From 4b59cde457f4d1b3b5ef86218c7a95d228597bcf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 00:22:51 +0000 Subject: [PATCH] generated content from 2024-12-07 --- mapping.csv | 169 ++++++++++++++++++ ...-003d1f4d-8a53-4dbd-a074-76a8d23f6a5f.json | 22 +++ ...-0183669a-c925-4093-a1d7-f23d2cbe5788.json | 22 +++ ...-043f2ab5-a6a4-42c1-983d-1161d13f68fe.json | 22 +++ ...-0550de7e-c0aa-4ffd-b5cd-378c96461690.json | 22 +++ ...-05e8e788-2c35-46fe-8185-b8954f7b7376.json | 22 +++ ...-06042d3c-a8a7-4993-ac52-18d262e8da8d.json | 22 +++ ...-063a5d76-369a-4daf-b1bd-cd2bb316ceb4.json | 22 +++ ...-07e08b24-1f64-4c74-a5ca-c0830a2b10a2.json | 22 +++ ...-08efe41d-936b-465b-aaf0-df7010a4f19a.json | 22 +++ ...-0c774071-53c1-4864-890b-624f03a6223b.json | 22 +++ ...-0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2.json | 22 +++ ...-108c40db-9150-44e2-80d8-ea031cbdfe96.json | 22 +++ ...-10cb2d7d-ab75-4101-831a-c997811886e8.json | 22 +++ ...-11a51272-c4c9-49cb-9326-7e0a07cec164.json | 22 +++ ...-12124bef-5ec9-4afe-9a3f-cd55fad10180.json | 22 +++ ...-126a8c91-28f5-4dc9-ba0c-0b74a3c2f693.json | 22 +++ ...-129c26f0-daa4-41c3-b893-e7a167ef74a2.json | 22 +++ ...-12ff199a-6f0b-4ec4-aef8-4da6a115ed5c.json | 22 +++ ...-15ae8729-31db-4b05-84d6-196ccba36b93.json | 22 +++ ...-1ae695b2-102a-4243-bf08-831f3b61f5dc.json | 22 +++ ...-1e910860-fd3c-4907-955c-e6600376a968.json | 22 +++ ...-1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3.json | 22 +++ ...-20ea316b-7c5e-4d82-8271-18148b3676da.json | 22 +++ ...-21bacda5-a534-494a-ad20-8e26d1985446.json | 22 +++ ...-22186c95-21d0-4dc7-8a55-942851c6535f.json | 22 +++ ...-23a18630-8c41-4430-ad0e-2974251016f4.json | 22 +++ ...-256f2cb6-f88b-46b5-b4ad-7853ce066457.json | 22 +++ ...-264df4c1-b437-43eb-9ab1-a4ef34c5bc6a.json | 22 +++ ...-278cc9a3-78e7-4afd-b966-ca698089da72.json | 22 +++ ...-27d45bdb-ead9-43eb-9529-5daf626b85bd.json | 22 +++ ...-29201a51-f74d-420b-ba46-8a16767770b4.json | 22 +++ ...-29906dfd-e253-4419-b936-8c11bff1b254.json | 22 +++ ...-2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97.json | 22 +++ ...-2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb.json | 22 +++ ...-318b4d65-893c-43ae-9421-516aeebebb2c.json | 22 +++ ...-318bc8a5-995c-4d83-a053-15e08a130a9d.json | 22 +++ ...-31e64ca9-87f7-4512-8e38-a4096a409b2c.json | 22 +++ ...-358cdcba-6c40-4bb7-b8d6-4dc392eaf36c.json | 22 +++ ...-3703e06c-96c5-4655-be5d-6d431d3432a0.json | 22 +++ ...-379b09f9-2ae0-43e4-9804-f039e062c201.json | 22 +++ ...-37b1b76f-a417-4bb2-b77b-a07612f653b0.json | 22 +++ ...-3c57e4b2-c0b4-4656-881d-bb10c24ea8cd.json | 22 +++ ...-3d3fe1ff-1649-41a7-95ff-168312fdad7c.json | 22 +++ ...-3d57875b-9981-4aca-a442-0cf8643c29e7.json | 22 +++ ...-401d58d0-b98d-4b73-8bd8-9f7478e186b0.json | 22 +++ ...-41f8962f-3e29-4bd3-8444-e2238293e5f3.json | 22 +++ ...-438c7f65-4b41-4127-8717-0451d85ae22f.json | 22 +++ ...-46785564-103e-412a-afa3-91c28d568e84.json | 22 +++ ...-47149492-327a-4e68-b44f-6db4f8679535.json | 22 +++ ...-491755c6-6b93-4f0c-ac36-cd08c56f5723.json | 22 +++ ...-4983b77d-343e-46f1-8728-8f124486a1f1.json | 22 +++ ...-49b5214d-8689-4d51-942a-5931df74e3fe.json | 22 +++ ...-4a3fdc76-1640-43e3-91f1-f62a3a28dbb0.json | 22 +++ ...-4c17ec05-739e-4b73-b9b5-dc27f6af6a3a.json | 22 +++ ...-4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2.json | 22 +++ ...-4e1cb2bb-50a6-4f11-8a63-b6358747f190.json | 22 +++ ...-4fc2a13c-27b1-4af5-bf29-81b99b8c4de1.json | 22 +++ ...-5075a25a-22ef-407b-b9c5-cde50f6daf78.json | 22 +++ ...-50ad54fe-dd83-4285-8cb4-3da86022553d.json | 22 +++ ...-50d5de35-4e35-4e42-b9b3-e6b0496276fd.json | 22 +++ ...-51342d5c-a474-4527-931a-a0752b0f5358.json | 22 +++ ...-51b7f524-cb67-450d-aeb9-0becbf44c7d4.json | 22 +++ ...-53fd424c-cf8f-47b0-b9aa-7903abd06bca.json | 22 +++ ...-58764a45-d4ab-4321-a392-8b68df360240.json | 22 +++ ...-5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2.json | 22 +++ ...-5da427c0-baa6-4a10-8b25-34eb2d9e5f33.json | 22 +++ ...-5f9d32b8-d364-4b04-b6b0-8014b722212f.json | 22 +++ ...-60f19f64-ecf5-4f84-9113-605f38f74ab6.json | 22 +++ ...-60f8844e-0b19-4921-af80-e0a647cd617c.json | 22 +++ ...-6152507c-8cfa-42ac-8049-994cb1b1168e.json | 22 +++ ...-61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf.json | 22 +++ ...-66a0ce67-a5bb-413b-859b-d9a6f41f11a5.json | 22 +++ ...-67661011-fb75-4e3a-adeb-582f32817f7e.json | 22 +++ ...-6c94d0e9-36ac-4708-aee4-1dd1be074141.json | 22 +++ ...-6d093141-0a15-4847-a335-b1fd5707b3d7.json | 22 +++ ...-6d4bd18a-9e57-4353-a493-02335422f1f1.json | 22 +++ ...-70583a10-384f-4853-9607-7a4d76bb6e8c.json | 22 +++ ...-70622595-89c3-4bd9-aff3-38209c7dddc0.json | 22 +++ ...-70a79d6d-b0f1-42a0-8aa1-efaf12eab21c.json | 22 +++ ...-71b0d7b6-e5b2-46af-9351-32d3a37ee238.json | 22 +++ ...-73b4f6f6-67a9-4f2d-bc72-8d0899d507e1.json | 22 +++ ...-782796be-c5db-43e7-ad25-382a1f649c4b.json | 22 +++ ...-788f4785-b8f3-4094-86a7-66b8528196c8.json | 22 +++ ...-78bdb87d-f712-4166-a04e-19f48371aaff.json | 22 +++ ...-78d4c926-486d-4028-88b8-aa5dea26cb07.json | 22 +++ ...-78f8f4fe-7b58-4b2a-984f-488bf45dbc1c.json | 22 +++ ...-793bf1e8-7953-4089-af9e-6bd7cc6538f3.json | 22 +++ ...-795d2e26-0fe2-4c13-8d8b-b925dbe31650.json | 22 +++ ...-7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a.json | 22 +++ ...-80402464-aa85-4fa4-9502-e8c40f7ff406.json | 22 +++ ...-82e3e693-e09a-4b2d-ac32-4117174d0fc1.json | 22 +++ ...-83618e7a-334c-4489-96b3-8677b8acabc2.json | 22 +++ ...-876e0ef1-b950-41b5-91fb-824def78b7aa.json | 22 +++ ...-8779ed84-954f-4599-bf0a-8ee6e6d860b5.json | 22 +++ ...-8904ed43-9c7f-485e-ba75-33a5ce054d9d.json | 22 +++ ...-8dc4282f-af7d-4bcf-afe5-7d83d81b2f67.json | 22 +++ ...-8e93d424-ddb4-4bc7-b3dd-e154ee2162d7.json | 22 +++ ...-8ea3bc91-53ce-4f96-bd16-6c93076131ef.json | 22 +++ ...-91a638ae-92ab-4915-866c-3306def20898.json | 22 +++ ...-93f3723d-1734-4188-a5e6-187cff354b4c.json | 22 +++ ...-94b0b792-be99-48eb-848b-fc8d53f65e10.json | 22 +++ ...-94e438e3-9b39-4d63-9045-b6b7c49cdd4a.json | 22 +++ ...-961cbf2b-102a-42d8-a58f-44b110d64731.json | 22 +++ ...-9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a.json | 22 +++ ...-97e4a9b3-7928-4f88-9983-8d0bfae470d9.json | 22 +++ ...-97eab1b0-ace6-43de-9dbe-fff52196d085.json | 22 +++ ...-98150763-f09c-4eed-85df-0772b9658442.json | 22 +++ ...-9863932c-8f33-48d6-80df-68d27e653935.json | 22 +++ ...-9948d7eb-1428-4048-9208-48094b71dacd.json | 22 +++ ...-996b9546-6d5d-4263-9e2c-2b110449b609.json | 22 +++ ...-9c27f911-981d-44d4-8b47-0e76cca25032.json | 22 +++ ...-9d66ca7f-6799-42e8-9beb-3f75ba48c242.json | 22 +++ ...-9e296cc4-43a3-469c-bebe-56bd2cb640ec.json | 22 +++ ...-a0514325-35a1-4764-971c-009fd5e83d4f.json | 22 +++ ...-a1332b89-1ba4-4081-bd57-4e4de4c2f443.json | 22 +++ ...-a28b45ed-f5d3-4851-8da7-0c80c0fd9197.json | 22 +++ ...-a5f83a1f-797c-4115-af3a-7ddcaf0c20ce.json | 22 +++ ...-a7928626-243b-454b-a5d7-296a081a43dd.json | 22 +++ ...-a97d7b37-7be3-4cc0-ad2b-4473a9e7d667.json | 22 +++ ...-a9b2f471-2340-490c-bc62-67cfb391954c.json | 22 +++ ...