diff --git a/mapping.csv b/mapping.csv index 8e9a1a0bdb9..70f4e4cf5e0 100644 --- a/mapping.csv +++ b/mapping.csv @@ -257967,3 +257967,85 @@ vulnerability,CVE-2018-11922,vulnerability--044a87cb-bf6d-4965-ad2c-3ccb203baf73 vulnerability,CVE-2018-11816,vulnerability--a3fe0e4f-722f-4ca0-bd09-a3e866b21b07 vulnerability,CVE-2018-11952,vulnerability--006b445c-c8db-497a-8593-6c7709e4682c vulnerability,CVE-2018-5852,vulnerability--2efa976a-d8cf-44a2-b773-53ef3a320e12 +vulnerability,CVE-2017-13323,vulnerability--d8f1dd91-a88a-4080-bfcc-1a591169de01 +vulnerability,CVE-2017-13320,vulnerability--02b3da40-5591-4da1-8ad4-3727db3bb1a8 +vulnerability,CVE-2017-13316,vulnerability--87e864db-0506-4f0f-ba23-79689e69e9bf +vulnerability,CVE-2017-13319,vulnerability--814b18b1-c6d0-485d-9a87-2d4c129f8d74 +vulnerability,CVE-2017-13321,vulnerability--c7424481-e005-4209-99b4-81b4dc9de8ea +vulnerability,CVE-2024-51228,vulnerability--6fb09801-4b1e-4172-962a-2f78548b2beb +vulnerability,CVE-2024-52951,vulnerability--8b5e1aa1-4dfa-4b1d-a34d-3f50d13db771 +vulnerability,CVE-2024-52959,vulnerability--e76d5e14-0bbb-487e-acaf-c7ec11576528 +vulnerability,CVE-2024-52958,vulnerability--ad8efe78-50a1-471e-8339-4ddfa1344d17 +vulnerability,CVE-2024-52323,vulnerability--2264538f-1047-4c58-928e-a4a7670dc8d4 +vulnerability,CVE-2024-10521,vulnerability--dad1f50b-9b6f-401d-9800-45335b9de384 +vulnerability,CVE-2024-10580,vulnerability--23784a4b-25c1-4e3b-b98b-0657e59f0208 +vulnerability,CVE-2024-10175,vulnerability--f293b536-8bff-4d6d-ac51-5065503226f3 +vulnerability,CVE-2024-10895,vulnerability--ce02435c-940e-46b2-a240-a52eb6f1f977 +vulnerability,CVE-2024-9369,vulnerability--4d74826c-c69e-42d4-a3dd-3b8d694cd572 +vulnerability,CVE-2024-47181,vulnerability--c41f5b35-0ec6-420c-9198-0a9bfb7b83d6 +vulnerability,CVE-2024-7025,vulnerability--776fddf3-3c4e-4f26-8daa-c2c26d4932b7 +vulnerability,CVE-2024-11820,vulnerability--a11acc95-16de-4c27-8a15-e7a474e6a6a6 +vulnerability,CVE-2024-11083,vulnerability--9304b836-a31d-4d4b-a135-245cee7b8b62 +vulnerability,CVE-2024-11794,vulnerability--23919414-afe8-4ac3-b21e-d755320df8de +vulnerability,CVE-2024-11797,vulnerability--23404828-47ac-48fe-8704-97309fc863d8 +vulnerability,CVE-2024-11795,vulnerability--9d467bda-8ac7-4613-b268-463fdcd615e5 +vulnerability,CVE-2024-11796,vulnerability--cf69a794-abc4-4acd-8a88-ee23f6d66acf +vulnerability,CVE-2024-11667,vulnerability--56529271-d25d-4be0-998d-776000de2b4c +vulnerability,CVE-2024-11792,vulnerability--a285cd3d-11a7-46ba-8581-283ab26d6e83 +vulnerability,CVE-2024-11219,vulnerability--08a763a5-14a5-4af7-8e29-7f15fd86d681 +vulnerability,CVE-2024-11803,vulnerability--c150078c-b727-49ae-a98b-3e778b7149c5 +vulnerability,CVE-2024-11791,vulnerability--69b15f8f-1611-47f3-a136-fca87f2f0d7d +vulnerability,CVE-2024-11860,vulnerability--01a5acde-6b06-4220-9187-db20fc11d926 +vulnerability,CVE-2024-11799,vulnerability--e782c835-5e59-4376-b437-3f084131070c +vulnerability,CVE-2024-11801,vulnerability--7cf04352-ac3d-4469-bf33-0145e5d7e0e2 +vulnerability,CVE-2024-11025,vulnerability--3e3d06fc-e5de-49c5-bf84-c2f390e9d08a +vulnerability,CVE-2024-11862,vulnerability--91f838db-0e66-444e-8cc5-fdf57798770f +vulnerability,CVE-2024-11800,vulnerability--4a540c0f-d1b8-403c-8387-30ce6e128a9b +vulnerability,CVE-2024-11790,vulnerability--10bc4712-9b2f-477f-8fbe-d7eadf77c3c6 +vulnerability,CVE-2024-11789,vulnerability--6a2bdd29-2310-46c8-b6a3-d9216f641115 +vulnerability,CVE-2024-11802,vulnerability--62d0a18c-7ddc-4b67-ba7c-401449d3782d +vulnerability,CVE-2024-11787,vulnerability--9a11e5e8-ece4-44ba-a4ce-ce0099a02bac +vulnerability,CVE-2024-11798,vulnerability--bb8b2971-158a-4a69-ac5c-cdd6e1bc475a +vulnerability,CVE-2024-11793,vulnerability--ebf3c556-d282-405f-9d66-29e9b67b8c34 +vulnerability,CVE-2024-11009,vulnerability--4737f09a-ec23-4757-8fb9-a0e354c26852 +vulnerability,CVE-2024-11933,vulnerability--81a67b5f-b307-4650-b1e2-ae98a72cb7d1 +vulnerability,CVE-2024-53859,vulnerability--f5710f6d-2721-4d76-91c0-643260696cab +vulnerability,CVE-2024-53676,vulnerability--92b2ffea-2f3b-47a2-b2b2-7e40385c05dc +vulnerability,CVE-2024-53604,vulnerability--377fa5cd-655c-4699-afba-8b5591f83007 +vulnerability,CVE-2024-53264,vulnerability--ee7456b3-f867-4863-bfd0-7faa55e87b36 +vulnerability,CVE-2024-53603,vulnerability--ae69eacf-40c1-465a-98b6-a01350550a46 +vulnerability,CVE-2024-53858,vulnerability--b8fd3e77-03f6-4a3e-9c41-eb5623ef1e40 +vulnerability,CVE-2024-53920,vulnerability--f24d2e5a-99d1-47ba-b989-b8f995f4cae4 +vulnerability,CVE-2024-53860,vulnerability--d503eb41-9557-4765-9819-b11bcc769ea6 +vulnerability,CVE-2024-53260,vulnerability--49a61f57-43ad-42d0-a85e-a659a683c052 +vulnerability,CVE-2024-53855,vulnerability--9d89ef29-1750-4860-9a20-16e9b56eec54 +vulnerability,CVE-2024-53635,vulnerability--b9e85ce6-c1cf-4fda-bdb7-890274f13bbc +vulnerability,CVE-2024-31976,vulnerability--5dd5501c-1dd7-47c9-bf1d-3e980d76d43f +vulnerability,CVE-2024-41126,vulnerability--5c8d421e-fb5f-4d7f-a635-7c0fde873c53 +vulnerability,CVE-2024-41125,vulnerability--a95870ff-a2f6-423d-abf4-1d8c5eafebba +vulnerability,CVE-2024-21703,vulnerability--b646a0cb-bda1-4d11-b33f-9ad993e95233 +vulnerability,CVE-2024-37816,vulnerability--f91691dc-ddf7-47df-9bc6-1842dd95d97c +vulnerability,CVE-2024-54004,vulnerability--5416b876-205b-4d79-812f-dab0616a3ba4 +vulnerability,CVE-2024-54003,vulnerability--d123f898-88e4-4cfd-8c44-a8d8581fdde3 +vulnerability,CVE-2024-36468,vulnerability--f9c1e21c-f6dd-4ea0-b860-99b779d6ee23 +vulnerability,CVE-2024-36464,vulnerability--07b4ee78-8b68-4633-bbe6-6d67d3e3f2c2 +vulnerability,CVE-2024-36467,vulnerability--d55eb1c9-2fec-4071-9f6e-aa3793f01192 +vulnerability,CVE-2024-46054,vulnerability--29d094d1-7b58-44c5-bdaa-330f62f930e1 +vulnerability,CVE-2024-46055,vulnerability--8d7a214d-bacc-40f9-99ff-c76d48ea1199 +vulnerability,CVE-2024-42331,vulnerability--b3d3f773-1c2e-43c5-a349-0c93533bd400 +vulnerability,CVE-2024-42330,vulnerability--19a0b5ca-97d0-4ddd-92ad-7531c342dba8 +vulnerability,CVE-2024-42333,vulnerability--43410168-2b52-491b-882d-c10f75c4462a +vulnerability,CVE-2024-42326,vulnerability--a1cfe49d-3224-4509-a2e0-454b64cb585a +vulnerability,CVE-2024-42327,vulnerability--6fa3a9ad-d1b4-4c97-8d61-47c81032c303 +vulnerability,CVE-2024-42329,vulnerability--aafdebd0-b406-44e1-a25c-9a690e32b38b +vulnerability,CVE-2024-42328,vulnerability--2c988678-156b-45d9-ab94-55fcdcba61b7 +vulnerability,CVE-2024-42332,vulnerability--aa3ee7ed-6f9d-4a8c-8c06-9158ecf26900 +vulnerability,CVE-2024-5921,vulnerability--0c277156-c5d4-4f38-b0a6-eb901d48c826 +vulnerability,CVE-2023-29001,vulnerability--75847b69-f57c-47ca-8723-6ffd954c42a4 +vulnerability,CVE-2018-9350,vulnerability--ce278b9b-8816-4d43-b8bd-22eb739ce28a +vulnerability,CVE-2018-9374,vulnerability--680b357c-a7a3-4705-b17c-d22853efe425 +vulnerability,CVE-2018-9353,vulnerability--9164d418-7cd1-4575-95e7-101f25587afe +vulnerability,CVE-2018-9354,vulnerability--a8aaf612-433d-4440-8f90-265d23b9f1d1 +vulnerability,CVE-2018-9349,vulnerability--857db9eb-1cb4-4356-888c-d430bcdc27fd +vulnerability,CVE-2018-9352,vulnerability--506fd795-f7b8-46a0-908c-f72960028eb3 +vulnerability,CVE-2018-9351,vulnerability--66b329ae-1a04-48ac-babb-569a85325f07 diff --git a/objects/vulnerability/vulnerability--01a5acde-6b06-4220-9187-db20fc11d926.json b/objects/vulnerability/vulnerability--01a5acde-6b06-4220-9187-db20fc11d926.json new file mode 100644 index 00000000000..f79756c15bd --- /dev/null +++ b/objects/vulnerability/vulnerability--01a5acde-6b06-4220-9187-db20fc11d926.