From f4e4fa69fbde1d18c3d4c7ab8313c8684b630fee Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 00:29:11 +0000 Subject: [PATCH] generated content from 2024-01-16 --- mapping.csv | 65 +++++++++++++++++++ ...-0116fb08-29d6-45b6-bef1-4454d4d72954.json | 22 +++++++ ...-036d50f7-d699-4771-acb8-b0d203fa4b74.json | 22 +++++++ ...-06ead948-f814-4897-a664-cb9db592526e.json | 22 +++++++ ...-095898f5-9d6f-4dcf-9b95-ceae2e6edda0.json | 22 +++++++ ...-0b0db9e9-206a-4e0a-891b-82d93c7ed6c3.json | 22 +++++++ ...-12249be0-4be2-4600-8bcc-9285d854af5b.json | 22 +++++++ ...-139ab38c-f487-4b18-bf4a-d1916bba0531.json | 22 +++++++ ...-145a89bc-06bc-4a43-ae23-a4b8ba7fed6c.json | 22 +++++++ ...-157ca958-6797-4bc0-a7c4-b46effa70216.json | 22 +++++++ ...-1ac99106-53c1-40fc-8dfb-4b18fc27ae22.json | 22 +++++++ ...-20407a3d-f729-463f-ae75-3febf6dea3c0.json | 22 +++++++ ...-21d08e28-92f1-49b9-a10c-72618a4d39af.json | 22 +++++++ ...-235b647d-d4a4-4a5f-9a3d-746682db7f7c.json | 22 +++++++ ...-2547f5f8-29b5-4e7b-8f65-932dd2ba48f6.json | 22 +++++++ ...-28d1452a-e505-4d74-bf5b-97ca161affed.json | 22 +++++++ ...-2d5cf9c1-85a6-4e9d-a74a-c235e779a720.json | 22 +++++++ ...-30d84151-6f2b-42da-aa34-4a8ee8135d33.json | 22 +++++++ ...-3508de5b-0ff5-454a-afc2-748a2d97589a.json | 22 +++++++ ...-3670debf-318c-4c8b-a19f-127e03153220.json | 22 +++++++ ...-38236bac-2876-49a3-b77b-5877264d9fc3.json | 22 +++++++ ...-3bc46ea9-de31-49fa-993c-4b646217bedc.json | 22 +++++++ ...-3e7bbe64-363a-47ed-b5a6-6889bb83ee4c.json | 22 +++++++ ...-42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8.json | 22 +++++++ ...-48a9a40b-3940-4a84-b741-a4080ee2e2b6.json | 22 +++++++ ...-51f1e34d-50f0-4c71-beee-eb556691cd15.json | 22 +++++++ ...-52b77856-9e04-40ca-89dc-117e51902c3b.json | 22 +++++++ ...-5404d272-7399-4529-9d72-b40c991aee06.json | 22 +++++++ ...-58e138f9-0fc7-470d-90c5-78daa871075f.json | 22 +++++++ ...-5e87fd28-a03c-4171-86e2-acba451249ef.json | 22 +++++++ ...-6b53cdfe-959c-459b-97a0-99715b649e77.json | 22 +++++++ ...-6e939dcc-14b3-4fc5-9150-7dec59b38424.json | 22 +++++++ ...-70c4b6e7-44f6-4806-816a-cf11ae43cae6.json | 22 +++++++ ...-70c980e4-49a7-40b3-8d1a-e1caa52af2e2.json | 22 +++++++ ...-74e86ec8-41de-41fc-95ad-86ae81c49e40.json | 22 +++++++ ...-75a011e5-dddb-4463-9039-f8f085a329f4.json | 22 +++++++ ...-76030495-93d8-4f9d-a854-976bd3932b70.json | 22 +++++++ ...-79c42cb1-854f-41d5-8fef-aa72ee050b93.json | 22 +++++++ ...-79d85f42-547d-4bcc-9b6d-655af540c9c8.json | 22 +++++++ ...-7d610f93-4424-4e4b-9c87-28e4f12c8b88.json | 22 +++++++ ...-841fe0f8-86ad-44bd-a80e-277891d0b4b1.json | 22 +++++++ ...-858c249b-36e7-4dce-a439-2426b566486d.json | 22 +++++++ ...-89cc770e-e536-4f06-805a-4c694318f060.json | 22 +++++++ ...-8ab0e811-166f-4393-a59d-1f7fa8b533bf.json | 22 +++++++ ...-8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a.json | 22 +++++++ ...-8c0716fd-2bcb-4405-bbf1-56759b44b890.json | 22 +++++++ ...-8e44d6e7-0617-4f45-a736-350f5845b06d.json | 22 +++++++ ...-922a3776-890d-45e2-acd5-760e8d834f03.json | 22 +++++++ ...-93d06726-69d1-4642-b378-e1b9422a12b0.json | 22 +++++++ ...-99e8d6be-21b9-4e9c-8ddf-a694a22beb90.json | 22 +++++++ ...-a3650336-182d-4226-9de0-12c74221d391.json | 22 +++++++ ...-a432d95c-071d-487e-9191-38ca3ebb3fb0.json | 22 +++++++ ...-b0437581-1506-4b99-a8f9-49eabbfbca17.json | 22 +++++++ ...-b968474c-a24c-4ce0-af9d-fd5d13b72dba.json | 22 +++++++ ...-ba80b815-f102-4437-a696-0ba1f12a1f56.json | 22 +++++++ ...-bbfddf25-e5fa-4aa7-91c2-310b3fe0b759.json | 22 +++++++ ...-c3c08a68-2b5f-4b48-9fac-e23c847bcafd.json | 22 +++++++ ...-c5ca2ecb-a19a-4538-add3-16c5232fc57c.json | 22 +++++++ ...-d374bb7b-2abf-49e9-81fc-237674d05f86.json | 22 +++++++ ...-d7dfe6c8-b708-4219-929a-be43e3e32b5e.json | 22 +++++++ ...-dcf742df-06b2-4225-93d0-2c906d355f6f.json | 22 +++++++ ...-e095790b-d188-4c18-8432-e96c85f5cd0a.json | 22 +++++++ ...-e2d114f9-cd1f-442a-9805-e343a4ed1735.json | 22 +++++++ ...-e711c0b9-c544-4734-92cb-d8df24ea318e.json | 22 +++++++ ...-efd0cab6-d711-44cb-be22-06975a8722a7.json | 22 +++++++ ...-f55d6eb8-12f4-4227-b29d-9b869c484ed2.json | 22 +++++++ 66 files changed, 1495 insertions(+) create mode 100644 objects/vulnerability/vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954.json create mode 100644 objects/vulnerability/vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74.json create mode 100644 objects/vulnerability/vulnerability--06ead948-f814-4897-a664-cb9db592526e.json create mode 100644 objects/vulnerability/vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0.json create mode 100644 objects/vulnerability/vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3.json create mode 100644 objects/vulnerability/vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b.json create mode 100644 objects/vulnerability/vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531.json create mode 100644 objects/vulnerability/vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c.json create mode 100644 objects/vulnerability/vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216.json create mode 100644 objects/vulnerability/vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22.json create mode 100644 objects/vulnerability/vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0.json create mode 100644 objects/vulnerability/vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af.json create mode 100644 objects/vulnerability/vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c.json create mode 100644 objects/vulnerability/vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6.json create mode 100644 objects/vulnerability/vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed.json create mode 100644 objects/vulnerability/vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720.json create mode 100644 objects/vulnerability/vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33.json create mode 100644 objects/vulnerability/vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a.json create mode 100644 objects/vulnerability/vulnerability--3670debf-318c-4c8b-a19f-127e03153220.json create mode 100644 objects/vulnerability/vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3.json create mode 100644 objects/vulnerability/vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc.json create mode 100644 objects/vulnerability/vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c.json create mode 100644 objects/vulnerability/vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8.json create mode 100644 objects/vulnerability/vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6.json create mode 100644 objects/vulnerability/vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15.json create mode 100644 objects/vulnerability/vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b.json create mode 100644 objects/vulnerability/vulnerability--5404d272-7399-4529-9d72-b40c991aee06.json create mode 100644 objects/vulnerability/vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f.json