-aa297e3e-d095-4291-8f5c-cf97db550bf9.json | 22 +++ ...-aabb2a19-c47c-40b4-a64d-fd7778f64b1c.json | 22 +++ ...-acc7ea32-8293-4415-8c0f-bb4cee4c95a8.json | 22 +++ ...-acddd76f-612d-417d-a447-74e7f61b62da.json | 22 +++ ...-ae7baaab-5524-4881-ae94-abdc352b2f18.json | 22 +++ ...-b33ce97f-7241-4295-9507-7ba390923e6b.json | 22 +++ ...-b3d499b5-4b20-4414-9dba-b07592878727.json | 22 +++ ...-b817ce4c-400a-4cf2-b5d8-83c88551db2b.json | 22 +++ ...-b989f9c5-2c42-445b-9c97-9f02f0910ade.json | 22 +++ ...-bade830f-0c13-4a1a-ab97-a86fa0174574.json | 22 +++ ...-c0b0f6f8-775a-4c11-9d8d-d025b8717fd2.json | 22 +++ ...-c1f049a5-ba2a-4a44-ba75-db5f3cf779ef.json | 22 +++ ...-c23a93ae-6072-4253-b468-3ad685daca8c.json | 22 +++ ...-c37ba43f-41e6-432d-9a14-81e3e43f92e7.json | 22 +++ ...-c3b260c3-9903-4301-babd-f6ed9c8d34ef.json | 22 +++ ...-c42fe83c-eab6-4f04-a4e1-596d267533a1.json | 22 +++ ...-c48fbbda-5325-4947-b4e8-f94772c946b9.json | 22 +++ ...-c74589a4-776f-40b9-a542-e5e1abfa0f32.json | 22 +++ ...-c8b03aa1-0ffd-47a3-8fad-ccd440952d2d.json | 22 +++ ...-c94e28b5-23ad-4677-8587-7d0762ef7cb8.json | 22 +++ ...-ca1b4832-3384-458a-9274-d43e85e54fe9.json | 22 +++ ...-cca7fe09-70e8-4d47-8b3b-c2b55090a53b.json | 22 +++ ...-d0e65f38-2210-433b-9412-cb30d4fbd47e.json | 22 +++ ...-d0ed90a0-4cf2-4358-b0a6-12752848e9fc.json | 22 +++ ...-d1c6ee30-9064-4b3b-9f48-57c20314b80f.json | 22 +++ ...-d2ec128e-a102-49dd-b56b-d9fd2f76145a.json | 22 +++ ...-d3242e41-cf80-43b4-abc3-f98a29bd74b2.json | 22 +++ ...-d3e1baec-3f45-4b2f-b551-81b4557b1846.json | 22 +++ ...-d5a77cc5-62ec-448b-8f67-057f407bba33.json | 22 +++ ...-d749f666-ac4b-46e2-9528-cf0f651bf6ba.json | 22 +++ ...-da88dcfa-4fee-4bee-8ae5-415744503c37.json | 22 +++ ...-dafbe7dd-14d3-4f75-b736-8fd7530c2f3b.json | 22 +++ ...-dbb7625c-a19e-4ca2-ab72-07df2c82480c.json | 22 +++ ...-ddb969c4-274f-4928-8e63-e79a0da3b536.json | 22 +++ ...-e14aba10-e208-4c32-96ef-192819501a62.json | 22 +++ ...-e20e8d89-a279-45b0-8c23-f5908e69feef.json | 22 +++ ...-e634e83d-2a2c-48bb-918a-68c022386e89.json | 22 +++ ...-e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c.json | 22 +++ ...-e7efbea7-daf9-4c70-bc8e-d0aca545f236.json | 22 +++ ...-f0a7ef0b-a24e-4c06-8543-32f05a90da75.json | 22 +++ ...-f1d0e62c-fd9d-4301-ac7c-b32c25a933b8.json | 22 +++ ...-f2dc233d-0ad4-4afb-a361-a30184183795.json | 22 +++ ...-f4000edd-ef02-4025-a892-b782ea5710cb.json | 22 +++ ...-f4d68e7b-3bc9-4616-a261-c3c866a9a7ce.json | 22 +++ ...-f674ee76-b02a-4c0b-b868-af0ce2f89c46.json | 22 +++ ...-f9175daa-9633-4f4c-828a-502df2c80a80.json | 22 +++ ...-fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2.json | 22 +++ ...-fe305d6d-fab8-41ea-80ce-4f365c3c28b6.json | 22 +++ ...-fedd9ef1-4417-4a99-8f9d-06279225f481.json | 22 +++ 170 files changed, 3887 insertions(+) create mode 100644 objects/vulnerability/vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f.json create mode 100644 objects/vulnerability/vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788.json create mode 100644 objects/vulnerability/vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe.json create mode 100644 objects/vulnerability/vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690.json create mode 100644 objects/vulnerability/vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376.json create mode 100644 objects/vulnerability/vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d.json create mode 100644 objects/vulnerability/vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4.json create mode 100644 objects/vulnerability/vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2.json create mode 100644 objects/vulnerability/vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a.json create mode 100644 objects/vulnerability/vulnerability--0c774071-53c1-4864-890b-624f03a6223b.json create mode 100644 objects/vulnerability/vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2.json create mode 100644 objects/vulnerability/vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96.json create mode 100644 objects/vulnerability/vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8.json create mode 100644 objects/vulnerability/vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164.json create mode 100644 objects/vulnerability/vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180.json create mode 100644 objects/vulnerability/vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693.json create mode 100644 objects/vulnerability/vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2.json create mode 100644 objects/vulnerability/vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c.json create mode 100644 objects/vulnerability/vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93.json create mode 100644 objects/vulnerability/vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc.json create mode 100644 objects/vulnerability/vulnerability--1e910860-fd3c-4907-955c-e6600376a968.json create mode 100644 objects/vulnerability/vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3.json create mode 100644 objects/vulnerability/vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da.json create mode 100644 objects/vulnerability/vulnerability--21bacda5-a534-494a-ad20-8e26d1985446.json create mode 100644 objects/vulnerability/vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f.json create mode 100644 objects/vulnerability/vulnerability--23a18630-8c41-4430-ad0e-2974251016f4.json create mode 100644 objects/vulnerability/vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457.json create mode 100644 objects/vulnerability/vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a.json create mode 100644 objects/vulnerability/vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72.json create mode 100644 objects/vulnerability/vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd.json create mode 100644 objects/vulnerability/vulnerability--29201a51-f74d-420b-ba46-8a16767770b4.json create mode 100644 objects/vulnerability/vulnerability--29906dfd-e253-4419-b936-8c11bff1b254.json create mode 100644 objects/vulnerability/vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97.json create mode 100644 objects/vulnerability/vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb.json create mode 100644 objects/vulnerability/vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c.json create mode 100644 objects/vulnerability/vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d.json create mode 100644 objects/vulnerability/vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c.json create mode 100644 objects/vulnerability/vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c.json create mode 100644 objects/vulnerability/vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0.json create mode 100644 objects/vulnerability/vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201.json create mode 100644 objects/vulnerability/vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0.json