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccfc0dc7-dae3-4838-bbbc-ccb02e7289fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01a5acde-6b06-4220-9187-db20fc11d926", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.829133Z", + "modified": "2024-11-28T00:39:21.829133Z", + "name": "CVE-2024-11860", + "description": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11860" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--02b3da40-5591-4da1-8ad4-3727db3bb1a8.json b/objects/vulnerability/vulnerability--02b3da40-5591-4da1-8ad4-3727db3bb1a8.json new file mode 100644 index 00000000000..1f2bf679119 --- /dev/null +++ b/objects/vulnerability/vulnerability--02b3da40-5591-4da1-8ad4-3727db3bb1a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fea7589e-5201-4c35-8135-99568275b818", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02b3da40-5591-4da1-8ad4-3727db3bb1a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:20.564327Z", + "modified": "2024-11-28T00:39:20.564327Z", + "name": "CVE-2017-13320", + "description": "In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-13320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07b4ee78-8b68-4633-bbe6-6d67d3e3f2c2.json b/objects/vulnerability/vulnerability--07b4ee78-8b68-4633-bbe6-6d67d3e3f2c2.json new file mode 100644 index 00000000000..5f62e256e9e --- /dev/null +++ b/objects/vulnerability/vulnerability--07b4ee78-8b68-4633-bbe6-6d67d3e3f2c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f52c270-42df-49e7-90a5-87f3c0941408", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07b4ee78-8b68-4633-bbe6-6d67d3e3f2c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.986708Z", + "modified": "2024-11-28T00:39:22.986708Z", + "name": "CVE-2024-36464", + "description": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08a763a5-14a5-4af7-8e29-7f15fd86d681.json b/objects/vulnerability/vulnerability--08a763a5-14a5-4af7-8e29-7f15fd86d681.json new file mode 100644 index 00000000000..dcb3705eda3 --- /dev/null +++ b/objects/vulnerability/vulnerability--08a763a5-14a5-4af7-8e29-7f15fd86d681.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2dbdb3ec-280f-4f6b-a13e-8ab2b85298e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08a763a5-14a5-4af7-8e29-7f15fd86d681", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.819562Z", + "modified": "2024-11-28T00:39:21.819562Z", + "name": "CVE-2024-11219", + "description": "The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11219" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c277156-c5d4-4f38-b0a6-eb901d48c826.json b/objects/vulnerability/vulnerability--0c277156-c5d4-4f38-b0a6-eb901d48c826.json new file mode 100644 index 00000000000..71467af5f80 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c277156-c5d4-4f38-b0a6-eb901d48c826.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81dc1a4e-b3dd-4252-ab97-9083e46d711d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c277156-c5d4-4f38-b0a6-eb901d48c826", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.463491Z", + "modified": "2024-11-28T00:39:23.463491Z", + "name": "CVE-2024-5921", + "description": "An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.\n\nGlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10bc4712-9b2f-477f-8fbe-d7eadf77c3c6.json b/objects/vulnerability/vulnerability--10bc4712-9b2f-477f-8fbe-d7eadf77c3c6.json new file mode 100644 index 00000000000..0b8343bc1de --- /dev/null +++ b/objects/vulnerability/vulnerability--10bc4712-9b2f-477f-8fbe-d7eadf77c3c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91b0c271-de37-424e-9282-f483d11f881a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10bc4712-9b2f-477f-8fbe-d7eadf77c3c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.840553Z", + "modified": "2024-11-28T00:39:21.840553Z", + "name": "CVE-2024-11790", + "description": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19a0b5ca-97d0-4ddd-92ad-7531c342dba8.json b/objects/vulnerability/vulnerability--19a0b5ca-97d0-4ddd-92ad-7531c342dba8.json new file mode 100644 index 00000000000..39f40e89118 --- /dev/null +++ b/objects/vulnerability/vulnerability--19a0b5ca-97d0-4ddd-92ad-7531c342dba8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8761865-b02e-4818-844f-2ededb66495d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19a0b5ca-97d0-4ddd-92ad-7531c342dba8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.104018Z", + "modified": "2024-11-28T00:39:23.104018Z", + "name": "CVE-2024-42330", + "description": "The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2264538f-1047-4c58-928e-a4a7670dc8d4.json b/objects/vulnerability/vulnerability--2264538f-1047-4c58-928e-a4a7670dc8d4.json new file mode 100644 index 00000000000..b27b7fa2c63 --- /dev/null +++ b/objects/vulnerability/vulnerability--2264538f-1047-4c58-928e-a4a7670dc8d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4b99b4f-b6be-4590-8b10-7e6a921735c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2264538f-1047-4c58-928e-a4a7670dc8d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.270837Z", + "modified": "2024-11-28T00:39:21.270837Z", + "name": "CVE-2024-52323", + "description": "Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23404828-47ac-48fe-8704-97309fc863d8.json b/objects/vulnerability/vulnerability--23404828-47ac-48fe-8704-97309fc863d8.json new file mode 100644 index 00000000000..17d06dc8db2 --- /dev/null +++ b/objects/vulnerability/vulnerability--23404828-47ac-48fe-8704-97309fc863d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb7ff3f1-9ff0-4a19-8186-4d7dec1da0cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23404828-47ac-48fe-8704-97309fc863d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.805419Z", + "modified": "2024-11-28T00:39:21.805419Z", + "name": "CVE-2024-11797", + "description": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11797" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23784a4b-25c1-4e3b-b98b-0657e59f0208.json b/objects/vulnerability/vulnerability--23784a4b-25c1-4e3b-b98b-0657e59f0208.json new file mode 100644 index 00000000000..c28f116e2cb --- /dev/null +++ b/objects/vulnerability/vulnerability--23784a4b-25c1-4e3b-b98b-0657e59f0208.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99b84c13-fa58-4c8f-8312-ae88d9a9c8b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23784a4b-25c1-4e3b-b98b-0657e59f0208", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.35271Z", + "modified": "2024-11-28T00:39:21.35271Z", + "name": "CVE-2024-10580", + "description": "The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10580" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23919414-afe8-4ac3-b21e-d755320df8de.json b/objects/vulnerability/vulnerability--23919414-afe8-4ac3-b21e-d755320df8de.json new file mode 100644 index 00000000000..3a836c38f28 --- /dev/null +++ b/objects/vulnerability/vulnerability--23919414-afe8-4ac3-b21e-d755320df8de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--631caa14-90d7-48ef-aad8-79dbad8a1c68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23919414-afe8-4ac3-b21e-d755320df8de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.803944Z", + "modified": "2024-11-28T00:39:21.803944Z", + "name": "CVE-2024-11794", + "description": "Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29d094d1-7b58-44c5-bdaa-330f62f930e1.json b/objects/vulnerability/vulnerability--29d094d1-7b58-44c5-bdaa-330f62f930e1.json new file mode 100644 index 00000000000..ba16667c2c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--29d094d1-7b58-44c5-bdaa-330f62f930e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82b5314c-9051-40c6-83d5-f1046dbdacd4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29d094d1-7b58-44c5-bdaa-330f62f930e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.070126Z", + "modified": "2024-11-28T00:39:23.070126Z", + "name": "CVE-2024-46054", + "description": "OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46054" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c988678-156b-45d9-ab94-55fcdcba61b7.json b/objects/vulnerability/vulnerability--2c988678-156b-45d9-ab94-55fcdcba61b7.json new file mode 100644 index 00000000000..caeb3769f62 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c988678-156b-45d9-ab94-55fcdcba61b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24ffb002-bf3e-488e-ae87-1340cd90d94f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c988678-156b-45d9-ab94-55fcdcba61b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.147812Z", + "modified": "2024-11-28T00:39:23.147812Z", + "name": "CVE-2024-42328", + "description": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--377fa5cd-655c-4699-afba-8b5591f83007.json b/objects/vulnerability/vulnerability--377fa5cd-655c-4699-afba-8b5591f83007.json new file mode 100644 index 00000000000..2e3439b8310 --- /dev/null +++ b/objects/vulnerability/vulnerability--377fa5cd-655c-4699-afba-8b5591f83007.