From 6d739136195c46d779df176a6822eeb20d7f05ec Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 17 Feb 2024 00:27:15 +0000 Subject: [PATCH] generated content from 2024-02-17 --- mapping.csv | 52 +++++++++++++++++++ ...-08d48d16-570e-43e6-921f-ad10be874ee8.json | 22 ++++++++ ...-0904e0fa-533a-423b-aded-3f74d9979668.json | 22 ++++++++ ...-09351291-b941-4202-87cf-9a1fae6035a4.json | 22 ++++++++ ...-1feb4342-ec6f-4510-aca6-6bed80138eed.json | 22 ++++++++ ...-21ac3178-965d-438e-964b-9f2373131ba7.json | 22 ++++++++ ...-23f934ee-38f6-4f6c-8703-1a81e32846c9.json | 22 ++++++++ ...-26225779-5145-4bac-a25a-caa331269d1e.json | 22 ++++++++ ...-29551eeb-f5b2-4ec8-8c1e-969f72edae23.json | 22 ++++++++ ...-39084c2d-996b-4d60-aac9-325474c9b32b.json | 22 ++++++++ ...-3ff8ce40-6036-400d-ad1f-7da4cf97b7c7.json | 22 ++++++++ ...-45b78b01-3140-4ca7-8933-72752304d248.json | 22 ++++++++ ...-4902054b-28f1-4b69-ad50-6766495c13d5.json | 22 ++++++++ ...-5735dfb4-a25b-413c-9b33-802ce220855c.json | 22 ++++++++ ...-6577ae1f-83a1-4824-a351-266b1833ce22.json | 22 ++++++++ ...-6579f117-c40e-4688-9564-6f69079799e4.json | 22 ++++++++ ...-65eac96a-a194-4aef-be30-aaaaf31a75aa.json | 22 ++++++++ ...-6656e3ae-d5b3-4f9e-8c9f-6c322c271c67.json | 22 ++++++++ ...-69d2617e-b661-419d-b652-0ae8b9801236.json | 22 ++++++++ ...-6ea75eb6-d082-42a2-a9e6-8b489dec8c9d.json | 22 ++++++++ ...-70d0e33e-d603-4b1a-8a03-3cc539e479de.json | 22 ++++++++ ...-71b50b4c-ae7a-4748-8de4-7c8f2a04847f.json | 22 ++++++++ ...-756d2bf1-ca3d-4750-a2a3-37ea0d0589fa.json | 22 ++++++++ ...-7dcca52a-6786-4034-b9e2-4b1c0b35c2b4.json | 22 ++++++++ ...-8409d5b1-a518-472b-8bde-4279ca73c33a.json | 22 ++++++++ ...-87c03bc2-d304-4bba-84b8-2e9b7e3fc391.json | 22 ++++++++ ...-882a20ff-97f9-4632-8f73-af0515c11b83.json | 22 ++++++++ ...-8e8a9635-7504-4c1b-92aa-21389355faf8.json | 22 ++++++++ ...-8f4586f0-9ede-4881-af31-535b9d1b01bf.json | 22 ++++++++ ...-93c6aa1a-65eb-412e-a497-d6704f05eef3.json | 22 ++++++++ ...-996d576c-cc6e-424f-bb7b-ea72eeef91a3.json | 22 ++++++++ ...-9a7fa972-a3d3-4990-8fb3-b43f14447dc4.json | 22 ++++++++ ...-9e994e97-0486-46d3-8ffa-1366b08015a4.json | 22 ++++++++ ...-9f322d53-0dc6-4a00-b967-75858e383313.json | 22 ++++++++ ...-aba8bc9f-5ae8-465b-af00-697c07645e20.json | 22 ++++++++ ...-ad12cf80-b1fe-49fe-9419-15aa8348af5c.json | 22 ++++++++ ...-ae364f73-3ce7-443e-94fb-e0bd3f0bd995.json | 22 ++++++++ ...-ae8d83f1-3af6-4cbc-afbc-df4785ebd26d.json | 22 ++++++++ ...-afb50c34-0cb0-4710-99dd-3fea2c2cc938.json | 22 ++++++++ ...-b8a1d5b7-5871-4486-8517-371ced8450f7.json | 22 ++++++++ ...-c864472f-0bb1-465f-a4dd-ec37b91b04b6.json | 22 ++++++++ ...-cde89034-0039-4026-94aa-d775bd950238.json | 22 ++++++++ ...-d07bc693-7735-4c92-bc3e-fb46c8b07f89.json | 22 ++++++++ ...-dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b.json | 22 ++++++++ ...-df82b56a-a7c4-4ed7-9abd-c6179602a74a.json | 22 ++++++++ ...-e216f36a-6e39-461a-887b-c6debd6733fb.json | 22 ++++++++ ...-e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491.json | 22 ++++++++ ...-e59d1781-fb43-446a-b9ad-f64f5305d33d.json | 22 ++++++++ ...-e9698784-5f88-4143-97ca-3af8a76e8d7b.json | 22 ++++++++ ...-ea0285bf-b7a7-423c-b23b-bd10bca55000.json | 22 ++++++++ ...-edc13731-1047-4c00-bb6a-bc036665ee07.json | 22 ++++++++ ...-ee0f0869-2097-4eb0-9afd-102e29da915a.json | 22 ++++++++ ...-f93748ad-2553-451c-a8cf-2cb4fcc194e5.json | 22 ++++++++ 53 files changed, 1196 insertions(+) create mode 100644 objects/vulnerability/vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8.json create mode 100644 objects/vulnerability/vulnerability--0904e0fa-533a-423b-aded-3f74d9979668.json create mode 100644 objects/vulnerability/vulnerability--09351291-b941-4202-87cf-9a1fae6035a4.json create mode 100644 objects/vulnerability/vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed.json create mode 100644 objects/vulnerability/vulnerability--21ac3178-965d-438e-964b-9f2373131ba7.json create mode 100644 objects/vulnerability/vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9.json create mode 100644 objects/vulnerability/vulnerability--26225779-5145-4bac-a25a-caa331269d1e.json create mode 100644 objects/vulnerability/vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23.json create mode 100644 objects/vulnerability/vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b.json create mode 100644 objects/vulnerability/vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7.json create mode 100644 objects/vulnerability/vulnerability--45b78b01-3140-4ca7-8933-72752304d248.json create mode 100644 objects/vulnerability/vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5.json create mode 100644 objects/vulnerability/vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c.json create mode 100644 objects/vulnerability/vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22.json create mode 100644 objects/vulnerability/vulnerability--6579f117-c40e-4688-9564-6f69079799e4.json create mode 100644 objects/vulnerability/vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa.json create mode 100644 objects/vulnerability/vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67.json create mode 100644 objects/vulnerability/vulnerability--69d2617e-b661-419d-b652-0ae8b9801236.json create mode 100644 objects/vulnerability/vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d.json create mode 100644 objects/vulnerability/vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de.json create mode 100644 objects/vulnerability/vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f.json create mode 100644 objects/vulnerability/vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa.json create mode 100644 objects/vulnerability/vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4.json create mode 100644 