create mode 100644 objects/vulnerability/vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd.json create mode 100644 objects/vulnerability/vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c.json create mode 100644 objects/vulnerability/vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7.json create mode 100644 objects/vulnerability/vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0.json create mode 100644 objects/vulnerability/vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3.json create mode 100644 objects/vulnerability/vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f.json create mode 100644 objects/vulnerability/vulnerability--46785564-103e-412a-afa3-91c28d568e84.json create mode 100644 objects/vulnerability/vulnerability--47149492-327a-4e68-b44f-6db4f8679535.json create mode 100644 objects/vulnerability/vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723.json create mode 100644 objects/vulnerability/vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1.json create mode 100644 objects/vulnerability/vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe.json create mode 100644 objects/vulnerability/vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0.json create mode 100644 objects/vulnerability/vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a.json create mode 100644 objects/vulnerability/vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2.json create mode 100644 objects/vulnerability/vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190.json create mode 100644 objects/vulnerability/vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1.json create mode 100644 objects/vulnerability/vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78.json create mode 100644 objects/vulnerability/vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d.json create mode 100644 objects/vulnerability/vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd.json create mode 100644 objects/vulnerability/vulnerability--51342d5c-a474-4527-931a-a0752b0f5358.json create mode 100644 objects/vulnerability/vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4.json create mode 100644 objects/vulnerability/vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca.json create mode 100644 objects/vulnerability/vulnerability--58764a45-d4ab-4321-a392-8b68df360240.json create mode 100644 objects/vulnerability/vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2.json create mode 100644 objects/vulnerability/vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33.json create mode 100644 objects/vulnerability/vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f.json create mode 100644 objects/vulnerability/vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6.json create mode 100644 objects/vulnerability/vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c.json create mode 100644 objects/vulnerability/vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e.json create mode 100644 objects/vulnerability/vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf.json create mode 100644 objects/vulnerability/vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5.json create mode 100644 objects/vulnerability/vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e.json create mode 100644 objects/vulnerability/vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141.json create mode 100644 objects/vulnerability/vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7.json create mode 100644 objects/vulnerability/vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1.json create mode 100644 objects/vulnerability/vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c.json create mode 100644 objects/vulnerability/vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0.json create mode 100644 objects/vulnerability/vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c.json create mode 100644 objects/vulnerability/vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238.json create mode 100644 objects/vulnerability/vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1.json create mode 100644 objects/vulnerability/vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b.json create mode 100644 objects/vulnerability/vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8.json create mode 100644 objects/vulnerability/vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff.json create mode 100644 objects/vulnerability/vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07.json create mode 100644 objects/vulnerability/vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c.json create mode 100644 objects/vulnerability/vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3.json create mode 100644 objects/vulnerability/vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650.json create mode 100644 objects/vulnerability/vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a.json create mode 100644 objects/vulnerability/vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406.json create mode 100644 objects/vulnerability/vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1.json create mode 100644 objects/vulnerability/vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2.json create mode 100644 objects/vulnerability/vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa.json create mode 100644 objects/vulnerability/vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5.json create mode 100644 objects/vulnerability/vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d.json create mode 100644 objects/vulnerability/vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67.json create mode 100644 objects/vulnerability/vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7.json create mode 100644 objects/vulnerability/vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef.json create mode 100644 objects/vulnerability/vulnerability--91a638ae-92ab-4915-866c-3306def20898.json create mode 100644 objects/vulnerability/vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c.json create mode 100644 objects/vulnerability/vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10.json create mode 100644 objects/vulnerability/vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a.json create mode 100644 objects/vulnerability/vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731.json create mode 100644 objects/vulnerability/vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a.json create mode 100644 objects/vulnerability/vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9.json create mode 100644 objects/vulnerability/vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085.json create mode 100644 objects/vulnerability/vulnerability--98150763-f09c-4eed-85df-0772b9658442.json create mode 100644 objects/vulnerability/vulnerability--9863932c-8f33-48d6-80df-68d27e653935.json create mode 100644 objects/vulnerability/vulnerability--9948d7eb-1428-4048-9208-48094b71dacd.json create