": "CVE-2024-23756", + "description": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0.json b/objects/vulnerability/vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0.json new file mode 100644 index 00000000000..a5984592b4d --- /dev/null +++ b/objects/vulnerability/vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3b7b314-0fb4-48d8-ac13-a2c41d88d59f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc77fb9a-ea27-4177-974a-f90e4382eff0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.417908Z", + "modified": "2024-02-09T00:26:26.417908Z", + "name": "CVE-2024-25106", + "description": "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the \"/api/{org_id}/users/{email_id}\" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with \"Admin\" and \"Root\" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including \"Admins\" and \"Root\" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by \"Admins\" or \"Root\" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4.json b/objects/vulnerability/vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4.json new file mode 100644 index 00000000000..42cb4d12cea --- /dev/null +++ b/objects/vulnerability/vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4def836-3e39-4dee-8935-0fc8fd097a76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ccc86ca3-95f4-4b4d-9a1d-2cb1ea2bb9d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.723437Z", + "modified": "2024-02-09T00:26:29.723437Z", + "name": "CVE-2023-6515", + "description": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse.This issue affects MİA-MED: before 1.0.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6.json b/objects/vulnerability/vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6.json new file mode 100644 index 00000000000..fcf6ab54970 --- /dev/null +++ b/objects/vulnerability/vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--471af88d-bc42-479e-b8c9-e249f1970604", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d676505d-fb4e-4cb6-bcc2-dbfea23a97f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.299715Z", + "modified": "2024-02-09T00:26:30.299715Z", + "name": "CVE-2023-51630", + "description": "Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-21182.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf.json b/objects/vulnerability/vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf.json new file mode 100644 index 00000000000..bed8b48a7d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff71daf4-1bee-4662-956d-ee4a4b64ca57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db6a82cb-a555-4c9d-b936-50de143014cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.963355Z", + "modified": "2024-02-09T00:26:30.963355Z", + "name": "CVE-2023-7169", + "description": "Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881.json b/objects/vulnerability/vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881.json new file mode 100644 index 00000000000..fc6661374f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38cf6f2d-1c8f-40c5-a4da-21fc9812180a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc37c29c-c252-40af-a90e-dc0e7ded3881", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.042434Z", + "modified": "2024-02-09T00:26:30.042434Z", + "name": "CVE-2023-47132", + "description": "An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16.json b/objects/vulnerability/vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16.json new file mode 100644 index 00000000000..9b6b9a11025 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49f4178d-7985-4040-b60a-43f0fb4aed59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc526664-0d0a-445b-92c9-5f0c18469c16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.537045Z", + "modified": "2024-02-09T00:26:30.537045Z", + "name": "CVE-2023-40264", + "description": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40264" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c.json b/objects/vulnerability/vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c.json new file mode 100644 index 00000000000..598d27ef4aa --- /dev/null +++ b/objects/vulnerability/vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3ad3568-f9e1-4bcc-a230-71cad5af6ea4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0abbf48-c489-43d2-ac46-e51d5727fa8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.721822Z", + "modified": "2024-02-09T00:26:29.721822Z", + "name": "CVE-2023-6564", + "description": "An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc.json b/objects/vulnerability/vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc.json new file mode 100644 index 00000000000..51045975737 --- /dev/null +++ b/objects/vulnerability/vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--057a0567-d0c9-4dd8-a45d-b6dc2e952313", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e212f06b-3c7c-4afa-b792-1fae42880ecc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.731414Z", + "modified": "2024-02-09T00:26:29.731414Z", + "name": "CVE-2023-6519", + "description": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc.json b/objects/vulnerability/vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc.json new file mode 100644 index 00000000000..45fd4417964 --- /dev/null +++ b/objects/vulnerability/vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c90f0fea-2c3b-4a56-aa28-c61029076d35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e22bf95f-28cb-4434-87fc-974239e9fdbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:30.194975Z", + "modified": "2024-02-09T00:26:30.194975Z", + "name": "CVE-2023-48974", + "description": "Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-48974" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91.json