objects/vulnerability/vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a.json create mode 100644 objects/vulnerability/vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391.json create mode 100644 objects/vulnerability/vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83.json create mode 100644 objects/vulnerability/vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8.json create mode 100644 objects/vulnerability/vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf.json create mode 100644 objects/vulnerability/vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3.json create mode 100644 objects/vulnerability/vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3.json create mode 100644 objects/vulnerability/vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4.json create mode 100644 objects/vulnerability/vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4.json create mode 100644 objects/vulnerability/vulnerability--9f322d53-0dc6-4a00-b967-75858e383313.json create mode 100644 objects/vulnerability/vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20.json create mode 100644 objects/vulnerability/vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c.json create mode 100644 objects/vulnerability/vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995.json create mode 100644 objects/vulnerability/vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d.json create mode 100644 objects/vulnerability/vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938.json create mode 100644 objects/vulnerability/vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7.json create mode 100644 objects/vulnerability/vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6.json create mode 100644 objects/vulnerability/vulnerability--cde89034-0039-4026-94aa-d775bd950238.json create mode 100644 objects/vulnerability/vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89.json create mode 100644 objects/vulnerability/vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b.json create mode 100644 objects/vulnerability/vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a.json create mode 100644 objects/vulnerability/vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb.json create mode 100644 objects/vulnerability/vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491.json create mode 100644 objects/vulnerability/vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d.json create mode 100644 objects/vulnerability/vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b.json create mode 100644 objects/vulnerability/vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000.json create mode 100644 objects/vulnerability/vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07.json create mode 100644 objects/vulnerability/vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a.json create mode 100644 objects/vulnerability/vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5.json diff --git a/mapping.csv b/mapping.csv index 52bfe9c30b2..50334af3a8e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -225596,3 +225596,55 @@ vulnerability,CVE-2022-23088,vulnerability--f0f79f1f-1d05-4ad6-98ac-9b62d1487ca0 vulnerability,CVE-2022-23090,vulnerability--b510e7b6-07ad-475b-a627-457f8fb9afc3 vulnerability,CVE-2022-23086,vulnerability--0b1bd7c9-c45a-4edf-9081-4604e7200ce0 vulnerability,CVE-2022-23092,vulnerability--502b3f15-de2a-45e9-888f-f4c2338b9c57 +vulnerability,CVE-2023-40085,vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89 +vulnerability,CVE-2023-40093,vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67 +vulnerability,CVE-2023-40122,vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22 +vulnerability,CVE-2023-49508,vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c +vulnerability,CVE-2023-45918,vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf +vulnerability,CVE-2023-45860,vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a +vulnerability,CVE-2023-6451,vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b +vulnerability,CVE-2023-51931,vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23 +vulnerability,CVE-2023-21165,vulnerability--6579f117-c40e-4688-9564-6f69079799e4 +vulnerability,CVE-2024-22425,vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000 +vulnerability,CVE-2024-22854,vulnerability--cde89034-0039-4026-94aa-d775bd950238 +vulnerability,CVE-2024-22426,vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de +vulnerability,CVE-2024-1591,vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7 +vulnerability,CVE-2024-1342,vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391 +vulnerability,CVE-2024-23591,vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b +vulnerability,CVE-2024-0019,vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7 +vulnerability,CVE-2024-0041,vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4 +vulnerability,CVE-2024-0021,vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c +vulnerability,CVE-2024-0031,vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa +vulnerability,CVE-2024-0038,vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d +vulnerability,CVE-2024-0037,vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a +vulnerability,CVE-2024-0033,vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4 +vulnerability,CVE-2024-0036,vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5 +vulnerability,CVE-2024-0029,vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d +vulnerability,CVE-2024-0017,vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995 +vulnerability,CVE-2024-0032,vulnerability--21ac3178-965d-438e-964b-9f2373131ba7 +vulnerability,CVE-2024-0018,vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83 +vulnerability,CVE-2024-0030,vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5 +vulnerability,CVE-2024-0015,vulnerability--09351291-b941-4202-87cf-9a1fae6035a4 +vulnerability,CVE-2024-0034,vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f +vulnerability,CVE-2024-0023,vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa +vulnerability,CVE-2024-0020,vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8 +vulnerability,CVE-2024-0014,vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed +vulnerability,CVE-2024-0016,vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4 +vulnerability,CVE-2024-0035,vulnerability--26225779-5145-4bac-a25a-caa331269d1e +vulnerability,CVE-2024-0040,vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a +vulnerability,CVE-2024-24758,vulnerability--0904e0fa-533a-423b-aded-3f74d9979668 +vulnerability,CVE-2024-24750,vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3 +vulnerability,CVE-2024-24377,vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6 +vulnerability,CVE-2024-21775,vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d +vulnerability,CVE-2024-21915,vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491 +vulnerability,CVE-2024-21983,vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9 +vulnerability,CVE-2024-21984,vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8 +vulnerability,CVE-2024-21987,vulnerability--45b78b01-3140-4ca7-8933-72752304d248 +vulnerability,CVE-2024-25466,vulnerability--9f322d53-0dc6-4a00-b967-75858e383313 +vulnerability,CVE-2024-25627,vulnerability--69d2617e-b661-419d-b652-0ae8b9801236 +vulnerability,CVE-2024-25628,vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20 +vulnerability,CVE-2024-25083,vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b +vulnerability,CVE-2024-25415,vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb +vulnerability,CVE-2024-25320,vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938 +vulnerability,CVE-2024-25414,vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3 +vulnerability,CVE-2024-25413,vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07 diff --git a/objects/vulnerability/vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8.json b/objects/vulnerability/vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8.json new file mode 100644 index 00000000000..de00d6aacd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ed896e0-ef16-49ec-87e3-62f72177ff1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08d48d16-570e-43e6-921f-ad10be874ee8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.548491Z", + "modified": "2024-02-17T00:26:50.548491Z", + "name": "CVE-2024-21984", + "description": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a difficult to exploit Reflected Cross-Site Scripting\n (XSS) vulnerability. Successful exploit requires the attacker to know \nspecific information about the target instance and trick a privileged \nuser into clicking a specially crafted link. This could allow the \nattacker to view or modify configuration settings or add or modify user \naccounts. \n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0904e0fa-533a-423b-aded-3f74d9979668.json b/objects/vulnerability/vulnerability--0904e0fa-533a-423b-aded-3f74d9979668.json new file mode 100644 index 00000000000..7d2b39b69f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--0904e0fa-533a-423b-aded-3f74d9979668.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3bad4180-c26b-4a49-8ffc-83b436f59868", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0904e0fa-533a-423b-aded-3f74d9979668", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.480174Z", + "modified": "2024-02-17T00:26:50.480174Z", + "name": "CVE-2024-24758", + "description": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24758" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09351291-b941-4202-87cf-9a1fae6035a4.json b/objects/vulnerability/vulnerability--09351291-b941-4202-87cf-9a1fae6035a4.json new file mode 100644 index 00000000000..0d4db5951e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--09351291-b941-4202-87cf-9a1fae6035a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4aa22232-fa4f-41a6-9c70-acad790aac34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09351291-b941-4202-87cf-9a1fae6035a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.448214Z", + "modified": "2024-02-17T00:26:50.448214Z", + "name": "CVE-2024-0015", + "description": "In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed.json b/objects/vulnerability/vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed.json new file mode 100644 index 00000000000..994bad33461 --- /dev/null +++ b/objects/vulnerability/vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b13cbc0b-e8ac-44e1-9030-575c48565364", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1feb4342-ec6f-4510-aca6-6bed80138eed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.457814Z", + "modified": "2024-02-17T00:26:50.457814Z", + "name": "CVE-2024-0014", + "description": "In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21ac3178-965d-438e-964b-9f2373131ba7.json b/objects/vulnerability/vulnerability--21ac3178-965d-438e-964b-9f2373131ba7.json new file mode 100644 index 00000000000..d065ac760a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--21ac3178-965d-438e-964b-9f2373131ba7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8befaf55-a2f0-40ac-a246-6926c984c353", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21ac3178-965d-438e-964b-9f2373131ba7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.437382Z", + "modified": "2024-02-17T00:26:50.437382Z", + "name": "CVE-2024-0032", + "description": "In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0032" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9.json b/objects/vulnerability/vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9.json new file mode 100644 index 00000000000..41b8820c74b --- /dev/null +++ b/objects/vulnerability/vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--653c0644-fe2e-494a-b485-1e0df3cf39ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23f934ee-38f6-4f6c-8703-1a81e32846c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.54586Z", + "modified": "2024-02-17T00:26:50.54586Z", + "name": "CVE-2024-21983", + "description": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a Denial of Service (DoS) vulnerability. Successful \nexploit by an authenticated attacker could lead to an out of memory \ncondition or node reboot.