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8e48818-6498-4a43-96bd-614c54ac8f77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--377fa5cd-655c-4699-afba-8b5591f83007", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.100537Z", + "modified": "2024-11-28T00:39:22.100537Z", + "name": "CVE-2024-53604", + "description": "A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e3d06fc-e5de-49c5-bf84-c2f390e9d08a.json b/objects/vulnerability/vulnerability--3e3d06fc-e5de-49c5-bf84-c2f390e9d08a.json new file mode 100644 index 00000000000..44f2d8399b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e3d06fc-e5de-49c5-bf84-c2f390e9d08a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ba84015-ca08-47c8-8555-85ac40f8a28b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e3d06fc-e5de-49c5-bf84-c2f390e9d08a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.834906Z", + "modified": "2024-11-28T00:39:21.834906Z", + "name": "CVE-2024-11025", + "description": "An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43410168-2b52-491b-882d-c10f75c4462a.json b/objects/vulnerability/vulnerability--43410168-2b52-491b-882d-c10f75c4462a.json new file mode 100644 index 00000000000..c1f0bf735c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--43410168-2b52-491b-882d-c10f75c4462a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd33b5b2-a891-4cbf-9305-6cd22f813356", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43410168-2b52-491b-882d-c10f75c4462a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.109821Z", + "modified": "2024-11-28T00:39:23.109821Z", + "name": "CVE-2024-42333", + "description": "The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4737f09a-ec23-4757-8fb9-a0e354c26852.json b/objects/vulnerability/vulnerability--4737f09a-ec23-4757-8fb9-a0e354c26852.json new file mode 100644 index 00000000000..9cc3c910dda --- /dev/null +++ b/objects/vulnerability/vulnerability--4737f09a-ec23-4757-8fb9-a0e354c26852.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c0df9c9-34c8-4934-8b70-e01a8d070c6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4737f09a-ec23-4757-8fb9-a0e354c26852", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.857183Z", + "modified": "2024-11-28T00:39:21.857183Z", + "name": "CVE-2024-11009", + "description": "The Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11009" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49a61f57-43ad-42d0-a85e-a659a683c052.json b/objects/vulnerability/vulnerability--49a61f57-43ad-42d0-a85e-a659a683c052.json new file mode 100644 index 00000000000..5045142672e --- /dev/null +++ b/objects/vulnerability/vulnerability--49a61f57-43ad-42d0-a85e-a659a683c052.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ebe5b40-5f2c-41c7-a983-442caf1c5cea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49a61f57-43ad-42d0-a85e-a659a683c052", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.126999Z", + "modified": "2024-11-28T00:39:22.126999Z", + "name": "CVE-2024-53260", + "description": "Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This could lead to leakage of information of students in the course roster by sending the data to a remote endpoint. This issue has been patched in the source code repository and the fix is expected to be released in the next version. Users are advised to manually patch their systems or to wait for the next release. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a540c0f-d1b8-403c-8387-30ce6e128a9b.json b/objects/vulnerability/vulnerability--4a540c0f-d1b8-403c-8387-30ce6e128a9b.json new file mode 100644 index 00000000000..6ca05f628a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a540c0f-d1b8-403c-8387-30ce6e128a9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4d0f1bd-c6ca-4d2f-ad2b-54c1d070ce09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a540c0f-d1b8-403c-8387-30ce6e128a9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.838072Z", + "modified": "2024-11-28T00:39:21.838072Z", + "name": "CVE-2024-11800", + "description": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d74826c-c69e-42d4-a3dd-3b8d694cd572.json b/objects/vulnerability/vulnerability--4d74826c-c69e-42d4-a3dd-3b8d694cd572.json new file mode 100644 index 00000000000..c241bb97f9b --- /dev/null +++ b/objects/vulnerability/vulnerability--4d74826c-c69e-42d4-a3dd-3b8d694cd572.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--481b7e95-741b-4dea-8f18-e97d0fe8c3b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d74826c-c69e-42d4-a3dd-3b8d694cd572", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.439511Z", + "modified": "2024-11-28T00:39:21.439511Z", + "name": "CVE-2024-9369", + "description": "Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--506fd795-f7b8-46a0-908c-f72960028eb3.json b/objects/vulnerability/vulnerability--506fd795-f7b8-46a0-908c-f72960028eb3.json new file mode 100644 index 00000000000..01ca3073bab --- /dev/null +++ b/objects/vulnerability/vulnerability--506fd795-f7b8-46a0-908c-f72960028eb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c54dee4-1eb8-4c6f-8569-a31fdccb3ffa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--506fd795-f7b8-46a0-908c-f72960028eb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.922265Z", + "modified": "2024-11-28T00:39:34.922265Z", + "name": "CVE-2018-9352", + "description": "In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9352" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5416b876-205b-4d79-812f-dab0616a3ba4.json b/objects/vulnerability/vulnerability--5416b876-205b-4d79-812f-dab0616a3ba4.json new file mode 100644 index 00000000000..0d85072588d --- /dev/null +++ b/objects/vulnerability/vulnerability--5416b876-205b-4d79-812f-dab0616a3ba4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47c54dfa-d5d8-49d1-b420-383884b6bd2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5416b876-205b-4d79-812f-dab0616a3ba4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.725892Z", + "modified": "2024-11-28T00:39:22.725892Z", + "name": "CVE-2024-54004", + "description": "Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54004" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56529271-d25d-4be0-998d-776000de2b4c.json b/objects/vulnerability/vulnerability--56529271-d25d-4be0-998d-776000de2b4c.json new file mode 100644 index 00000000000..9a95dfdda57 --- /dev/null +++ b/objects/vulnerability/vulnerability--56529271-d25d-4be0-998d-776000de2b4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79e81fa8-30ec-4a1e-a278-954a4ffd8004", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56529271-d25d-4be0-998d-776000de2b4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.809356Z", + "modified": "2024-11-28T00:39:21.809356Z", + "name": "CVE-2024-11667", + "description": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c8d421e-fb5f-4d7f-a635-7c0fde873c53.json b/objects/vulnerability/vulnerability--5c8d421e-fb5f-4d7f-a635-7c0fde873c53.json new file mode 100644 index 00000000000..003b6855609 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c8d421e-fb5f-4d7f-a635-7c0fde873c53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fbd3dbb9-69d4-49a5-b2f8-01851ef0b58c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c8d421e-fb5f-4d7f-a635-7c0fde873c53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.46961Z", + "modified": "2024-11-28T00:39:22.46961Z", + "name": "CVE-2024-41126", + "description": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41126" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5dd5501c-1dd7-47c9-bf1d-3e980d76d43f.json b/objects/vulnerability/vulnerability--5dd5501c-1dd7-47c9-bf1d-3e980d76d43f.json new file mode 100644 index 00000000000..01f742621d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--5dd5501c-1dd7-47c9-bf1d-3e980d76d43f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e94dee9-f32a-4627-a07f-461a089f6ada", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5dd5501c-1dd7-47c9-bf1d-3e980d76d43f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.411931Z", + "modified": "2024-11-28T00:39:22.411931Z", + "name": "CVE-2024-31976", + "description": "EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62d0a18c-7ddc-4b67-ba7c-401449d3782d.json b/objects/vulnerability/vulnerability--62d0a18c-7ddc-4b67-ba7c-401449d3782d.json