b/objects/vulnerability/vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91.json new file mode 100644 index 00000000000..9b623ca7a43 --- /dev/null +++ b/objects/vulnerability/vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f8c227b1-55e9-43fc-ba5a-0c09641c6e5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e29fe1fd-3de9-4b8f-a500-7646b14bae91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.261321Z", + "modified": "2024-02-09T00:26:26.261321Z", + "name": "CVE-2024-24115", + "description": "A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9.json b/objects/vulnerability/vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9.json new file mode 100644 index 00000000000..9766957932a --- /dev/null +++ b/objects/vulnerability/vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02f31b07-00ed-454c-b688-91bdd1e6d104", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e32d7124-70c3-4b4e-979a-196703c618d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.684544Z", + "modified": "2024-02-09T00:26:29.684544Z", + "name": "CVE-2023-6517", + "description": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users.This issue affects MİA-MED: before 1.0.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6.json b/objects/vulnerability/vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6.json new file mode 100644 index 00000000000..e7639999c4c --- /dev/null +++ b/objects/vulnerability/vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e00bc7d8-5b9c-48d1-ab04-834ce8d2a346", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3e433af-5a26-435b-b728-7d68f301b1a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.262567Z", + "modified": "2024-02-09T00:26:26.262567Z", + "name": "CVE-2024-24021", + "description": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a.json b/objects/vulnerability/vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a.json new file mode 100644 index 00000000000..5f0bfb9cf84 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d8f6265-3ae1-4e73-a9e7-510c0ac39aa7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3e5e6cb-1567-4fe3-b5a6-5a392e41645a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.240077Z", + "modified": "2024-02-09T00:26:26.240077Z", + "name": "CVE-2024-24879", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d.json b/objects/vulnerability/vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d.json new file mode 100644 index 00000000000..f7e49d45809 --- /dev/null +++ b/objects/vulnerability/vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4be3c862-4182-4411-98e1-b2d09e082905", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e571b83e-7cdb-4aa7-b258-62bd5a3a1d0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.740068Z", + "modified": "2024-02-09T00:26:29.740068Z", + "name": "CVE-2023-6518", + "description": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd.json b/objects/vulnerability/vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd.json new file mode 100644 index 00000000000..ffb68ab12dd --- /dev/null +++ b/objects/vulnerability/vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ebbf837-c436-47bf-b3d7-f9d264621c7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e63de127-ff15-425c-8af4-06cd9d9bb4bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.279844Z", + "modified": "2024-02-09T00:26:26.279844Z", + "name": "CVE-2024-24877", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24877" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e64090dc-4063-4686-9079-29e3e4845294.json b/objects/vulnerability/vulnerability--e64090dc-4063-4686-9079-29e3e4845294.json new file mode 100644 index 00000000000..6acca94bc29 --- /dev/null +++ b/objects/vulnerability/vulnerability--e64090dc-4063-4686-9079-29e3e4845294.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72b9fbbf-49e2-49c7-a7ca-d2dfe8f56c4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e64090dc-4063-4686-9079-29e3e4845294", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.258631Z", + "modified": "2024-02-09T00:26:26.258631Z", + "name": "CVE-2024-24213", + "description": "Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005.json b/objects/vulnerability/vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005.json new file mode 100644 index 00000000000..a1da8527a97 --- /dev/null +++ b/objects/vulnerability/vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f4e7bee-388c-4bc3-a607-497786c59a13", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e79868da-f3c3-4fbe-abdb-c73323ef6005", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.145222Z", + "modified": "2024-02-09T00:26:26.145222Z", + "name": "CVE-2024-1149", + "description": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1149" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624.json b/objects/vulnerability/vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624.json new file mode 100644 index 00000000000..19560b06aeb --- /dev/null +++ b/objects/vulnerability/vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d54cc2c1-5670-477b-8f06-692bb2018de8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8fc8d87-ccd1-4cc9-ad97-268118ad4624", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.248071Z", + "modified": "2024-02-09T00:26:26.248071Z", + "name": "CVE-2024-24321", + "description": "An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc.json b/objects/vulnerability/vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc.json new file mode 100644 index 00000000000..b42d8507b6e --- /dev/null +++ b/objects/vulnerability/vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bc0a104-7343-4e15-8aa1-63156281cdf4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2487aaf-7669-44bf-96f1-ba3cc656d6dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.40788Z", + "modified": "2024-02-09T00:26:26.40788Z", + "name": "CVE-2024-25107", + "description": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25107" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d.json b/objects/vulnerability/vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d.json new file mode 100644 index 00000000000..00852db42cc --- /dev/null +++ b/objects/vulnerability/vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e873702b-17f0-45d5-a99e-a5c37ce7faa7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f30d7c24-942b-4d2e-b506-ba59b418724d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.233804Z", + "modified": "2024-02-09T00:26:26.233804Z", + "name": "CVE-2024-24829", + "description": "Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24829" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6.json b/objects/vulnerability/vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6.json new file mode 100644 index 00000000000..e09ce7ef56e --- /dev/null +++ b/objects/vulnerability/vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--266c066b-4f84-4864-bb33-ba9ccabbf2ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f32833c5-7ee7-406f-a213-3a17ba3dc6f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.294083Z", + "modified": "2024-02-09T00:26:26.294083Z", + "name": "CVE-2024-24497", + "description": "SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456.json b/objects/vulnerability/vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456.json new file mode 100644 index 00000000000..af82f11f9e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c26c8960-133f-401c-a99e-4253968f99ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3801fd8-8cf6-465f-85af-d7ea74c4f456", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.282694Z", + "modified": "2024-02-09T00:26:26.282694Z", + "name": "CVE-2024-24871", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24871" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d.json b/objects/vulnerability/vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d.json new file mode 100644 index 00000000000..cba3d00f5a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b37a47cb-b0b1-4480-afcd-8eedc3f7f3b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6868b12-1fe4-4ced-9a8a-8de05017e28d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.224482Z", + "modified": "2024-02-09T00:26:26.224482Z", + "name": "CVE-2024-24820", + "description": "Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa.json b/objects/vulnerability/vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa.json new file mode 100644 index 00000000000..ba251817deb --- /dev/null +++ b/objects/vulnerability/vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8d84fa4-1898-44e1-95ff-fc24f2aa4ffb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f688f91c-e3af-4232-815f-9746a3711ffa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.413085Z", + "modified": "2024-02-09T00:26:26.413085Z", + "name": "CVE-2024-25189", + "description": "libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25189" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e.json b/objects/vulnerability/vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e.json new file mode 100644 index 00000000000..1a2a75c20a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14266d4b-4b69-49a2-970a-fefcfbc1a53e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f996fa01-52e5-4bc7-9402-f2f31693004e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.314154Z", + "modified": "2024-02-09T00:26:26.314154Z", + "name": "CVE-2024-23452", + "description": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description:\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. \n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:  https://github.com/apache/brpc/pull/2518 \n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23452" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c.json b/objects/vulnerability/vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c.json new file mode 100644 index 00000000000..fd0bd3aeed8 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--321c9451-2cdd-498e-9b12-9d42bde95b1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa26887d-6f92-4f1b-8991-14e1f26a510c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.22073Z", + "modified": "2024-02-09T00:26:26.22073Z", + "name": "CVE-2024-24113", + "description": "xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d.json b/objects/vulnerability/vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d.json new file mode 100644 index 00000000000..c3318dfd911 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61b688bc-3655-42bc-8f60-14736ec1bf26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa40ef4c-3f9e-4413-b5c5-f9dd1587cc1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:26.273258Z", + "modified": "2024-02-09T00:26:26.273258Z", + "name": "CVE-2024-24350", + "description": "File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24350" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114.json b/objects/vulnerability/vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114.json new file mode 100644 index 00000000000..d9e11ee4aca --- /dev/null +++ b/objects/vulnerability/vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--faee022b-8f32-45eb-9f2b-aea84caa18ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa9add93-11ce-4ac9-8f2e-08b2550af114", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-09T00:26:29.385941Z", + "modified": "2024-02-09T00:26:29.385941Z", + "name": "CVE-2023-42282", + "description": "An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42282" + } + ] + } + ] +} \ No newline at end of file