create mode 100644 objects/vulnerability/vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef.json create mode 100644 objects/vulnerability/vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77.json create mode 100644 objects/vulnerability/vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424.json create mode 100644 objects/vulnerability/vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6.json create mode 100644 objects/vulnerability/vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2.json create mode 100644 objects/vulnerability/vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40.json create mode 100644 objects/vulnerability/vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4.json create mode 100644 objects/vulnerability/vulnerability--76030495-93d8-4f9d-a854-976bd3932b70.json create mode 100644 objects/vulnerability/vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93.json create mode 100644 objects/vulnerability/vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8.json create mode 100644 objects/vulnerability/vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88.json create mode 100644 objects/vulnerability/vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1.json create mode 100644 objects/vulnerability/vulnerability--858c249b-36e7-4dce-a439-2426b566486d.json create mode 100644 objects/vulnerability/vulnerability--89cc770e-e536-4f06-805a-4c694318f060.json create mode 100644 objects/vulnerability/vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf.json create mode 100644 objects/vulnerability/vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a.json create mode 100644 objects/vulnerability/vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890.json create mode 100644 objects/vulnerability/vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d.json create mode 100644 objects/vulnerability/vulnerability--922a3776-890d-45e2-acd5-760e8d834f03.json create mode 100644 objects/vulnerability/vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0.json create mode 100644 objects/vulnerability/vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90.json create mode 100644 objects/vulnerability/vulnerability--a3650336-182d-4226-9de0-12c74221d391.json create mode 100644 objects/vulnerability/vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0.json create mode 100644 objects/vulnerability/vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17.json create mode 100644 objects/vulnerability/vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba.json create mode 100644 objects/vulnerability/vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56.json create mode 100644 objects/vulnerability/vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759.json create mode 100644 objects/vulnerability/vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd.json create mode 100644 objects/vulnerability/vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c.json create mode 100644 objects/vulnerability/vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86.json create mode 100644 objects/vulnerability/vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e.json create mode 100644 objects/vulnerability/vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f.json create mode 100644 objects/vulnerability/vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a.json create mode 100644 objects/vulnerability/vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735.json create mode 100644 objects/vulnerability/vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e.json create mode 100644 objects/vulnerability/vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7.json create mode 100644 objects/vulnerability/vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2.json diff --git a/mapping.csv b/mapping.csv index 331e23a49ff..580c5f66f62 100644 --- a/mapping.csv +++ b/mapping.csv @@ -222808,3 +222808,68 @@ vulnerability,CVE-2024-0523,vulnerability--42c1c329-8291-41af-aaf2-373cee546011 vulnerability,CVE-2024-0526,vulnerability--81efc213-d961-479f-b034-89afb8c8ce6b vulnerability,CVE-2024-0522,vulnerability--9f008ad6-13cd-482e-a1eb-c8ab3086ceab vulnerability,CVE-2024-0524,vulnerability--22ee11c8-eb17-4d29-965d-4ff4b492e512 +vulnerability,CVE-2023-5253,vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b +vulnerability,CVE-2023-5905,vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2 +vulnerability,CVE-2023-7206,vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759 +vulnerability,CVE-2023-4001,vulnerability--5404d272-7399-4529-9d72-b40c991aee06 +vulnerability,CVE-2023-4925,vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f +vulnerability,CVE-2023-4818,vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b +vulnerability,CVE-2023-42135,vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6 +vulnerability,CVE-2023-42137,vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6 +vulnerability,CVE-2023-42136,vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed +vulnerability,CVE-2023-42134,vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74 +vulnerability,CVE-2023-46226,vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720 +vulnerability,CVE-2023-46749,vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93 +vulnerability,CVE-2023-48383,vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c +vulnerability,CVE-2023-50290,vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba +vulnerability,CVE-2023-50729,vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56 +vulnerability,CVE-2023-6029,vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90 +vulnerability,CVE-2023-6991,vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216 +vulnerability,CVE-2023-6066,vulnerability--858c249b-36e7-4dce-a439-2426b566486d +vulnerability,CVE-2023-6623,vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424 +vulnerability,CVE-2023-6049,vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c +vulnerability,CVE-2023-6941,vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d +vulnerability,CVE-2023-6620,vulnerability--3670debf-318c-4c8b-a19f-127e03153220 +vulnerability,CVE-2023-6048,vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c +vulnerability,CVE-2023-6163,vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531 +vulnerability,CVE-2023-6915,vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0 +vulnerability,CVE-2023-6843,vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0 +vulnerability,CVE-2023-6050,vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735 +vulnerability,CVE-2020-36770,vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f +vulnerability,CVE-2024-22028,vulnerability--06ead948-f814-4897-a664-cb9db592526e +vulnerability,CVE-2024-22207,vulnerability--a3650336-182d-4226-9de0-12c74221d391 +vulnerability,CVE-2024-20709,vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1 +vulnerability,CVE-2024-20721,vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0 +vulnerability,CVE-2024-0552,vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4 +vulnerability,CVE-2024-0562,vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc +vulnerability,CVE-2024-0527,vulnerability--76030495-93d8-4f9d-a854-976bd3932b70 +vulnerability,CVE-2024-0565,vulnerability--922a3776-890d-45e2-acd5-760e8d834f03 +vulnerability,CVE-2024-0547,vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf +vulnerability,CVE-2024-0315,vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22 +vulnerability,CVE-2024-0540,vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86 +vulnerability,CVE-2024-0536,vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e +vulnerability,CVE-2024-0543,vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77 +vulnerability,CVE-2024-0319,vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3 +vulnerability,CVE-2024-0538,vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890 +vulnerability,CVE-2024-0318,vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6 +vulnerability,CVE-2024-0548,vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a +vulnerability,CVE-2024-0530,vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af +vulnerability,CVE-2024-0534,vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17 +vulnerability,CVE-2024-0535,vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c +vulnerability,CVE-2024-0545,vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8 +vulnerability,CVE-2024-0546,vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef +vulnerability,CVE-2024-0537,vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954 +vulnerability,CVE-2024-0557,vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2 +vulnerability,CVE-2024-0314,vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e +vulnerability,CVE-2024-0541,vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88 +vulnerability,CVE-2024-0532,vulnerability--89cc770e-e536-4f06-805a-4c694318f060 +vulnerability,CVE-2024-0531,vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a +vulnerability,CVE-2024-0539,vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33 +vulnerability,CVE-2024-0317,vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15 +vulnerability,CVE-2024-0316,vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8 +vulnerability,CVE-2024-0533,vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a +vulnerability,CVE-2024-0529,vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd +vulnerability,CVE-2024-0320,vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7 +vulnerability,CVE-2024-0528,vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40 +vulnerability,CVE-2024-0558,vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3 +vulnerability,CVE-2024-0542,vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0 diff --git a/objects/vulnerability/vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954.json b/objects/vulnerability/vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954.json new file mode 100644 index 00000000000..e2512352d64 --- /dev/null +++ b/objects/vulnerability/vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--604efd2b-a2bd-42c8-91b0-685a55776b3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0116fb08-29d6-45b6-bef1-4454d4d72954", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.004935Z", + "modified": "2024-01-16T00:28:56.004935Z", + "name": "CVE-2024-0537", + "description": "A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74.json b/objects/vulnerability/vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74.json new file mode 100644 index 00000000000..24749c0774c --- /dev/null +++ b/objects/vulnerability/vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db9cc900-6c3f-47a4-b7f7-a154abd3898d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--036d50f7-d699-4771-acb8-b0d203fa4b74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.387079Z", + "modified": "2024-01-16T00:28:46.387079Z", + "name": "CVE-2023-42134", + "description": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.\n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06ead948-f814-4897-a664-cb9db592526e.json b/objects/vulnerability/vulnerability--06ead948-f814-4897-a664-cb9db592526e.json new file mode 100644 index 00000000000..99e572b2d59 --- /dev/null +++ b/objects/vulnerability/vulnerability--06ead948-f814-4897-a664-cb9db592526e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecb36a8a-8a8c-41df-ba9f-25875940727a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06ead948-f814-4897-a664-cb9db592526e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.880558Z", + "modified": "2024-01-16T00:28:55.880558Z", + "name": "CVE-2024-22028", + "description": "Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0.json b/objects/vulnerability/vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0.json new file mode 100644 index 00000000000..2f2fea0d2b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c336b58-7eba-49bb-bb93-7fd149a1fc3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--095898f5-9d6f-4dcf-9b95-ceae2e6edda0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.940735Z", + "modified": "2024-01-16T00:28:55.940735Z", + "name": "CVE-2024-20721", + "description": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20721" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3.json b/objects/vulnerability/vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3.json new file mode 100644 index 00000000000..fd422a47641 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62df52a0-cfaf-4faa-8569-e22c026fa8f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b0db9e9-206a-4e0a-891b-82d93c7ed6c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.988287Z", + "modified": "2024-01-16T00:28:55.988287Z", + "name": "CVE-2024-0319", + "description": "Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0319" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b.json b/objects/vulnerability/vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b.json new file mode 100644 index 00000000000..31c85bfdc94 --- /dev/null +++ b/objects/vulnerability/vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c719dd8f-5b4f-4dd6-8e35-79f8c889aee8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12249be0-4be2-4600-8bcc-9285d854af5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:45.84743Z", + "modified": "2024-01-16T00:28:45.84743Z", + "name": "CVE-2023-5253", + "description": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5253" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531.json b/objects/vulnerability/vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531.json new file mode 100644 index 00000000000..9480ade0764 --- /dev/null +++ b/objects/vulnerability/vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61f02d69-ae92-4f6e-b1af-76ae1a3a0180", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--139ab38c-f487-4b18-bf4a-d1916bba0531", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.069988Z", + "modified": "2024-01-16T00:28:48.069988Z", + "name": "CVE-2023-6163", + "description": "The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c.json b/objects/vulnerability/vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c.json new file mode 100644 index 00000000000..6acbb1e46b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d05cce6-43c2-48fd-93f5-7306af5724a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--145a89bc-06bc-4a43-ae23-a4b8ba7fed6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.000551Z", + "modified": "2024-01-16T00:28:56.000551Z", + "name": "CVE-2024-0535", + "description": "A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0535" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216.json b/objects/vulnerability/vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216.json new file mode 100644 index 00000000000..7267e9e197d --- /dev/null +++ b/objects/vulnerability/vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf3d39c6-8c12-47e2-b936-42e05eeddf95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--157ca958-6797-4bc0-a7c4-b46effa70216", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.018383Z", + "modified": "2024-01-16T00:28:48.018383Z", + "name": "CVE-2023-6991", + "description": "The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22.json b/objects/vulnerability/vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22.json new file mode 100644 index 00000000000..0935d3d6a7a --- /dev/null +++ b/objects/vulnerability/vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8437c9a-c0b9-4982-8b88-bf33c58962f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ac99106-53c1-40fc-8dfb-4b18fc27ae22", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.981706Z", + "modified": "2024-01-16T00:28:55.981706Z", + "name": "CVE-2024-0315", + "description": "Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0315" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0.json b/objects/vulnerability/vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0.json new file mode 100644 index 00000000000..5b6a69df206 --- /dev/null +++ b/objects/vulnerability/vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a33777a0-21de-48ff-9a6e-12d6237e77aa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20407a3d-f729-463f-ae75-3febf6dea3c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.028907Z", + "modified": "2024-01-16T00:28:56.028907Z", + "name": "CVE-2024-0542", + "description": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af.json b/objects/vulnerability/vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af.json new file mode 100644 index 00000000000..f2cd364f318 --- /dev/null +++ b/objects/vulnerability/vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--800d6367-1258-4ff2-99cc-16c8fa78ebe2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21d08e28-92f1-49b9-a10c-72618a4d39af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.99699Z", + "modified": "2024-01-16T00:28:55.99699Z", + "name": "CVE-2024-0530", + "description": "A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c.json b/objects/vulnerability/vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c.json new file mode 100644 index 00000000000..a1df16e5cda --- /dev/null +++ b/objects/vulnerability/vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--483cdbf5-f66d-4579-8415-746392e8785f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--235b647d-d4a4-4a5f-9a3d-746682db7f7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:47.543974Z", + "modified": "2024-01-16T00:28:47.543974Z", + "name": "CVE-2023-48383", + "description": "NetVision\n\nInformation \n\n airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-48383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6.json b/objects/vulnerability/vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6.json new file mode 100644 index 00000000000..aee4a927562 --- /dev/null +++ b/objects/vulnerability/vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13fda178-021b-47c1-93ba-c76db0632cd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2547f5f8-29b5-4e7b-8f65-932dd2ba48f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.991387Z", + "modified": "2024-01-16T00:28:55.991387Z", + "name": "CVE-2024-0318", + "description": "Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0318" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed.json b/objects/vulnerability/vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed.json new file mode 100644 index 00000000000..07015a0cc7e --- /dev/null +++ b/objects/vulnerability/vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40550014-ccc8-40e3-a53e-f31633ff3c10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28d1452a-e505-4d74-bf5b-97ca161affed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.366775Z", + "modified": "2024-01-16T00:28:46.366775Z", + "name": "CVE-2023-42136", + "description": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720.json b/objects/vulnerability/vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720.json new file mode 100644 index 00000000000..bd3937fc34c --- /dev/null +++ b/objects/vulnerability/vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be8a8c6f-b594-4340-878f-c408fa8419e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d5cf9c1-85a6-4e9d-a74a-c235e779a720", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:47.206854Z", + "modified": "2024-01-16T00:28:47.206854Z", + "name": "CVE-2023-46226", + "description": "Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33.json b/objects/vulnerability/vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33.json new file mode 100644 index 00000000000..4ebbd0c8c44 --- /dev/null +++ b/objects/vulnerability/vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d4066c9-7d66-47dc-bf78-6fb15c66c8d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30d84151-6f2b-42da-aa34-4a8ee8135d33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.016412Z", + "modified": "2024-01-16T00:28:56.016412Z", + "name": "CVE-2024-0539", + "description": "A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a.json b/objects/vulnerability/vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a.json new file mode 100644 index 00000000000..b9b757d7efe --- /dev/null +++ b/objects/vulnerability/vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f5f3433-49d3-4c45-a8af-63b7357c58a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3508de5b-0ff5-454a-afc2-748a2d97589a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.01253Z", + "modified": "2024-01-16T00:28:56.01253Z", + "name": "CVE-2024-0531", + "description": "A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3670debf-318c-4c8b-a19f-127e03153220.json b/objects/vulnerability/vulnerability--3670debf-318c-4c8b-a19f-127e03153220.json new file mode 100644 index 00000000000..73ce76383d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--3670debf-318c-4c8b-a19f-127e03153220.