new file mode 100644 index 00000000000..3ee0ce36d3e --- /dev/null +++ b/objects/vulnerability/vulnerability--62d0a18c-7ddc-4b67-ba7c-401449d3782d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbc6256b-4e52-4bee-8e5c-c6904a192968", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62d0a18c-7ddc-4b67-ba7c-401449d3782d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.844597Z", + "modified": "2024-11-28T00:39:21.844597Z", + "name": "CVE-2024-11802", + "description": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66b329ae-1a04-48ac-babb-569a85325f07.json b/objects/vulnerability/vulnerability--66b329ae-1a04-48ac-babb-569a85325f07.json new file mode 100644 index 00000000000..c9061024a23 --- /dev/null +++ b/objects/vulnerability/vulnerability--66b329ae-1a04-48ac-babb-569a85325f07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4c28861-5f60-4a41-94e3-4fb9cc638ecb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66b329ae-1a04-48ac-babb-569a85325f07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.923585Z", + "modified": "2024-11-28T00:39:34.923585Z", + "name": "CVE-2018-9351", + "description": "In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--680b357c-a7a3-4705-b17c-d22853efe425.json b/objects/vulnerability/vulnerability--680b357c-a7a3-4705-b17c-d22853efe425.json new file mode 100644 index 00000000000..0be6542b85d --- /dev/null +++ b/objects/vulnerability/vulnerability--680b357c-a7a3-4705-b17c-d22853efe425.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--999d3f6a-a100-43b6-b088-6ef77c36f355", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--680b357c-a7a3-4705-b17c-d22853efe425", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.893759Z", + "modified": "2024-11-28T00:39:34.893759Z", + "name": "CVE-2018-9374", + "description": "In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69b15f8f-1611-47f3-a136-fca87f2f0d7d.json b/objects/vulnerability/vulnerability--69b15f8f-1611-47f3-a136-fca87f2f0d7d.json new file mode 100644 index 00000000000..59a00de46ea --- /dev/null +++ b/objects/vulnerability/vulnerability--69b15f8f-1611-47f3-a136-fca87f2f0d7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--330ab920-40a2-4aea-9973-2cc3543f97ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69b15f8f-1611-47f3-a136-fca87f2f0d7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.824515Z", + "modified": "2024-11-28T00:39:21.824515Z", + "name": "CVE-2024-11791", + "description": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a2bdd29-2310-46c8-b6a3-d9216f641115.json b/objects/vulnerability/vulnerability--6a2bdd29-2310-46c8-b6a3-d9216f641115.json new file mode 100644 index 00000000000..67cfcae8bd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a2bdd29-2310-46c8-b6a3-d9216f641115.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd01fd1d-7959-440e-a7ce-fd0a9582931d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a2bdd29-2310-46c8-b6a3-d9216f641115", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.842775Z", + "modified": "2024-11-28T00:39:21.842775Z", + "name": "CVE-2024-11789", + "description": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fa3a9ad-d1b4-4c97-8d61-47c81032c303.json b/objects/vulnerability/vulnerability--6fa3a9ad-d1b4-4c97-8d61-47c81032c303.json new file mode 100644 index 00000000000..dc149e2544a --- /dev/null +++ b/objects/vulnerability/vulnerability--6fa3a9ad-d1b4-4c97-8d61-47c81032c303.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83391f54-3aec-4baf-b119-7e4c34fbc323", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fa3a9ad-d1b4-4c97-8d61-47c81032c303", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.138565Z", + "modified": "2024-11-28T00:39:23.138565Z", + "name": "CVE-2024-42327", + "description": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fb09801-4b1e-4172-962a-2f78548b2beb.json b/objects/vulnerability/vulnerability--6fb09801-4b1e-4172-962a-2f78548b2beb.json new file mode 100644 index 00000000000..a9c464f2895 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fb09801-4b1e-4172-962a-2f78548b2beb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddee866d-aab4-400f-a791-cc106f8768f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fb09801-4b1e-4172-962a-2f78548b2beb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.048127Z", + "modified": "2024-11-28T00:39:21.048127Z", + "name": "CVE-2024-51228", + "description": "An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75847b69-f57c-47ca-8723-6ffd954c42a4.json b/objects/vulnerability/vulnerability--75847b69-f57c-47ca-8723-6ffd954c42a4.json new file mode 100644 index 00000000000..25e05b4b44c --- /dev/null +++ b/objects/vulnerability/vulnerability--75847b69-f57c-47ca-8723-6ffd954c42a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c92f8b02-3e97-4078-bae5-2fae089b08e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75847b69-f57c-47ca-8723-6ffd954c42a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:32.985362Z", + "modified": "2024-11-28T00:39:32.985362Z", + "name": "CVE-2023-29001", + "description": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-29001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--776fddf3-3c4e-4f26-8daa-c2c26d4932b7.json b/objects/vulnerability/vulnerability--776fddf3-3c4e-4f26-8daa-c2c26d4932b7.json new file mode 100644 index 00000000000..9abc42a1d47 --- /dev/null +++ b/objects/vulnerability/vulnerability--776fddf3-3c4e-4f26-8daa-c2c26d4932b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--937cb95f-5b22-4c69-a21b-e89dbb04b982", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--776fddf3-3c4e-4f26-8daa-c2c26d4932b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.712623Z", + "modified": "2024-11-28T00:39:21.712623Z", + "name": "CVE-2024-7025", + "description": "Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7cf04352-ac3d-4469-bf33-0145e5d7e0e2.json b/objects/vulnerability/vulnerability--7cf04352-ac3d-4469-bf33-0145e5d7e0e2.json new file mode 100644 index 00000000000..83560d96a73 --- /dev/null +++ b/objects/vulnerability/vulnerability--7cf04352-ac3d-4469-bf33-0145e5d7e0e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c81ffdc6-919a-42a3-85ea-b0a35041f63a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7cf04352-ac3d-4469-bf33-0145e5d7e0e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.832977Z", + "modified": "2024-11-28T00:39:21.832977Z", + "name": "CVE-2024-11801", + "description": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--814b18b1-c6d0-485d-9a87-2d4c129f8d74.json b/objects/vulnerability/vulnerability--814b18b1-c6d0-485d-9a87-2d4c129f8d74.json new file mode 100644 index 00000000000..49a56074123 --- /dev/null +++ b/objects/vulnerability/vulnerability--814b18b1-c6d0-485d-9a87-2d4c129f8d74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b28cd0b-ecc5-4d0d-9898-03f6f56aa16a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--814b18b1-c6d0-485d-9a87-2d4c129f8d74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:20.600411Z", + "modified": "2024-11-28T00:39:20.600411Z", + "name": "CVE-2017-13319", + "description": "In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-13319" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81a67b5f-b307-4650-b1e2-ae98a72cb7d1.json b/objects/vulnerability/vulnerability--81a67b5f-b307-4650-b1e2-ae98a72cb7d1.json new file mode 100644 index 00000000000..e879dac4994 --- /dev/null +++ b/objects/vulnerability/vulnerability--81a67b5f-b307-4650-b1e2-ae98a72cb7d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39398493-fbd9-4edd-9b5c-387e39dfed42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81a67b5f-b307-4650-b1e2-ae98a72cb7d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.863477Z", + "modified": "2024-11-28T00:39:21.863477Z", + "name": "CVE-2024-11933", + "description": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11933" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--857db9eb-1cb4-4356-888c-d430bcdc27fd.json b/objects/vulnerability/vulnerability--857db9eb-1cb4-4356-888c-d430bcdc27fd.json new file mode 100644 index 00000000000..0f5cd2c7c6f --- /dev/null +++ b/objects/vulnerability/vulnerability--857db9eb-1cb4-4356-888c-d430bcdc27fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--606f2289-fe27-440c-8cb4-c507ded64cbd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--857db9eb-1cb4-4356-888c-d430bcdc27fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.921071Z", + "modified": "2024-11-28T00:39:34.921071Z", + "name": "CVE-2018-9349", + "description": "In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9349" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87e864db-0506-4f0f-ba23-79689e69e9bf.json b/objects/vulnerability/vulnerability--87e864db-0506-4f0f-ba23-79689e69e9bf.json new file mode 100644 index 00000000000..1c2050d69e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--87e864db-0506-4f0f-ba23-79689e69e9bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc5e172d-4491-4151-98f8-0c16b481d838", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87e864db-0506-4f0f-ba23-79689e69e9bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:20.574418Z", + "modified": "2024-11-28T00:39:20.574418Z", + "name": "CVE-2017-13316", + "description": "In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-13316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b5e1aa1-4dfa-4b1d-a34d-3f50d13db771.json b/objects/vulnerability/vulnerability--8b5e1aa1-4dfa-4b1d-a34d-3f50d13db771.json new file mode 100644 index 00000000000..6ec8b4332f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b5e1aa1-4dfa-4b1d-a34d-3f50d13db771.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7e8d0e4-ecd8-4a45-af01-418e4d26d64c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b5e1aa1-4dfa-4b1d-a34d-3f50d13db771", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.215655Z", + "modified": "2024-11-28T00:39:21.215655Z", + "name": "CVE-2024-52951", + "description": "Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52951" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d7a214d-bacc-40f9-99ff-c76d48ea1199.json b/objects/vulnerability/vulnerability--8d7a214d-bacc-40f9-99ff-c76d48ea1199.json new file mode 100644 index 00000000000..a52ac6d6e21 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d7a214d-bacc-40f9-99ff-c76d48ea1199.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34ff44f7-b0dd-426b-b24d-52ead9d251bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d7a214d-bacc-40f9-99ff-c76d48ea1199", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.078779Z", + "modified": "2024-11-28T00:39:23.078779Z", + "name": "CVE-2024-46055", + "description": "OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46055" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9164d418-7cd1-4575-95e7-101f25587afe.json b/objects/vulnerability/vulnerability--9164d418-7cd1-4575-95e7-101f25587afe.json new file mode 100644 index 00000000000..e6e5dee8a8f --- /dev/null +++ b/objects/vulnerability/vulnerability--9164d418-7cd1-4575-95e7-101f25587afe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c93d1a7d-3c1c-4c47-8b61-2aa348927d49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9164d418-7cd1-4575-95e7-101f25587afe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.895463Z", + "modified": "2024-11-28T00:39:34.895463Z", + "name": "CVE-2018-9353", + "description": "In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9353" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91f838db-0e66-444e-8cc5-fdf57798770f.json b/objects/vulnerability/vulnerability--91f838db-0e66-444e-8cc5-fdf57798770f.json new file mode 100644 index 00000000000..34b069f40ce --- /dev/null +++ b/objects/vulnerability/vulnerability--91f838db-0e66-444e-8cc5-fdf57798770f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be92eddc-defc-4962-ae58-cf2f99c0a978", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91f838db-0e66-444e-8cc5-fdf57798770f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.836505Z", + "modified": "2024-11-28T00:39:21.836505Z", + "name": "CVE-2024-11862", + "description": "Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11862" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92b2ffea-2f3b-47a2-b2b2-7e40385c05dc.json b/objects/vulnerability/vulnerability--92b2ffea-2f3b-47a2-b2b2-7e40385c05dc.json new file mode 100644 index 00000000000..7b8ccea325f --- /dev/null +++ b/objects/vulnerability/vulnerability--92b2ffea-2f3b-47a2-b2b2-7e40385c05dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f55453ca-bce1-4673-ad79-b8bf0abfeaef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92b2ffea-2f3b-47a2-b2b2-7e40385c05dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.095634Z", + "modified": "2024-11-28T00:39:22.095634Z", + "name": "CVE-2024-53676", + "description": "A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9304b836-a31d-4d4b-a135-245cee7b8b62.json b/objects/vulnerability/vulnerability--9304b836-a31d-4d4b-a135-245cee7b8b62.json new file mode 100644 index 00000000000..56d32ed444e --- /dev/null +++ b/objects/vulnerability/vulnerability--9304b836-a31d-4d4b-a135-245cee7b8b62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--792555c8-9024-4b10-8378-34f7b3670522", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9304b836-a31d-4d4b-a135-245cee7b8b62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.802668Z", + "modified": "2024-11-28T00:39:21.802668Z", + "name": "CVE-2024-11083", + "description": "The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11083" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a11e5e8-ece4-44ba-a4ce-ce0099a02bac.json b/objects/vulnerability/vulnerability--9a11e5e8-ece4-44ba-a4ce-ce0099a02bac.json new file mode 100644 index 00000000000..ee3bbb7a516 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a11e5e8-ece4-44ba-a4ce-ce0099a02bac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--486a0374-47f7-4541-b81b-e54afabdfe69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a11e5e8-ece4-44ba-a4ce-ce0099a02bac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.849946Z", + "modified": "2024-11-28T00:39:21.849946Z", + "name": "CVE-2024-11787", + "description": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11787" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d467bda-8ac7-4613-b268-463fdcd615e5.json b/objects/vulnerability/vulnerability--9d467bda-8ac7-4613-b268-463fdcd615e5.json new file mode 100644 index 00000000000..fab6590a39b --- /dev/null +++ b/objects/vulnerability/vulnerability--9d467bda-8ac7-4613-b268-463fdcd615e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f19da45-50e7-4f8a-ba94-dfe8dcbbfa07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d467bda-8ac7-4613-b268-463fdcd615e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.806907Z", + "modified": "2024-11-28T00:39:21.806907Z", + "name": "CVE-2024-11795", + "description": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d89ef29-1750-4860-9a20-16e9b56eec54.json b/objects/vulnerability/vulnerability--9d89ef29-1750-4860-9a20-16e9b56eec54.json new file mode 100644 index 00000000000..ce215fa8441 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d89ef29-1750-4860-9a20-16e9b56eec54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e8bf547-f90e-4db7-8a77-f2a63bfbca78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d89ef29-1750-4860-9a20-16e9b56eec54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.127965Z", + "modified": "2024-11-28T00:39:22.127965Z", + "name": "CVE-2024-53855", + "description": "Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a \"ticket type\" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53855" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a11acc95-16de-4c27-8a15-e7a474e6a6a6.json b/objects/vulnerability/vulnerability--a11acc95-16de-4c27-8a15-e7a474e6a6a6.json new file mode 100644 index 00000000000..98799e7e24c --- /dev/null +++ b/objects/vulnerability/vulnerability--a11acc95-16de-4c27-8a15-e7a474e6a6a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8ba127d-6c13-49cd-b812-f83efcd4e106", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a11acc95-16de-4c27-8a15-e7a474e6a6a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.795778Z", + "modified": "2024-11-28T00:39:21.795778Z", + "name": "CVE-2024-11820", + "description": "A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1cfe49d-3224-4509-a2e0-454b64cb585a.json b/objects/vulnerability/vulnerability--a1cfe49d-3224-4509-a2e0-454b64cb585a.json