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26225779-5145-4bac-a25a-caa331269d1e.json b/objects/vulnerability/vulnerability--26225779-5145-4bac-a25a-caa331269d1e.json new file mode 100644 index 00000000000..5074e80196d --- /dev/null +++ b/objects/vulnerability/vulnerability--26225779-5145-4bac-a25a-caa331269d1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3113049d-f905-4844-80b7-457af8bc432b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26225779-5145-4bac-a25a-caa331269d1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.461357Z", + "modified": "2024-02-17T00:26:50.461357Z", + "name": "CVE-2024-0035", + "description": "In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0035" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23.json b/objects/vulnerability/vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23.json new file mode 100644 index 00000000000..bde33115454 --- /dev/null +++ b/objects/vulnerability/vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0eaee21c-ed01-4d38-a744-0890653b0f1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29551eeb-f5b2-4ec8-8c1e-969f72edae23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:48.355406Z", + "modified": "2024-02-17T00:26:48.355406Z", + "name": "CVE-2023-51931", + "description": "An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-51931" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b.json b/objects/vulnerability/vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b.json new file mode 100644 index 00000000000..0c797c7441a --- /dev/null +++ b/objects/vulnerability/vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2dd37441-e90c-496d-9965-a3dd0da2cd77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39084c2d-996b-4d60-aac9-325474c9b32b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.578003Z", + "modified": "2024-02-17T00:26:50.578003Z", + "name": "CVE-2024-25083", + "description": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25083" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7.json b/objects/vulnerability/vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7.json new file mode 100644 index 00000000000..d94654bb1ed --- /dev/null +++ b/objects/vulnerability/vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52c17443-c77d-4e0f-a6cc-d938b3b0e190", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ff8ce40-6036-400d-ad1f-7da4cf97b7c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.301943Z", + "modified": "2024-02-17T00:26:50.301943Z", + "name": "CVE-2024-1591", + "description": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45b78b01-3140-4ca7-8933-72752304d248.json b/objects/vulnerability/vulnerability--45b78b01-3140-4ca7-8933-72752304d248.json new file mode 100644 index 00000000000..467a8d8f51c --- /dev/null +++ b/objects/vulnerability/vulnerability--45b78b01-3140-4ca7-8933-72752304d248.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a86a3a3f-6411-425a-b191-f53b9088508f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45b78b01-3140-4ca7-8933-72752304d248", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.555476Z", + "modified": "2024-02-17T00:26:50.555476Z", + "name": "CVE-2024-21987", + "description": "SnapCenter versions 4.8 prior to 5.0 are susceptible to a \nvulnerability which could allow an authenticated SnapCenter Server user \nto modify system logging configuration settings\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21987" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5.json b/objects/vulnerability/vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5.json new file mode 100644 index 00000000000..9e4327111f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0b2726e-458b-49fa-95e1-6af98df74644", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4902054b-28f1-4b69-ad50-6766495c13d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.446927Z", + "modified": "2024-02-17T00:26:50.446927Z", + "name": "CVE-2024-0030", + "description": "In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0030" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c.json b/objects/vulnerability/vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c.json new file mode 100644 index 00000000000..8542bf2f53a --- /dev/null +++ b/objects/vulnerability/vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66baaa63-2d7c-49bc-8a3e-0d21a26830e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5735dfb4-a25b-413c-9b33-802ce220855c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.406555Z", + "modified": "2024-02-17T00:26:50.406555Z", + "name": "CVE-2024-0021", + "description": "In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22.json b/objects/vulnerability/vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22.json new file mode 100644 index 00000000000..dd8f0759761 --- /dev/null +++ b/objects/vulnerability/vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0f4b613-d504-4645-b0fd-a6f41e9fcdb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6577ae1f-83a1-4824-a351-266b1833ce22", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.09194Z", + "modified": "2024-02-17T00:26:47.09194Z", + "name": "CVE-2023-40122", + "description": "In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40122" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6579f117-c40e-4688-9564-6f69079799e4.json