mode 100644 objects/vulnerability/vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609.json create mode 100644 objects/vulnerability/vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032.json create mode 100644 objects/vulnerability/vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242.json create mode 100644 objects/vulnerability/vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec.json create mode 100644 objects/vulnerability/vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f.json create mode 100644 objects/vulnerability/vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443.json create mode 100644 objects/vulnerability/vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197.json create mode 100644 objects/vulnerability/vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce.json create mode 100644 objects/vulnerability/vulnerability--a7928626-243b-454b-a5d7-296a081a43dd.json create mode 100644 objects/vulnerability/vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667.json create mode 100644 objects/vulnerability/vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c.json create mode 100644 objects/vulnerability/vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9.json create mode 100644 objects/vulnerability/vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c.json create mode 100644 objects/vulnerability/vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8.json create mode 100644 objects/vulnerability/vulnerability--acddd76f-612d-417d-a447-74e7f61b62da.json create mode 100644 objects/vulnerability/vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18.json create mode 100644 objects/vulnerability/vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b.json create mode 100644 objects/vulnerability/vulnerability--b3d499b5-4b20-4414-9dba-b07592878727.json create mode 100644 objects/vulnerability/vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b.json create mode 100644 objects/vulnerability/vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade.json create mode 100644 objects/vulnerability/vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574.json create mode 100644 objects/vulnerability/vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2.json create mode 100644 objects/vulnerability/vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef.json create mode 100644 objects/vulnerability/vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c.json create mode 100644 objects/vulnerability/vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7.json create mode 100644 objects/vulnerability/vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef.json create mode 100644 objects/vulnerability/vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1.json create mode 100644 objects/vulnerability/vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9.json create mode 100644 objects/vulnerability/vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32.json create mode 100644 objects/vulnerability/vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d.json create mode 100644 objects/vulnerability/vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8.json create mode 100644 objects/vulnerability/vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9.json create mode 100644 objects/vulnerability/vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b.json create mode 100644 objects/vulnerability/vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e.json create mode 100644 objects/vulnerability/vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc.json create mode 100644 objects/vulnerability/vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f.json create mode 100644 objects/vulnerability/vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a.json create mode 100644 objects/vulnerability/vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2.json create mode 100644 objects/vulnerability/vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846.json create mode 100644 objects/vulnerability/vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33.json create mode 100644 objects/vulnerability/vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba.json create mode 100644 objects/vulnerability/vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37.json create mode 100644 objects/vulnerability/vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b.json create mode 100644 objects/vulnerability/vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c.json create mode 100644 objects/vulnerability/vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536.json create mode 100644 objects/vulnerability/vulnerability--e14aba10-e208-4c32-96ef-192819501a62.json create mode 100644 objects/vulnerability/vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef.json create mode 100644 objects/vulnerability/vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89.json create mode 100644 objects/vulnerability/vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c.json create mode 100644 objects/vulnerability/vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236.json create mode 100644 objects/vulnerability/vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75.json create mode 100644 objects/vulnerability/vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8.json create mode 100644 objects/vulnerability/vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795.json create mode 100644 objects/vulnerability/vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb.json create mode 100644 objects/vulnerability/vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce.json create mode 100644 objects/vulnerability/vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46.json create mode 100644 objects/vulnerability/vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80.json create mode 100644 objects/vulnerability/vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2.json create mode 100644 objects/vulnerability/vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6.json create mode 100644 objects/vulnerability/vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481.json diff --git a/mapping.csv b/mapping.csv index bf2f6dff04f..8f5198331e6 100644 --- a/mapping.csv +++ b/mapping.csv @@ -258765,3 +258765,172 @@ vulnerability,CVE-2018-9386,vulnerability--34bb85d2-a77d-470a-9b9e-a933a82707d4 vulnerability,CVE-2018-9390,vulnerability--08c3e97f-d69f-40b8-808b-f6647eb01452 vulnerability,CVE-2018-9388,vulnerability--b4c0d2eb-8775-4de1-8f05-bceb3c5665b9 vulnerability,CVE-2018-9391,vulnerability--948d1aef-ba8b-4c8a-bf54-c2ecf6942753 +vulnerability,CVE-2024-51727,vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97 +vulnerability,CVE-2024-51815,vulnerability--91a638ae-92ab-4915-866c-3306def20898 +vulnerability,CVE-2024-51615,vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c +vulnerability,CVE-2024-48859,vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2 +vulnerability,CVE-2024-48868,vulnerability--e14aba10-e208-4c32-96ef-192819501a62 +vulnerability,CVE-2024-48871,vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d +vulnerability,CVE-2024-48863,vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6 +vulnerability,CVE-2024-48865,vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a +vulnerability,CVE-2024-48703,vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa +vulnerability,CVE-2024-48874,vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce +vulnerability,CVE-2024-48867,vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e +vulnerability,CVE-2024-48866,vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe +vulnerability,CVE-2024-30129,vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1 +vulnerability,CVE-2024-52558,vulnerability--1e910860-fd3c-4907-955c-e6600376a968 +vulnerability,CVE-2024-52320,vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10 +vulnerability,CVE-2024-52335,vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff +vulnerability,CVE-2024-52324,vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e +vulnerability,CVE-2024-45722,vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c +vulnerability,CVE-2024-12110,vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788 +vulnerability,CVE-2024-12028,vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c +vulnerability,CVE-2024-12254,vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457 +vulnerability,CVE-2024-12003,vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7 +vulnerability,CVE-2024-12326,vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c +vulnerability,CVE-2024-12155,vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3 +vulnerability,CVE-2024-12027,vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164 +vulnerability,CVE-2024-12060,vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2 +vulnerability,CVE-2024-10578,vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c +vulnerability,CVE-2024-10879,vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609 +vulnerability,CVE-2024-10692,vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8 +vulnerability,CVE-2024-10689,vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d +vulnerability,CVE-2024-10849,vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1 +vulnerability,CVE-2024-10516,vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec +vulnerability,CVE-2024-10776,vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8 +vulnerability,CVE-2024-10480,vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c +vulnerability,CVE-2024-10773,vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f +vulnerability,CVE-2024-10551,vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72 +vulnerability,CVE-2024-10681,vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085 +vulnerability,CVE-2024-10772,vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4 +vulnerability,CVE-2024-10771,vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693 +vulnerability,CVE-2024-10320,vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78 +vulnerability,CVE-2024-10909,vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d +vulnerability,CVE-2024-10774,vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731 +vulnerability,CVE-2024-10247,vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443 +vulnerability,CVE-2024-10836,vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574 +vulnerability,CVE-2024-9866,vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a +vulnerability,CVE-2024-9872,vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242 +vulnerability,CVE-2024-9705,vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7 +vulnerability,CVE-2024-9706,vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6 +vulnerability,CVE-2024-9769,vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a +vulnerability,CVE-2024-47547,vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2 +vulnerability,CVE-2024-47043,vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f +vulnerability,CVE-2024-47791,vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197 +vulnerability,CVE-2024-47146,vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67 +vulnerability,CVE-2024-50389,vulnerability--29906dfd-e253-4419-b936-8c11bff1b254 +vulnerability,CVE-2024-50677,vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d +vulnerability,CVE-2024-50402,vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536 +vulnerability,CVE-2024-50388,vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1 +vulnerability,CVE-2024-50393,vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4 +vulnerability,CVE-2024-50404,vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9 +vulnerability,CVE-2024-50387,vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f +vulnerability,CVE-2024-50403,vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c +vulnerability,CVE-2024-7875,vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a +vulnerability,CVE-2024-7874,vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da +vulnerability,CVE-2024-11204,vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2 +vulnerability,CVE-2024-11729,vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3 +vulnerability,CVE-2024-11323,vulnerability--58764a45-d4ab-4321-a392-8b68df360240 +vulnerability,CVE-2024-11687,vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406 +vulnerability,CVE-2024-11289,vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238 +vulnerability,CVE-2024-11201,vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9 +vulnerability,CVE-2024-11728,vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef +vulnerability,CVE-2024-11823,vulnerability--0c774071-53c1-4864-890b-624f03a6223b +vulnerability,CVE-2024-11321,vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c +vulnerability,CVE-2024-11450,vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07 +vulnerability,CVE-2024-11352,vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93 +vulnerability,CVE-2024-11178,vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376 +vulnerability,CVE-2024-11292,vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e +vulnerability,CVE-2024-11220,vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190 +vulnerability,CVE-2024-11460,vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7 +vulnerability,CVE-2024-11022,vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201 +vulnerability,CVE-2024-11444,vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b +vulnerability,CVE-2024-11149,vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141 +vulnerability,CVE-2024-11276,vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650 +vulnerability,CVE-2024-11339,vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef +vulnerability,CVE-2024-11738,vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c +vulnerability,CVE-2024-11730,vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5 +vulnerability,CVE-2024-11585,vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba +vulnerability,CVE-2024-11379,vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723 +vulnerability,CVE-2024-11336,vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f +vulnerability,CVE-2024-11368,vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5 +vulnerability,CVE-2024-44853,vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2 +vulnerability,CVE-2024-44856,vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c +vulnerability,CVE-2024-44852,vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca +vulnerability,CVE-2024-44855,vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846 +vulnerability,CVE-2024-44854,vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd +vulnerability,CVE-2024-53826,vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b +vulnerability,CVE-2024-53797,vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80 +vulnerability,CVE-2024-53806,vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667 +vulnerability,CVE-2024-53804,vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32 +vulnerability,CVE-2024-53794,vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180 +vulnerability,CVE-2024-53803,vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a +vulnerability,CVE-2024-53908,vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c +vulnerability,CVE-2024-53821,vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b +vulnerability,CVE-2024-53691,vulnerability--a7928626-243b-454b-a5d7-296a081a43dd +vulnerability,CVE-2024-53801,vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc +vulnerability,CVE-2024-53817,vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33 +vulnerability,CVE-2024-53805,vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1 +vulnerability,CVE-2024-53813,vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0 +vulnerability,CVE-2024-53907,vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe +vulnerability,CVE-2024-53142,vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236 +vulnerability,CVE-2024-53807,vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb +vulnerability,CVE-2024-53815,vulnerability--46785564-103e-412a-afa3-91c28d568e84 +vulnerability,CVE-2024-53809,vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1 +vulnerability,CVE-2024-53808,vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46 +vulnerability,CVE-2024-53141,vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb +vulnerability,CVE-2024-53812,vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9 +vulnerability,CVE-2024-53824,vulnerability--acddd76f-612d-417d-a447-74e7f61b62da +vulnerability,CVE-2024-53825,vulnerability--21bacda5-a534-494a-ad20-8e26d1985446 +vulnerability,CVE-2024-53799,vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2 +vulnerability,CVE-2024-53796,vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0 +vulnerability,CVE-2024-53795,vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc +vulnerability,CVE-2024-53810,vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8 +vulnerability,CVE-2024-53802,vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795 +vulnerability,CVE-2024-53820,vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89 +vulnerability,CVE-2024-53811,vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a +vulnerability,CVE-2024-53823,vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96 +vulnerability,CVE-2024-38927,vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce +vulnerability,CVE-2024-38921,vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481 +vulnerability,CVE-2024-38926,vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3 +vulnerability,CVE-2024-38922,vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1 +vulnerability,CVE-2024-38924,vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c +vulnerability,CVE-2024-38925,vulnerability--29201a51-f74d-420b-ba46-8a16767770b4 +vulnerability,CVE-2024-38923,vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a +vulnerability,CVE-2024-41644,vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2 +vulnerability,CVE-2024-41649,vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd +vulnerability,CVE-2024-41647,vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef +vulnerability,CVE-2024-41646,vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c +vulnerability,CVE-2024-41645,vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8 +vulnerability,CVE-2024-41650,vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0 +vulnerability,CVE-2024-41648,vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b +vulnerability,CVE-2024-21571,vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7 +vulnerability,CVE-2024-54747,vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0 +vulnerability,CVE-2024-54207,vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d +vulnerability,CVE-2024-54210,vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c +vulnerability,CVE-2024-54141,vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef +vulnerability,CVE-2024-54136,vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade +vulnerability,CVE-2024-54749,vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2 +vulnerability,CVE-2024-54209,vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37 +vulnerability,CVE-2024-54212,vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f +vulnerability,CVE-2024-54214,vulnerability--b3d499b5-4b20-4414-9dba-b07592878727 +vulnerability,CVE-2024-54205,vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032 +vulnerability,CVE-2024-54208,vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f +vulnerability,CVE-2024-54750,vulnerability--23a18630-8c41-4430-ad0e-2974251016f4 +vulnerability,CVE-2024-54211,vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690 +vulnerability,CVE-2024-54745,vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b +vulnerability,CVE-2024-54216,vulnerability--51342d5c-a474-4527-931a-a0752b0f5358 +vulnerability,CVE-2024-54137,vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0 +vulnerability,CVE-2024-54138,vulnerability--98150763-f09c-4eed-85df-0772b9658442 +vulnerability,CVE-2024-54135,vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c +vulnerability,CVE-2024-54213,vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75 +vulnerability,CVE-2024-54206,vulnerability--47149492-327a-4e68-b44f-6db4f8679535 +vulnerability,CVE-2024-54143,vulnerability--9863932c-8f33-48d6-80df-68d27e653935 +vulnerability,CVE-2024-55268,vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8 +vulnerability,CVE-2024-49041,vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf +vulnerability,CVE-2024-46874,vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33 +vulnerability,CVE-2024-42494,vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18 +vulnerability,CVE-2024-42196,vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9 +vulnerability,CVE-2024-0139,vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd +vulnerability,CVE-2024-0130,vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2 +vulnerability,CVE-2024-4633,vulnerability--9948d7eb-1428-4048-9208-48094b71dacd diff --git a/objects/vulnerability/vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f.json b/objects/vulnerability/vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f.json new file mode 100644 index 00000000000..a0bb8b00e8d --- /dev/null +++ b/objects/vulnerability/vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--870db6ae-97fb-4fcc-ba08-1ddc7d749cbd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--003d1f4d-8a53-4dbd-a074-76a8d23f6a5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.475566Z", + "modified": "2024-12-07T00:22:23.475566Z", + "name": "CVE-2024-54212", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788.json b/objects/vulnerability/vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788.json new file mode 100644 index 00000000000..3f86ab56246 --- /dev/null +++ b/objects/vulnerability/vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2b6c2fa-fc55-4f8e-9507-397bcd8a486f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0183669a-c925-4093-a1d7-f23d2cbe5788", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.900327Z", + "modified": "2024-12-07T00:22:21.900327Z", + "name": "CVE-2024-12110", + "description": "The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe.json b/objects/vulnerability/vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe.json new file mode 100644 index 00000000000..7c755f34cc6 --- /dev/null +++ b/objects/vulnerability/vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e0f0f3e-fb36-4460-b65f-7622e93759b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--043f2ab5-a6a4-42c1-983d-1161d13f68fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.730388Z", + "modified": "2024-12-07T00:22:22.730388Z", + "name": "CVE-2024-53907", + "description": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53907" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690.json b/objects/vulnerability/vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690.json new file mode 100644 index 00000000000..1545662aa17 --- /dev/null +++ b/objects/vulnerability/vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70a9d2d7-532e-4a57-8473-07461dc2d491", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0550de7e-c0aa-4ffd-b5cd-378c96461690", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.488585Z", + "modified": "2024-12-07T00:22:23.488585Z", + "name": "CVE-2024-54211", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376.json b/objects/vulnerability/vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376.json new file mode 100644 index 00000000000..e61479cc925 --- /dev/null +++ b/objects/vulnerability/vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db6c151e-c1a3-49fc-a055-726a9f695378", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05e8e788-2c35-46fe-8185-b8954f7b7376", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.437263Z", + "modified": "2024-12-07T00:22:22.437263Z", + "name": "CVE-2024-11178", + "description": "The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d.json b/objects/vulnerability/vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d.json new file mode 100644 index 00000000000..0801952cfba --- /dev/null +++ b/objects/vulnerability/vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f60af130-b720-4634-a501-587b7cd27883", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06042d3c-a8a7-4993-ac52-18d262e8da8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.447945Z", + "modified": "2024-12-07T00:22:23.447945Z", + "name": "CVE-2024-54207", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4.json b/objects/vulnerability/vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4.json new file mode 100644 index 00000000000..c13eacb0c58 --- /dev/null +++ b/objects/vulnerability/vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c28bdc1c-32b4-4c0c-bd13-2e45898860fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--063a5d76-369a-4daf-b1bd-cd2bb316ceb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.955013Z", + "modified": "2024-12-07T00:22:21.955013Z", + "name": "CVE-2024-10772", + "description": "Since the firmware update is not validated, an attacker can install modified firmware on the\ndevice. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10772" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2.json b/objects/vulnerability/vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2.json new file mode 100644 index 00000000000..0f109af5c10 --- /dev/null +++ b/objects/vulnerability/vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfc851cc-2b40-46da-894d-01ac4acc73d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07e08b24-1f64-4c74-a5ca-c0830a2b10a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.546652Z", + "modified": "2024-12-07T00:22:22.546652Z", + "name": "CVE-2024-44853", + "description": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44853" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a.json b/objects/vulnerability/vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a.json new file mode 100644 index 00000000000..bc3ea4ec07c --- /dev/null +++ b/objects/vulnerability/vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db305d85-ee12-4c63-90cc-a27d3dfde4e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08efe41d-936b-465b-aaf0-df7010a4f19a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.327751Z", + "modified": "2024-12-07T00:22:22.327751Z", + "name": "CVE-2024-7875", + "description": "Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx\nThis allows for injection of a malicious JavaScript code, leading to a possible information leak. \nExploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c774071-53c1-4864-890b-624f03a6223b.json b/objects/vulnerability/vulnerability--0c774071-53c1-4864-890b-624f03a6223b.json new file mode 100644 index 00000000000..4095c398164 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c774071-53c1-4864-890b-624f03a6223b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f27cda56-f411-48f8-90bf-664e40618dd0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c774071-53c1-4864-890b-624f03a6223b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.428746Z", + "modified": "2024-12-07T00:22:22.428746Z", + "name": "CVE-2024-11823", + "description": "The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2.json b/objects/vulnerability/vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2.json new file mode 100644 index 00000000000..447909d5c4c --- /dev/null +++ b/objects/vulnerability/vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b10d9b0-3e28-4f35-ad9b-559eb7d4433c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0eabeb3f-0b1d-4a2e-8c4c-aed7b00c66f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.072782Z", + "modified": "2024-12-07T00:22:23.072782Z", + "name": "CVE-2024-41644", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96.json