new file mode 100644 index 00000000000..17e9437bd19 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1cfe49d-3224-4509-a2e0-454b64cb585a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9576b932-effa-49c5-a222-8538ce5419f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1cfe49d-3224-4509-a2e0-454b64cb585a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.132309Z", + "modified": "2024-11-28T00:39:23.132309Z", + "name": "CVE-2024-42326", + "description": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a285cd3d-11a7-46ba-8581-283ab26d6e83.json b/objects/vulnerability/vulnerability--a285cd3d-11a7-46ba-8581-283ab26d6e83.json new file mode 100644 index 00000000000..d2ece6a0855 --- /dev/null +++ b/objects/vulnerability/vulnerability--a285cd3d-11a7-46ba-8581-283ab26d6e83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be30f091-f46c-4347-aa66-b9767aa06e71", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a285cd3d-11a7-46ba-8581-283ab26d6e83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.813551Z", + "modified": "2024-11-28T00:39:21.813551Z", + "name": "CVE-2024-11792", + "description": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8aaf612-433d-4440-8f90-265d23b9f1d1.json b/objects/vulnerability/vulnerability--a8aaf612-433d-4440-8f90-265d23b9f1d1.json new file mode 100644 index 00000000000..ba4404b0761 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8aaf612-433d-4440-8f90-265d23b9f1d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2082b10c-d054-47a5-8873-d7fcc0e4c8d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8aaf612-433d-4440-8f90-265d23b9f1d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.91812Z", + "modified": "2024-11-28T00:39:34.91812Z", + "name": "CVE-2018-9354", + "description": "In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9354" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a95870ff-a2f6-423d-abf4-1d8c5eafebba.json b/objects/vulnerability/vulnerability--a95870ff-a2f6-423d-abf4-1d8c5eafebba.json new file mode 100644 index 00000000000..8b0abdbd0aa --- /dev/null +++ b/objects/vulnerability/vulnerability--a95870ff-a2f6-423d-abf4-1d8c5eafebba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--062303eb-0a49-4117-8a50-be2cdd008d84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a95870ff-a2f6-423d-abf4-1d8c5eafebba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.470865Z", + "modified": "2024-11-28T00:39:22.470865Z", + "name": "CVE-2024-41125", + "description": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41125" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa3ee7ed-6f9d-4a8c-8c06-9158ecf26900.json b/objects/vulnerability/vulnerability--aa3ee7ed-6f9d-4a8c-8c06-9158ecf26900.json new file mode 100644 index 00000000000..9289920747e --- /dev/null +++ b/objects/vulnerability/vulnerability--aa3ee7ed-6f9d-4a8c-8c06-9158ecf26900.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d906566-30b7-42ff-8966-f97e30df74b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa3ee7ed-6f9d-4a8c-8c06-9158ecf26900", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.150407Z", + "modified": "2024-11-28T00:39:23.150407Z", + "name": "CVE-2024-42332", + "description": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42332" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aafdebd0-b406-44e1-a25c-9a690e32b38b.json b/objects/vulnerability/vulnerability--aafdebd0-b406-44e1-a25c-9a690e32b38b.json new file mode 100644 index 00000000000..c6721b56902 --- /dev/null +++ b/objects/vulnerability/vulnerability--aafdebd0-b406-44e1-a25c-9a690e32b38b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1177d0af-4b45-4a8c-bb13-1fd14514a8b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aafdebd0-b406-44e1-a25c-9a690e32b38b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.142925Z", + "modified": "2024-11-28T00:39:23.142925Z", + "name": "CVE-2024-42329", + "description": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad8efe78-50a1-471e-8339-4ddfa1344d17.json b/objects/vulnerability/vulnerability--ad8efe78-50a1-471e-8339-4ddfa1344d17.json new file mode 100644 index 00000000000..570835c7be7 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad8efe78-50a1-471e-8339-4ddfa1344d17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--460a008d-9db2-495a-9fea-9d0fe5b12091", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad8efe78-50a1-471e-8339-4ddfa1344d17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.251209Z", + "modified": "2024-11-28T00:39:21.251209Z", + "name": "CVE-2024-52958", + "description": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52958" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae69eacf-40c1-465a-98b6-a01350550a46.json b/objects/vulnerability/vulnerability--ae69eacf-40c1-465a-98b6-a01350550a46.json new file mode 100644 index 00000000000..815fca6d363 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae69eacf-40c1-465a-98b6-a01350550a46.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c82b6b4-c26b-479d-8149-d43569e42823", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae69eacf-40c1-465a-98b6-a01350550a46", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.116005Z", + "modified": "2024-11-28T00:39:22.116005Z", + "name": "CVE-2024-53603", + "description": "A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3d3f773-1c2e-43c5-a349-0c93533bd400.json b/objects/vulnerability/vulnerability--b3d3f773-1c2e-43c5-a349-0c93533bd400.json new file mode 100644 index 00000000000..4743d226122 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3d3f773-1c2e-43c5-a349-0c93533bd400.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8086c131-33be-4606-af0a-c7999919431e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3d3f773-1c2e-43c5-a349-0c93533bd400", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.093754Z", + "modified": "2024-11-28T00:39:23.093754Z", + "name": "CVE-2024-42331", + "description": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b646a0cb-bda1-4d11-b33f-9ad993e95233.json b/objects/vulnerability/vulnerability--b646a0cb-bda1-4d11-b33f-9ad993e95233.json new file mode 100644 index 00000000000..9f10747d3cf --- /dev/null +++ b/objects/vulnerability/vulnerability--b646a0cb-bda1-4d11-b33f-9ad993e95233.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31741679-d86c-483b-8135-335e7d198d19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b646a0cb-bda1-4d11-b33f-9ad993e95233", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.530907Z", + "modified": "2024-11-28T00:39:22.530907Z", + "name": "CVE-2024-21703", + "description": "This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations.\n\n\n\nThis Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\n\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 \n* Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5\n* Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2\n* Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0\n\n\n\nSee the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). \n\nThis vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21703" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8fd3e77-03f6-4a3e-9c41-eb5623ef1e40.json b/objects/vulnerability/vulnerability--b8fd3e77-03f6-4a3e-9c41-eb5623ef1e40.json new file mode 100644 index 00000000000..46f0277bf92 --- /dev/null +++ b/objects/vulnerability/vulnerability--b8fd3e77-03f6-4a3e-9c41-eb5623ef1e40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52b23841-78b2-4741-96c2-fb99b54ee2a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8fd3e77-03f6-4a3e-9c41-eb5623ef1e40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.1178Z", + "modified": "2024-11-28T00:39:22.1178Z", + "name": "CVE-2024-53858", + "description": "The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, and `gh pr checkout`. These GitHub CLI commands invoke git with instructions to retrieve authentication tokens using the `credential.helper` configuration variable for any host encountered. Prior to version `2.63.0`, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: 1. `GITHUB_ENTERPRISE_TOKEN`, 2. `GH_ENTERPRISE_TOKEN` and 3. `GITHUB_TOKEN` when the `CODESPACES` environment variable is set. The result being `git` sending