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--723401c6-e52e-4ddf-879b-741669dd650e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3670debf-318c-4c8b-a19f-127e03153220", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.046315Z", + "modified": "2024-01-16T00:28:48.046315Z", + "name": "CVE-2023-6620", + "description": "The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3.json b/objects/vulnerability/vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3.json new file mode 100644 index 00000000000..3341437f5b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae819af5-8dd7-4187-9f33-e328d6d71370", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38236bac-2876-49a3-b77b-5877264d9fc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.027808Z", + "modified": "2024-01-16T00:28:56.027808Z", + "name": "CVE-2024-0558", + "description": "A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc.json b/objects/vulnerability/vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc.json new file mode 100644 index 00000000000..3dc16a69f35 --- /dev/null +++ b/objects/vulnerability/vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fa95cef-7ca5-45a7-8f2d-9bab64b564c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3bc46ea9-de31-49fa-993c-4b646217bedc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.967865Z", + "modified": "2024-01-16T00:28:55.967865Z", + "name": "CVE-2024-0562", + "description": "A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0562" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c.json b/objects/vulnerability/vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c.json new file mode 100644 index 00000000000..45f2cf33b68 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8da107eb-699f-4d36-9031-2589f0e60965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e7bbe64-363a-47ed-b5a6-6889bb83ee4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.058701Z", + "modified": "2024-01-16T00:28:48.058701Z", + "name": "CVE-2023-6048", + "description": "The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6048" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8.json b/objects/vulnerability/vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8.json new file mode 100644 index 00000000000..65def5b4bc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71d3c535-edf9-4a85-9337-b7076af1f9b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42c8e37b-b1d0-4fa4-be08-7d9cee6cf4f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.018709Z", + "modified": "2024-01-16T00:28:56.018709Z", + "name": "CVE-2024-0316", + "description": "Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6.json b/objects/vulnerability/vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6.json new file mode 100644 index 00000000000..1c49f94c08b --- /dev/null +++ b/objects/vulnerability/vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a19f5ca-fb85-478b-b079-4e230d04a9db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48a9a40b-3940-4a84-b741-a4080ee2e2b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.349981Z", + "modified": "2024-01-16T00:28:46.349981Z", + "name": "CVE-2023-42135", + "description": "PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42135" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15.json b/objects/vulnerability/vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15.json new file mode 100644 index 00000000000..d6159b697fb --- /dev/null +++ b/objects/vulnerability/vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82851f5d-4ce0-47b5-8264-4eb7dca7a9e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51f1e34d-50f0-4c71-beee-eb556691cd15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.01769Z", + "modified": "2024-01-16T00:28:56.01769Z", + "name": "CVE-2024-0317", + "description": "Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0317" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b.json b/objects/vulnerability/vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b.json new file mode 100644 index 00000000000..e1ad65c1cd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28480c6d-bcfe-4d56-ba58-45988dd603fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52b77856-9e04-40ca-89dc-117e51902c3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.253731Z", + "modified": "2024-01-16T00:28:46.253731Z", + "name": "CVE-2023-4818", + "description": "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. \n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5404d272-7399-4529-9d72-b40c991aee06.json b/objects/vulnerability/vulnerability--5404d272-7399-4529-9d72-b40c991aee06.json new file mode 100644 index 00000000000..10e8369252d --- /dev/null +++ b/objects/vulnerability/vulnerability--5404d272-7399-4529-9d72-b40c991aee06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b03f01b-74af-41bf-8a6f-b3bdf977ba2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5404d272-7399-4529-9d72-b40c991aee06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.211238Z", + "modified": "2024-01-16T00:28:46.211238Z", + "name": "CVE-2023-4001", + "description": "An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f.json b/objects/vulnerability/vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f.json new file mode 100644 index 00000000000..d1e1abdf74d --- /dev/null +++ b/objects/vulnerability/vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c45c9509-a3df-4ec0-9243-b788564f49bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58e138f9-0fc7-470d-90c5-78daa871075f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:52.210537Z", + "modified": "2024-01-16T00:28:52.210537Z", + "name": "CVE-2020-36770", + "description": "pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-36770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef.json b/objects/vulnerability/vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef.json new file mode 100644 index 00000000000..61c9a52daee --- /dev/null +++ b/objects/vulnerability/vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e568b57c-dfd1-4972-8186-45115a0aa6bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e87fd28-a03c-4171-86e2-acba451249ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.003322Z", + "modified": "2024-01-16T00:28:56.003322Z", + "name": "CVE-2024-0546", + "description": "A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0546" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77.json b/objects/vulnerability/vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77.json new file mode 100644 index 00000000000..3d94b799bd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f7e9a1a-4bd5-41a8-971b-8e14487f090a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b53cdfe-959c-459b-97a0-99715b649e77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.986601Z", + "modified": "2024-01-16T00:28:55.986601Z", + "name": "CVE-2024-0543", + "description": "A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424.json