b/objects/vulnerability/vulnerability--6579f117-c40e-4688-9564-6f69079799e4.json new file mode 100644 index 00000000000..f42530952c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--6579f117-c40e-4688-9564-6f69079799e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--009cb9d7-d105-4762-968d-4a7eb625e813", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6579f117-c40e-4688-9564-6f69079799e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:48.8112Z", + "modified": "2024-02-17T00:26:48.8112Z", + "name": "CVE-2023-21165", + "description": "In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-21165" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa.json b/objects/vulnerability/vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa.json new file mode 100644 index 00000000000..d6b06b6f7b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--feb17c77-b06f-4557-bbbc-624060cff35b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65eac96a-a194-4aef-be30-aaaaf31a75aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.410471Z", + "modified": "2024-02-17T00:26:50.410471Z", + "name": "CVE-2024-0031", + "description": "In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0031" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67.json b/objects/vulnerability/vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67.json new file mode 100644 index 00000000000..2c0009a4a6c --- /dev/null +++ b/objects/vulnerability/vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36031acb-8ce5-46fe-bf45-33dfd7226853", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6656e3ae-d5b3-4f9e-8c9f-6c322c271c67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.078165Z", + "modified": "2024-02-17T00:26:47.078165Z", + "name": "CVE-2023-40093", + "description": "In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69d2617e-b661-419d-b652-0ae8b9801236.json b/objects/vulnerability/vulnerability--69d2617e-b661-419d-b652-0ae8b9801236.json new file mode 100644 index 00000000000..15d3fb735be --- /dev/null +++ b/objects/vulnerability/vulnerability--69d2617e-b661-419d-b652-0ae8b9801236.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f59172b-0524-4422-9c63-b372d9430f86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69d2617e-b661-419d-b652-0ae8b9801236", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.569615Z", + "modified": "2024-02-17T00:26:50.569615Z", + "name": "CVE-2024-25627", + "description": "Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25627" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d.json b/objects/vulnerability/vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d.json new file mode 100644 index 00000000000..c419a6534a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d36742ed-98a4-4a13-ace8-4f42947f0b42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ea75eb6-d082-42a2-a9e6-8b489dec8c9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.431469Z", + "modified": "2024-02-17T00:26:50.431469Z", + "name": "CVE-2024-0029", + "description": "In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0029" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de.json b/objects/vulnerability/vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de.json new file mode 100644 index 00000000000..5b455309393 --- /dev/null +++ b/objects/vulnerability/vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f9b084b-4f97-4eec-b602-173c23941e5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70d0e33e-d603-4b1a-8a03-3cc539e479de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.290003Z", + "modified": "2024-02-17T00:26:50.290003Z", + "name": "CVE-2024-22426", + "description": "\nDell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote\nattacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22426" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f.json b/objects/vulnerability/vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f.json new file mode 100644 index 00000000000..c0c325c4055 --- /dev/null +++ b/objects/vulnerability/vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e29e4dd3-144f-488a-aa91-385313ba1e81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71b50b4c-ae7a-4748-8de4-7c8f2a04847f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.449868Z", + "modified": "2024-02-17T00:26:50.449868Z", + "name": "CVE-2024-0034", + "description": "In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa.json b/objects/vulnerability/vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa.json new file mode 100644 index 00000000000..f425f8cf3df --- /dev/null +++ b/objects/vulnerability/vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51662a32-f067-4118-a93d-56a9101531dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--756d2bf1-ca3d-4750-a2a3-37ea0d0589fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.453101Z", + "modified": "2024-02-17T00:26:50.453101Z", + "name": "CVE-2024-0023", + "description": "In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4.json b/objects/vulnerability/vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4.json new file mode 100644 index 00000000000..9edc7018b38 --- /dev/null +++ b/objects/vulnerability/vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33f9cf82-a389-4ae8-b433-18c6e2658eda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7dcca52a-6786-4034-b9e2-4b1c0b35c2b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.426314Z", + "modified": "2024-02-17T00:26:50.426314Z", + "name": "CVE-2024-0033", + "description": "In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0033" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a.json