authentication tokens when cloning submodules. In version `2.63.0`, these GitHub CLI commands will limit the hosts for which `gh` acts as a credential helper to source authentication tokens. Additionally, `GITHUB_TOKEN` will only be used for GitHub.com and ghe.com. Users are advised to upgrade. Additionally users are advised to revoke authentication tokens used with the GitHub CLI and to review their personal security log and any relevant audit logs for actions associated with their account or enterprise", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53858" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9e85ce6-c1cf-4fda-bdb7-890274f13bbc.json b/objects/vulnerability/vulnerability--b9e85ce6-c1cf-4fda-bdb7-890274f13bbc.json new file mode 100644 index 00000000000..50d9c1abeea --- /dev/null +++ b/objects/vulnerability/vulnerability--b9e85ce6-c1cf-4fda-bdb7-890274f13bbc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f9f46f3-2b64-4d84-be92-50f6cedb3990", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9e85ce6-c1cf-4fda-bdb7-890274f13bbc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.136338Z", + "modified": "2024-11-28T00:39:22.136338Z", + "name": "CVE-2024-53635", + "description": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb8b2971-158a-4a69-ac5c-cdd6e1bc475a.json b/objects/vulnerability/vulnerability--bb8b2971-158a-4a69-ac5c-cdd6e1bc475a.json new file mode 100644 index 00000000000..29fdfba4746 --- /dev/null +++ b/objects/vulnerability/vulnerability--bb8b2971-158a-4a69-ac5c-cdd6e1bc475a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1154176-cdfb-4461-9b89-fe685bc58a32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb8b2971-158a-4a69-ac5c-cdd6e1bc475a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.851721Z", + "modified": "2024-11-28T00:39:21.851721Z", + "name": "CVE-2024-11798", + "description": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c150078c-b727-49ae-a98b-3e778b7149c5.json b/objects/vulnerability/vulnerability--c150078c-b727-49ae-a98b-3e778b7149c5.json new file mode 100644 index 00000000000..5fbf2950e3c --- /dev/null +++ b/objects/vulnerability/vulnerability--c150078c-b727-49ae-a98b-3e778b7149c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da1aaa52-b13a-414c-a4d3-e90d34c9cbdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c150078c-b727-49ae-a98b-3e778b7149c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.821269Z", + "modified": "2024-11-28T00:39:21.821269Z", + "name": "CVE-2024-11803", + "description": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c41f5b35-0ec6-420c-9198-0a9bfb7b83d6.json b/objects/vulnerability/vulnerability--c41f5b35-0ec6-420c-9198-0a9bfb7b83d6.json new file mode 100644 index 00000000000..8691ddfd665 --- /dev/null +++ b/objects/vulnerability/vulnerability--c41f5b35-0ec6-420c-9198-0a9bfb7b83d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3750c84a-1a2d-4c3c-8a79-b685f17c86cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c41f5b35-0ec6-420c-9198-0a9bfb7b83d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.522189Z", + "modified": "2024-11-28T00:39:21.522189Z", + "name": "CVE-2024-47181", + "description": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7424481-e005-4209-99b4-81b4dc9de8ea.json b/objects/vulnerability/vulnerability--c7424481-e005-4209-99b4-81b4dc9de8ea.json new file mode 100644 index 00000000000..be887815ed5 --- /dev/null +++ b/objects/vulnerability/vulnerability--c7424481-e005-4209-99b4-81b4dc9de8ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20a55505-4f61-4fe1-a53a-5fa5c2a0d0ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7424481-e005-4209-99b4-81b4dc9de8ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:20.602792Z", + "modified": "2024-11-28T00:39:20.602792Z", + "name": "CVE-2017-13321", + "description": "In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-13321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce02435c-940e-46b2-a240-a52eb6f1f977.json b/objects/vulnerability/vulnerability--ce02435c-940e-46b2-a240-a52eb6f1f977.json new file mode 100644 index 00000000000..10f4bc6ab6f --- /dev/null +++ b/objects/vulnerability/vulnerability--ce02435c-940e-46b2-a240-a52eb6f1f977.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4c3b40d-5c59-43c6-a608-835a97b2df65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce02435c-940e-46b2-a240-a52eb6f1f977", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.37097Z", + "modified": "2024-11-28T00:39:21.37097Z", + "name": "CVE-2024-10895", + "description": "The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10895" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce278b9b-8816-4d43-b8bd-22eb739ce28a.json b/objects/vulnerability/vulnerability--ce278b9b-8816-4d43-b8bd-22eb739ce28a.json new file mode 100644 index 00000000000..4f1e25a08d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce278b9b-8816-4d43-b8bd-22eb739ce28a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd0a0c86-23da-4da0-b7cb-0d3c4c0d09eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce278b9b-8816-4d43-b8bd-22eb739ce28a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:34.891744Z", + "modified": "2024-11-28T00:39:34.891744Z", + "name": "CVE-2018-9350", + "description": "In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-9350" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf69a794-abc4-4acd-8a88-ee23f6d66acf.json b/objects/vulnerability/vulnerability--cf69a794-abc4-4acd-8a88-ee23f6d66acf.json new file mode 100644 index 00000000000..4bed0bcbcbc --- /dev/null +++ b/objects/vulnerability/vulnerability--cf69a794-abc4-4acd-8a88-ee23f6d66acf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8aa3f62-2759-4abf-a382-94297b4b622d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf69a794-abc4-4acd-8a88-ee23f6d66acf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.80835Z", + "modified": "2024-11-28T00:39:21.80835Z", + "name": "CVE-2024-11796", + "description": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d123f898-88e4-4cfd-8c44-a8d8581fdde3.json b/objects/vulnerability/vulnerability--d123f898-88e4-4cfd-8c44-a8d8581fdde3.json new file mode 100644 index 00000000000..e26460ffaf9 --- /dev/null +++ b/objects/vulnerability/vulnerability--d123f898-88e4-4cfd-8c44-a8d8581fdde3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5177f37d-068a-4791-9259-2bacf181cfa0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d123f898-88e4-4cfd-8c44-a8d8581fdde3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.727716Z", + "modified": "2024-11-28T00:39:22.727716Z", + "name": "CVE-2024-54003", + "description": "Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d503eb41-9557-4765-9819-b11bcc769ea6.json b/objects/vulnerability/vulnerability--d503eb41-9557-4765-9819-b11bcc769ea6.json new file mode 100644 index 00000000000..514a8fdcb09 --- /dev/null +++ b/objects/vulnerability/vulnerability--d503eb41-9557-4765-9819-b11bcc769ea6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe0c3172-a288-4f95-a2e4-730b007d7a92", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d503eb41-9557-4765-9819-b11bcc769ea6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.125735Z", + "modified": "2024-11-28T00:39:22.125735Z", + "name": "CVE-2024-53860", + "description": "sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53860" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d55eb1c9-2fec-4071-9f6e-aa3793f01192.json b/objects/vulnerability/vulnerability--d55eb1c9-2fec-4071-9f6e-aa3793f01192.json new file mode 100644 index 00000000000..ace9dfd00a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--d55eb1c9-2fec-4071-9f6e-aa3793f01192.