b/objects/vulnerability/vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424.json new file mode 100644 index 00000000000..83e7a951aa5 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--961cf932-65f9-465a-9c4a-7717a9782a52", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e939dcc-14b3-4fc5-9150-7dec59b38424", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.02923Z", + "modified": "2024-01-16T00:28:48.02923Z", + "name": "CVE-2023-6623", + "description": "The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6.json b/objects/vulnerability/vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6.json new file mode 100644 index 00000000000..a9d700255b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09e71612-b1c7-4045-a0b8-289c66688cd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70c4b6e7-44f6-4806-816a-cf11ae43cae6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.361864Z", + "modified": "2024-01-16T00:28:46.361864Z", + "name": "CVE-2023-42137", + "description": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2.json b/objects/vulnerability/vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2.json new file mode 100644 index 00000000000..ebcf01f8302 --- /dev/null +++ b/objects/vulnerability/vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ea042f1-01aa-44a0-8d07-1e2a5ce1634f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70c980e4-49a7-40b3-8d1a-e1caa52af2e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:45.896175Z", + "modified": "2024-01-16T00:28:45.896175Z", + "name": "CVE-2023-5905", + "description": "The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5905" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40.json b/objects/vulnerability/vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40.json new file mode 100644 index 00000000000..160905f872a --- /dev/null +++ b/objects/vulnerability/vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a00e9041-e8cc-4d0a-b366-d23e52f35998", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74e86ec8-41de-41fc-95ad-86ae81c49e40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.026666Z", + "modified": "2024-01-16T00:28:56.026666Z", + "name": "CVE-2024-0528", + "description": "A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4.json b/objects/vulnerability/vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4.json new file mode 100644 index 00000000000..de3276b519f --- /dev/null +++ b/objects/vulnerability/vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37b7ce98-7abc-40bf-afd3-a15baec30597", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75a011e5-dddb-4463-9039-f8f085a329f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.96622Z", + "modified": "2024-01-16T00:28:55.96622Z", + "name": "CVE-2024-0552", + "description": "Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0552" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76030495-93d8-4f9d-a854-976bd3932b70.json b/objects/vulnerability/vulnerability--76030495-93d8-4f9d-a854-976bd3932b70.json new file mode 100644 index 00000000000..08e6aa579bf --- /dev/null +++ b/objects/vulnerability/vulnerability--76030495-93d8-4f9d-a854-976bd3932b70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--022b8fe2-33a9-45d3-9543-f4a26765e335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76030495-93d8-4f9d-a854-976bd3932b70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.969828Z", + "modified": "2024-01-16T00:28:55.969828Z", + "name": "CVE-2024-0527", + "description": "A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93.json b/objects/vulnerability/vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93.json new file mode 100644 index 00000000000..540b8cb7be6 --- /dev/null +++ b/objects/vulnerability/vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f079d9f2-1d4e-443c-b14d-1a5f3289999a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79c42cb1-854f-41d5-8fef-aa72ee050b93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:47.229409Z", + "modified": "2024-01-16T00:28:47.229409Z", + "name": "CVE-2023-46749", + "description": "Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \n\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8.json b/objects/vulnerability/vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8.json new file mode 100644 index 00000000000..a0dfd9bafee --- /dev/null +++ b/objects/vulnerability/vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f984126c-2bff-4bd7-8efb-45a017327e67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79d85f42-547d-4bcc-9b6d-655af540c9c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.002195Z", + "modified": "2024-01-16T00:28:56.002195Z", + "name": "CVE-2024-0545", + "description": "A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88.json b/objects/vulnerability/vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88.json new file mode 100644 index 00000000000..9837bdf85d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4802d396-3874-4796-85a8-c00876461b44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d610f93-4424-4e4b-9c87-28e4f12c8b88", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.010486Z", + "modified": "2024-01-16T00:28:56.010486Z", + "name": "CVE-2024-0541", + "description": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1.json b/objects/vulnerability/vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1.json new file mode 100644 index 00000000000..4d58caa3919 --- /dev/null +++ b/objects/vulnerability/vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30dc4143-6a2f-47c1-9e7a-4edb87ddb963", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--841fe0f8-86ad-44bd-a80e-277891d0b4b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.920932Z", + "modified": "2024-01-16T00:28:55.920932Z", + "name": "CVE-2024-20709", + "description": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--858c249b-36e7-4dce-a439-2426b566486d.json b/objects/vulnerability/vulnerability--858c249b-36e7-4dce-a439-2426b566486d.json new file mode 100644 index 00000000000..f8aed7df335 --- /dev/null +++ b/objects/vulnerability/vulnerability--858c249b-36e7-4dce-a439-2426b566486d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1e5e99f-0c09-4b34-b68a-b2251220fbb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--858c249b-36e7-4dce-a439-2426b566486d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.019593Z", + "modified": "2024-01-16T00:28:48.019593Z", + "name": "CVE-2023-6066", + "description": "The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89cc770e-e536-4f06-805a-4c694318f060.json b/objects/vulnerability/vulnerability--89cc770e-e536-4f06-805a-4c694318f060.json new file mode 100644 index 00000000000..16ca8a04510 --- /dev/null +++ b/objects/vulnerability/vulnerability--89cc770e-e536-4f06-805a-4c694318f060.