b/objects/vulnerability/vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a.json new file mode 100644 index 00000000000..b35bb12dadd --- /dev/null +++ b/objects/vulnerability/vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ceebe00-ab85-49ab-9633-59b2a5e95573", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8409d5b1-a518-472b-8bde-4279ca73c33a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.462577Z", + "modified": "2024-02-17T00:26:50.462577Z", + "name": "CVE-2024-0040", + "description": "In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391.json b/objects/vulnerability/vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391.json new file mode 100644 index 00000000000..98576de9932 --- /dev/null +++ b/objects/vulnerability/vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--643977ee-8563-43f5-be71-98a73c3a1f4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87c03bc2-d304-4bba-84b8-2e9b7e3fc391", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.30384Z", + "modified": "2024-02-17T00:26:50.30384Z", + "name": "CVE-2024-1342", + "description": "A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-1342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83.json b/objects/vulnerability/vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83.json new file mode 100644 index 00000000000..2493db3b4a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a474a5e7-d1a7-49f7-97f6-5af4c5811206", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--882a20ff-97f9-4632-8f73-af0515c11b83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.442266Z", + "modified": "2024-02-17T00:26:50.442266Z", + "name": "CVE-2024-0018", + "description": "In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8.json b/objects/vulnerability/vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8.json new file mode 100644 index 00000000000..c170d4698fa --- /dev/null +++ b/objects/vulnerability/vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7bbaacf-92ae-46a4-a2ab-3fbe2bd19b9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e8a9635-7504-4c1b-92aa-21389355faf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.45419Z", + "modified": "2024-02-17T00:26:50.45419Z", + "name": "CVE-2024-0020", + "description": "In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf.json b/objects/vulnerability/vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf.json new file mode 100644 index 00000000000..4a0f26ee130 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66dcfae9-02f4-46cd-84e7-2e958aa6f248", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f4586f0-9ede-4881-af31-535b9d1b01bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.497392Z", + "modified": "2024-02-17T00:26:47.497392Z", + "name": "CVE-2023-45918", + "description": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3.json b/objects/vulnerability/vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3.json new file mode 100644 index 00000000000..388d1127557 --- /dev/null +++ b/objects/vulnerability/vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bf2be70-f024-4c39-b4ce-ccffe6f114b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93c6aa1a-65eb-412e-a497-d6704f05eef3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.607121Z", + "modified": "2024-02-17T00:26:50.607121Z", + "name": "CVE-2024-25414", + "description": "An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25414" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3.json b/objects/vulnerability/vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3.json new file mode 100644 index 00000000000..dfca2fa2e15 --- /dev/null +++ b/objects/vulnerability/vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6d705c5-999f-49f6-9046-370c3668d610", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--996d576c-cc6e-424f-bb7b-ea72eeef91a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.496036Z", + "modified": "2024-02-17T00:26:50.496036Z", + "name": "CVE-2024-24750", + "description": "Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4.json b/objects/vulnerability/vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4.json new file mode 100644 index 00000000000..9a17b72a846 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd17dcfa-28c7-4274-98d0-5e306f6465b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a7fa972-a3d3-4990-8fb3-b43f14447dc4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.459398Z", + "modified": "2024-02-17T00:26:50.459398Z", + "name": "CVE-2024-0016", + "description": "In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4.json b/objects/vulnerability/vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4.json new file mode 100644 index 00000000000..9c426394822 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b30c39ff-1fc1-4867-8e84-74f97faf34af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e994e97-0486-46d3-8ffa-1366b08015a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.39196Z", + "modified": "2024-02-17T00:26:50.39196Z", + "name": "CVE-2024-0041", + "description": "In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0041" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f322d53-0dc6-4a00-b967-75858e383313.json b/objects/vulnerability/vulnerability--9f322d53-0dc6-4a00-b967-75858e383313.json new file mode 100644 index 00000000000..8ffbba30ed5 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f322d53-0dc6-4a00-b967-75858e383313.