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8dcfc4a5-f555-46cc-b975-551783d52e51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d55eb1c9-2fec-4071-9f6e-aa3793f01192", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:23.024346Z", + "modified": "2024-11-28T00:39:23.024346Z", + "name": "CVE-2024-36467", + "description": "An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8f1dd91-a88a-4080-bfcc-1a591169de01.json b/objects/vulnerability/vulnerability--d8f1dd91-a88a-4080-bfcc-1a591169de01.json new file mode 100644 index 00000000000..bc176974ccc --- /dev/null +++ b/objects/vulnerability/vulnerability--d8f1dd91-a88a-4080-bfcc-1a591169de01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e17fc5c3-7dcd-4b82-aa08-2023c98104af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8f1dd91-a88a-4080-bfcc-1a591169de01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:20.549873Z", + "modified": "2024-11-28T00:39:20.549873Z", + "name": "CVE-2017-13323", + "description": "In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2017-13323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dad1f50b-9b6f-401d-9800-45335b9de384.json b/objects/vulnerability/vulnerability--dad1f50b-9b6f-401d-9800-45335b9de384.json new file mode 100644 index 00000000000..95fc1cfa9dc --- /dev/null +++ b/objects/vulnerability/vulnerability--dad1f50b-9b6f-401d-9800-45335b9de384.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ff63b92-a715-47c6-9eb7-662639b663db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dad1f50b-9b6f-401d-9800-45335b9de384", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.341534Z", + "modified": "2024-11-28T00:39:21.341534Z", + "name": "CVE-2024-10521", + "description": "The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10521" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e76d5e14-0bbb-487e-acaf-c7ec11576528.json b/objects/vulnerability/vulnerability--e76d5e14-0bbb-487e-acaf-c7ec11576528.json new file mode 100644 index 00000000000..bee869d9810 --- /dev/null +++ b/objects/vulnerability/vulnerability--e76d5e14-0bbb-487e-acaf-c7ec11576528.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d0a9551-fe39-4174-807c-9b26d7716ef7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e76d5e14-0bbb-487e-acaf-c7ec11576528", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.220842Z", + "modified": "2024-11-28T00:39:21.220842Z", + "name": "CVE-2024-52959", + "description": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52959" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e782c835-5e59-4376-b437-3f084131070c.json b/objects/vulnerability/vulnerability--e782c835-5e59-4376-b437-3f084131070c.json new file mode 100644 index 00000000000..7738c277af4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e782c835-5e59-4376-b437-3f084131070c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2fc29d8-1a58-4349-8faa-4d0e6e162fc0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e782c835-5e59-4376-b437-3f084131070c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.830266Z", + "modified": "2024-11-28T00:39:21.830266Z", + "name": "CVE-2024-11799", + "description": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebf3c556-d282-405f-9d66-29e9b67b8c34.json b/objects/vulnerability/vulnerability--ebf3c556-d282-405f-9d66-29e9b67b8c34.json new file mode 100644 index 00000000000..cea3c42f652 --- /dev/null +++ b/objects/vulnerability/vulnerability--ebf3c556-d282-405f-9d66-29e9b67b8c34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e3a0187-3d6b-4854-a4e3-fde0ecd46db9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebf3c556-d282-405f-9d66-29e9b67b8c34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.853331Z", + "modified": "2024-11-28T00:39:21.853331Z", + "name": "CVE-2024-11793", + "description": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee7456b3-f867-4863-bfd0-7faa55e87b36.json b/objects/vulnerability/vulnerability--ee7456b3-f867-4863-bfd0-7faa55e87b36.json new file mode 100644 index 00000000000..e0d0118a8e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee7456b3-f867-4863-bfd0-7faa55e87b36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4fd5544-b45d-4bf5-a196-ef4c7dfec084", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee7456b3-f867-4863-bfd0-7faa55e87b36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.105082Z", + "modified": "2024-11-28T00:39:22.105082Z", + "name": "CVE-2024-53264", + "description": "bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the \"next\" parameter. The loading endpoint accepts and uses an unvalidated \"next\" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53264" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f24d2e5a-99d1-47ba-b989-b8f995f4cae4.json b/objects/vulnerability/vulnerability--f24d2e5a-99d1-47ba-b989-b8f995f4cae4.json new file mode 100644 index 00000000000..ab7f5d3b403 --- /dev/null +++ b/objects/vulnerability/vulnerability--f24d2e5a-99d1-47ba-b989-b8f995f4cae4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28f6d994-b000-4c6a-96d0-8bcf91ccc2a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f24d2e5a-99d1-47ba-b989-b8f995f4cae4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.119764Z", + "modified": "2024-11-28T00:39:22.119764Z", + "name": "CVE-2024-53920", + "description": "In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f293b536-8bff-4d6d-ac51-5065503226f3.json b/objects/vulnerability/vulnerability--f293b536-8bff-4d6d-ac51-5065503226f3.json new file mode 100644 index 00000000000..673a029240c --- /dev/null +++ b/objects/vulnerability/vulnerability--f293b536-8bff-4d6d-ac51-5065503226f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb185936-7aee-4413-9567-2e371750746f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f293b536-8bff-4d6d-ac51-5065503226f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:21.365117Z", + "modified": "2024-11-28T00:39:21.365117Z", + "name": "CVE-2024-10175", + "description": "The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5710f6d-2721-4d76-91c0-643260696cab.json b/objects/vulnerability/vulnerability--f5710f6d-2721-4d76-91c0-643260696cab.json new file mode 100644 index 00000000000..d31a93afbcf --- /dev/null +++ b/objects/vulnerability/vulnerability--f5710f6d-2721-4d76-91c0-643260696cab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--948e75e1-49b4-47c2-81ba-e758573d551c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5710f6d-2721-4d76-91c0-643260696cab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.094243Z", + "modified": "2024-11-28T00:39:22.094243Z", + "name": "CVE-2024-53859", + "description": "go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on the host involved: 1. `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com and 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server. Prior to version `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when within a codespace. In version `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. Successful exploitation could send authentication token to an unintended host. This issue has been addressed in version 2.11.1 and all users are advised to upgrade. Users are also advised to regenerate authentication tokens and to review their personal security log and any relevant audit logs for actions associated with their account or enterprise.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f91691dc-ddf7-47df-9bc6-1842dd95d97c.json b/objects/vulnerability/vulnerability--f91691dc-ddf7-47df-9bc6-1842dd95d97c.json new file mode 100644 index 00000000000..77460a7aacf --- /dev/null +++ b/objects/vulnerability/vulnerability--f91691dc-ddf7-47df-9bc6-1842dd95d97c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9229d74-e217-456e-b4c5-20c9a2572985", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f91691dc-ddf7-47df-9bc6-1842dd95d97c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.646893Z", + "modified": "2024-11-28T00:39:22.646893Z", + "name": "CVE-2024-37816", + "description": "Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37816" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9c1e21c-f6dd-4ea0-b860-99b779d6ee23.json b/objects/vulnerability/vulnerability--f9c1e21c-f6dd-4ea0-b860-99b779d6ee23.json new file mode 100644 index 00000000000..44adf5afc8d --- /dev/null +++ b/objects/vulnerability/vulnerability--f9c1e21c-f6dd-4ea0-b860-99b779d6ee23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a84541d-061c-424d-8330-2175f16eeb01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9c1e21c-f6dd-4ea0-b860-99b779d6ee23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-28T00:39:22.980776Z", + "modified": "2024-11-28T00:39:22.980776Z", + "name": "CVE-2024-36468", + "description": "The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36468" + } + ] + } + ] +} \ No newline at end of file