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0be56c2-768b-42d4-ba65-5ddd78cdd744", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89cc770e-e536-4f06-805a-4c694318f060", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.011489Z", + "modified": "2024-01-16T00:28:56.011489Z", + "name": "CVE-2024-0532", + "description": "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf.json b/objects/vulnerability/vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf.json new file mode 100644 index 00000000000..cd450acb4ae --- /dev/null +++ b/objects/vulnerability/vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9edf7d51-aeb1-4822-b075-1d705dc95161", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ab0e811-166f-4393-a59d-1f7fa8b533bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.972709Z", + "modified": "2024-01-16T00:28:55.972709Z", + "name": "CVE-2024-0547", + "description": "A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a.json b/objects/vulnerability/vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a.json new file mode 100644 index 00000000000..46beba819b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73e822c0-8e10-4b77-9da9-a4de52b97a60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bbc4488-5ba0-4f60-8969-f6da1fa2cc8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.021532Z", + "modified": "2024-01-16T00:28:56.021532Z", + "name": "CVE-2024-0533", + "description": "A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890.json b/objects/vulnerability/vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890.json new file mode 100644 index 00000000000..b834ed35159 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e86b9987-e479-4a0d-80bd-863f5e6253a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c0716fd-2bcb-4405-bbf1-56759b44b890", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.989582Z", + "modified": "2024-01-16T00:28:55.989582Z", + "name": "CVE-2024-0538", + "description": "A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d.json b/objects/vulnerability/vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d.json new file mode 100644 index 00000000000..3a09d96e86f --- /dev/null +++ b/objects/vulnerability/vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41eb9921-c287-4309-9676-5bde2547cf14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e44d6e7-0617-4f45-a736-350f5845b06d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.037587Z", + "modified": "2024-01-16T00:28:48.037587Z", + "name": "CVE-2023-6941", + "description": "The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6941" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--922a3776-890d-45e2-acd5-760e8d834f03.json b/objects/vulnerability/vulnerability--922a3776-890d-45e2-acd5-760e8d834f03.json new file mode 100644 index 00000000000..58932eee74c --- /dev/null +++ b/objects/vulnerability/vulnerability--922a3776-890d-45e2-acd5-760e8d834f03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b98e4400-3c53-41b4-a587-2e11600158cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--922a3776-890d-45e2-acd5-760e8d834f03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.971663Z", + "modified": "2024-01-16T00:28:55.971663Z", + "name": "CVE-2024-0565", + "description": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0565" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0.json b/objects/vulnerability/vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0.json new file mode 100644 index 00000000000..920dba72142 --- /dev/null +++ b/objects/vulnerability/vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eecece58-85d5-49db-9afa-f36f223c91f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93d06726-69d1-4642-b378-e1b9422a12b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.078303Z", + "modified": "2024-01-16T00:28:48.078303Z", + "name": "CVE-2023-6843", + "description": "The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6843" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90.json b/objects/vulnerability/vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90.json new file mode 100644 index 00000000000..381f98599b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05409858-f186-4293-abd8-5c459eece502", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99e8d6be-21b9-4e9c-8ddf-a694a22beb90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.014853Z", + "modified": "2024-01-16T00:28:48.014853Z", + "name": "CVE-2023-6029", + "description": "The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6029" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3650336-182d-4226-9de0-12c74221d391.json b/objects/vulnerability/vulnerability--a3650336-182d-4226-9de0-12c74221d391.json new file mode 100644 index 00000000000..a013255cde0 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3650336-182d-4226-9de0-12c74221d391.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f72c632-4136-40c4-9ed9-cfa3eb9ac362", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3650336-182d-4226-9de0-12c74221d391", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.895406Z", + "modified": "2024-01-16T00:28:55.895406Z", + "name": "CVE-2024-22207", + "description": "fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0.json b/objects/vulnerability/vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0.json new file mode 100644 index 00000000000..c3909a201bb --- /dev/null +++ b/objects/vulnerability/vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02573077-71ae-493f-a0e1-a7ffcd5dde47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a432d95c-071d-487e-9191-38ca3ebb3fb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.075323Z", + "modified": "2024-01-16T00:28:48.075323Z", + "name": "CVE-2023-6915", + "description": "A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17.json b/objects/vulnerability/vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17.json new file mode 100644 index 00000000000..4819cf4ed78 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7f74ca0-8d93-4e57-b0d4-00f551d9eeb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0437581-1506-4b99-a8f9-49eabbfbca17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.999385Z", + "modified": "2024-01-16T00:28:55.999385Z", + "name": "CVE-2024-0534", + "description": "A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba.json b/objects/vulnerability/vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba.json new file mode 100644 index 00000000000..d31fd2c5972 --- /dev/null +++ b/objects/vulnerability/vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d10c408f-0622-4396-a619-e0acbc6fdc80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b968474c-a24c-4ce0-af9d-fd5d13b72dba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:47.838543Z", + "modified": "2024-01-16T00:28:47.838543Z", + "name": "CVE-2023-50290", + "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.\n\nThe Solr Metrics API is protected by the \"metrics-read\" permission.\nTherefore, Solr Clouds with Authorization setup will only be vulnerable via users with the \"metrics-read\" permission.