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--554b6b4c-0bbf-4bea-beb1-1dd42f8f2a25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f322d53-0dc6-4a00-b967-75858e383313", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.567278Z", + "modified": "2024-02-17T00:26:50.567278Z", + "name": "CVE-2024-25466", + "description": "Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20.json b/objects/vulnerability/vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20.json new file mode 100644 index 00000000000..dc4fd57666a --- /dev/null +++ b/objects/vulnerability/vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67a4802b-1a80-40ac-b010-87243aaa1a44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aba8bc9f-5ae8-465b-af00-697c07645e20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.574497Z", + "modified": "2024-02-17T00:26:50.574497Z", + "name": "CVE-2024-25628", + "description": "Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c.json b/objects/vulnerability/vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c.json new file mode 100644 index 00000000000..067c35f525e --- /dev/null +++ b/objects/vulnerability/vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83d3a85e-b93c-4c5c-8e47-d6a072717a8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad12cf80-b1fe-49fe-9419-15aa8348af5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.408711Z", + "modified": "2024-02-17T00:26:47.408711Z", + "name": "CVE-2023-49508", + "description": "Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-49508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995.json b/objects/vulnerability/vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995.json new file mode 100644 index 00000000000..8b81f59d679 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--872b8d36-e72a-4dbe-ac50-1d0a0597c5d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae364f73-3ce7-443e-94fb-e0bd3f0bd995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.434125Z", + "modified": "2024-02-17T00:26:50.434125Z", + "name": "CVE-2024-0017", + "description": "In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d.json b/objects/vulnerability/vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d.json new file mode 100644 index 00000000000..db5eea13b0f --- /dev/null +++ b/objects/vulnerability/vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f99d37ca-fc2c-4bbb-9ac1-5fc5314f5b3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae8d83f1-3af6-4cbc-afbc-df4785ebd26d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.529721Z", + "modified": "2024-02-17T00:26:50.529721Z", + "name": "CVE-2024-21775", + "description": "Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21775" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938.json b/objects/vulnerability/vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938.json new file mode 100644 index 00000000000..3b078d0591b --- /dev/null +++ b/objects/vulnerability/vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0c63f4a-1853-4e94-8ccf-ad0928545074", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--afb50c34-0cb0-4710-99dd-3fea2c2cc938", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.596986Z", + "modified": "2024-02-17T00:26:50.596986Z", + "name": "CVE-2024-25320", + "description": "Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7.json b/objects/vulnerability/vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7.json new file mode 100644 index 00000000000..89235d97eab --- /dev/null +++ b/objects/vulnerability/vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--445099fe-8332-4064-8181-47bb09d81f99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8a1d5b7-5871-4486-8517-371ced8450f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.390182Z", + "modified": "2024-02-17T00:26:50.390182Z", + "name": "CVE-2024-0019", + "description": "In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6.json b/objects/vulnerability/vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6.json new file mode 100644 index 00000000000..65609e469dc --- /dev/null +++ b/objects/vulnerability/vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27495df0-5ffc-4bfe-be56-1db58c07d820", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c864472f-0bb1-465f-a4dd-ec37b91b04b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.507116Z", + "modified": "2024-02-17T00:26:50.507116Z", + "name": "CVE-2024-24377", + "description": "An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24377" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cde89034-0039-4026-94aa-d775bd950238.json b/objects/vulnerability/vulnerability--cde89034-0039-4026-94aa-d775bd950238.json new file mode 100644 index 00000000000..66977aa8bd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--cde89034-0039-4026-94aa-d775bd950238.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7d8c3ee-b9b1-4130-9caf-6b8033b43b94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cde89034-0039-4026-94aa-d775bd950238", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.274198Z", + "modified": "2024-02-17T00:26:50.274198Z", + "name": "CVE-2024-22854", + "description": "DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22854" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89.json b/objects/vulnerability/vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89.json new file mode 100644 index 00000000000..69da4d5d51f --- /dev/null +++ b/objects/vulnerability/vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d73ae29-1a23-4f85-a983-1a0dfdc37b12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d07bc693-7735-4c92-bc3e-fb46c8b07f89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.03894Z", + "modified": "2024-02-17T00:26:47.03894Z", + "name": "CVE-2023-40085", + "description": "In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40085" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b.json b/objects/vulnerability/vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b.json new file mode 100644 index 00000000000..e215c6de3ef --- /dev/null +++ b/objects/vulnerability/vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d4d464d-27ec-4d1b-8a10-8e5ed1939253", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbbc3d94-d6dc-4fdc-9aac-c90e2d012a1b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.355838Z", + "modified": "2024-02-17T00:26:50.355838Z", + "name": "CVE-2024-23591", + "description": "ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow \n\nan attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a.json b/objects/vulnerability/vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a.json new file mode 100644 index 00000000000..5acc35660a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--756b7616-e192-489d-a073-8d934794aea7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df82b56a-a7c4-4ed7-9abd-c6179602a74a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.527365Z", + "modified": "2024-02-17T00:26:47.527365Z", + "name": "CVE-2023-45860", + "description": "In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45860" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb.json b/objects/vulnerability/vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb.json new file mode 100644 index 00000000000..33a1a1012ed --- /dev/null +++ b/objects/vulnerability/vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1299a58-9e6d-457e-a417-a882ba056cea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e216f36a-6e39-461a-887b-c6debd6733fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.595935Z", + "modified": "2024-02-17T00:26:50.595935Z", + "name": "CVE-2024-25415", + "description": "A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25415" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491.json b/objects/vulnerability/vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491.json new file mode 100644 index 00000000000..3bc6e26a55c --- /dev/null +++ b/objects/vulnerability/vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39bd0a52-4312-45b5-9d75-1d1d58466548", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3d4a19c-d99f-4d1e-ad4c-4cc7f8f98491", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.532176Z", + "modified": "2024-02-17T00:26:50.532176Z", + "name": "CVE-2024-21915", + "description": "\nA privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d.json b/objects/vulnerability/vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d.json new file mode 100644 index 00000000000..fdf6222e7b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ecd278e-c54e-4234-a490-244f208c9185", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e59d1781-fb43-446a-b9ad-f64f5305d33d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.416639Z", + "modified": "2024-02-17T00:26:50.416639Z", + "name": "CVE-2024-0038", + "description": "In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0038" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b.json b/objects/vulnerability/vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b.json new file mode 100644 index 00000000000..93f6c9d55dd --- /dev/null +++ b/objects/vulnerability/vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54e5fe32-c429-4a82-b7cd-d6f5493b0d80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9698784-5f88-4143-97ca-3af8a76e8d7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:47.708116Z", + "modified": "2024-02-17T00:26:47.708116Z", + "name": "CVE-2023-6451", + "description": "Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000.json b/objects/vulnerability/vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000.json new file mode 100644 index 00000000000..e4b14416f64 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ec2603c-6952-41c6-bc5f-3ae9cd9af2e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea0285bf-b7a7-423c-b23b-bd10bca55000", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.223325Z", + "modified": "2024-02-17T00:26:50.223325Z", + "name": "CVE-2024-22425", + "description": "\nDell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22425" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07.json b/objects/vulnerability/vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07.json new file mode 100644 index 00000000000..4c7188bd5e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b33a898f-23f3-4262-9981-5886eaadf834", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edc13731-1047-4c00-bb6a-bc036665ee07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.610853Z", + "modified": "2024-02-17T00:26:50.610853Z", + "name": "CVE-2024-25413", + "description": "A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a.json b/objects/vulnerability/vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a.json new file mode 100644 index 00000000000..3cc9830d6d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c8268f5-40c2-4273-8c17-731be8b83665", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee0f0869-2097-4eb0-9afd-102e29da915a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.423371Z", + "modified": "2024-02-17T00:26:50.423371Z", + "name": "CVE-2024-0037", + "description": "In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0037" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5.json b/objects/vulnerability/vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5.json new file mode 100644 index 00000000000..c6247b08e9c --- /dev/null +++ b/objects/vulnerability/vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2195ae0-dea0-45b5-a362-74f380b88e5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f93748ad-2553-451c-a8cf-2cb4fcc194e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-02-17T00:26:50.42775Z", + "modified": "2024-02-17T00:26:50.42775Z", + "name": "CVE-2024-0036", + "description": "In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0036" + } + ] + } + ] +} \ No newline at end of file