\nThis issue affects Apache Solr: from 9.0.0 before 9.3.0.\n\nUsers are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56.json b/objects/vulnerability/vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56.json new file mode 100644 index 00000000000..8eaf5d76a35 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28d103ba-258f-4cbb-aef9-191e5a977b9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba80b815-f102-4437-a696-0ba1f12a1f56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:47.872081Z", + "modified": "2024-01-16T00:28:47.872081Z", + "name": "CVE-2023-50729", + "description": "Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759.json b/objects/vulnerability/vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759.json new file mode 100644 index 00000000000..fa97fc9be87 --- /dev/null +++ b/objects/vulnerability/vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--befc00f8-ad72-44e8-96a6-0b05afca7b05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbfddf25-e5fa-4aa7-91c2-310b3fe0b759", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.017155Z", + "modified": "2024-01-16T00:28:46.017155Z", + "name": "CVE-2023-7206", + "description": "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd.json b/objects/vulnerability/vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd.json new file mode 100644 index 00000000000..0855e211bbb --- /dev/null +++ b/objects/vulnerability/vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6835933-9038-4340-9f93-2da1ea0324f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3c08a68-2b5f-4b48-9fac-e23c847bcafd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.022965Z", + "modified": "2024-01-16T00:28:56.022965Z", + "name": "CVE-2024-0529", + "description": "A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c.json b/objects/vulnerability/vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c.json new file mode 100644 index 00000000000..493b20f4399 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdcfab0c-6a40-46fb-a659-1ad1297af478", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5ca2ecb-a19a-4538-add3-16c5232fc57c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.031904Z", + "modified": "2024-01-16T00:28:48.031904Z", + "name": "CVE-2023-6049", + "description": "The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6049" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86.json b/objects/vulnerability/vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86.json new file mode 100644 index 00000000000..36bf9389db6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5394b53e-86a8-4f41-9a86-b146d2fbaf09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d374bb7b-2abf-49e9-81fc-237674d05f86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.983556Z", + "modified": "2024-01-16T00:28:55.983556Z", + "name": "CVE-2024-0540", + "description": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e.json b/objects/vulnerability/vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e.json new file mode 100644 index 00000000000..d83c1d2c0ef --- /dev/null +++ b/objects/vulnerability/vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--755e2968-a6ef-42b6-adcd-e7b146dc4b43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7dfe6c8-b708-4219-929a-be43e3e32b5e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.985258Z", + "modified": "2024-01-16T00:28:55.985258Z", + "name": "CVE-2024-0536", + "description": "A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f.json b/objects/vulnerability/vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f.json new file mode 100644 index 00000000000..3499f62d6b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--318c986a-d7c7-4dfe-8252-a4009e897e2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dcf742df-06b2-4225-93d0-2c906d355f6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:46.220001Z", + "modified": "2024-01-16T00:28:46.220001Z", + "name": "CVE-2023-4925", + "description": "The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a.json b/objects/vulnerability/vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a.json new file mode 100644 index 00000000000..34ddf401fd3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60aff536-5ece-4f3d-a766-87d47ba5b51d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e095790b-d188-4c18-8432-e96c85f5cd0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:55.993928Z", + "modified": "2024-01-16T00:28:55.993928Z", + "name": "CVE-2024-0548", + "description": "A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735.json b/objects/vulnerability/vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735.json new file mode 100644 index 00000000000..f2ca45822c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90128bde-1581-4fd5-a8ff-2c366abd5635", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2d114f9-cd1f-442a-9805-e343a4ed1735", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:48.086465Z", + "modified": "2024-01-16T00:28:48.086465Z", + "name": "CVE-2023-6050", + "description": "The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6050" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e.json b/objects/vulnerability/vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e.json new file mode 100644 index 00000000000..4f7be2246b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f64f60a-70a0-4443-88d6-7574609f498f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e711c0b9-c544-4734-92cb-d8df24ea318e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.0085Z", + "modified": "2024-01-16T00:28:56.0085Z", + "name": "CVE-2024-0314", + "description": "XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0314" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7.json b/objects/vulnerability/vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7.json new file mode 100644 index 00000000000..07c556952b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be45bfe0-ecf7-4243-b80b-5f8043cd682b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efd0cab6-d711-44cb-be22-06975a8722a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.025482Z", + "modified": "2024-01-16T00:28:56.025482Z", + "name": "CVE-2024-0320", + "description": "Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2.json b/objects/vulnerability/vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2.json new file mode 100644 index 00000000000..b8594997c70 --- /dev/null +++ b/objects/vulnerability/vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68ee4e74-f94c-47ba-a12e-56e3d38f2e35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f55d6eb8-12f4-4227-b29d-9b869c484ed2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-16T00:28:56.007452Z", + "modified": "2024-01-16T00:28:56.007452Z", + "name": "CVE-2024-0557", + "description": "A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0557" + } + ] + } + ] +} \ No newline at end of file