b/objects/vulnerability/vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96.json new file mode 100644 index 00000000000..1e53c345c2b --- /dev/null +++ b/objects/vulnerability/vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8931cc20-7853-4d09-8478-e5b362a0158f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--108c40db-9150-44e2-80d8-ea031cbdfe96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.778748Z", + "modified": "2024-12-07T00:22:22.778748Z", + "name": "CVE-2024-53823", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8.json b/objects/vulnerability/vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8.json new file mode 100644 index 00000000000..674a770b528 --- /dev/null +++ b/objects/vulnerability/vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a896e77c-19d4-41ad-9fbe-2e3e0a58ce76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10cb2d7d-ab75-4101-831a-c997811886e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.514297Z", + "modified": "2024-12-07T00:22:23.514297Z", + "name": "CVE-2024-55268", + "description": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55268" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164.json b/objects/vulnerability/vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164.json new file mode 100644 index 00000000000..33577cb6c91 --- /dev/null +++ b/objects/vulnerability/vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bc60766-bdd8-4308-afb8-c00e1b544564", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11a51272-c4c9-49cb-9326-7e0a07cec164", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.918595Z", + "modified": "2024-12-07T00:22:21.918595Z", + "name": "CVE-2024-12027", + "description": "The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12027" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180.json b/objects/vulnerability/vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180.json new file mode 100644 index 00000000000..6a0163cfd6f --- /dev/null +++ b/objects/vulnerability/vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ed087db-eae3-4541-88ca-b83208954e50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12124bef-5ec9-4afe-9a3f-cd55fad10180", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.712528Z", + "modified": "2024-12-07T00:22:22.712528Z", + "name": "CVE-2024-53794", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693.json b/objects/vulnerability/vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693.json new file mode 100644 index 00000000000..c0d59ee327e --- /dev/null +++ b/objects/vulnerability/vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5e83507-ba8a-4e4f-9d13-100f0af05d77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--126a8c91-28f5-4dc9-ba0c-0b74a3c2f693", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.961646Z", + "modified": "2024-12-07T00:22:21.961646Z", + "name": "CVE-2024-10771", + "description": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level ”Service”, an attacker\ncan execute arbitrary system commands in the root user’s contexts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2.json b/objects/vulnerability/vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2.json new file mode 100644 index 00000000000..a34b5c7e2be --- /dev/null +++ b/objects/vulnerability/vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3d44472-03b0-4d21-8a88-538761bb6f75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--129c26f0-daa4-41c3-b893-e7a167ef74a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.967086Z", + "modified": "2024-12-07T00:22:23.967086Z", + "name": "CVE-2024-0130", + "description": "NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0130" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c.json b/objects/vulnerability/vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c.json new file mode 100644 index 00000000000..1ded0041d41 --- /dev/null +++ b/objects/vulnerability/vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7709524-0d36-40e6-a2f8-27849b5908ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12ff199a-6f0b-4ec4-aef8-4da6a115ed5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.549559Z", + "modified": "2024-12-07T00:22:22.549559Z", + "name": "CVE-2024-44856", + "description": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93.json b/objects/vulnerability/vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93.json new file mode 100644 index 00000000000..39c1569937d --- /dev/null +++ b/objects/vulnerability/vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a59d5939-b689-46c4-9b7e-e6f9009424fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15ae8729-31db-4b05-84d6-196ccba36b93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.434963Z", + "modified": "2024-12-07T00:22:22.434963Z", + "name": "CVE-2024-11352", + "description": "The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11352" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc.json b/objects/vulnerability/vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc.json new file mode 100644 index 00000000000..a122a39e44a --- /dev/null +++ b/objects/vulnerability/vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e462baa8-30b5-4db4-9e43-7069d34b3232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ae695b2-102a-4243-bf08-831f3b61f5dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.725304Z", + "modified": "2024-12-07T00:22:22.725304Z", + "name": "CVE-2024-53801", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e910860-fd3c-4907-955c-e6600376a968.json b/objects/vulnerability/vulnerability--1e910860-fd3c-4907-955c-e6600376a968.json new file mode 100644 index 00000000000..0acea3cf9b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e910860-fd3c-4907-955c-e6600376a968.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8153ab40-c230-4d4f-9a8d-4798bd8859df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e910860-fd3c-4907-955c-e6600376a968", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.782946Z", + "modified": "2024-12-07T00:22:21.782946Z", + "name": "CVE-2024-52558", + "description": "The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3.json b/objects/vulnerability/vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3.json new file mode 100644 index 00000000000..3f14a15d38f --- /dev/null +++ b/objects/vulnerability/vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83be4a96-edcd-47c1-b979-9b9003154de5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f0a6a0d-4bfd-4817-99ec-47fc5ca6c0a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.917336Z", + "modified": "2024-12-07T00:22:21.917336Z", + "name": "CVE-2024-12155", + "description": "The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12155" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da.json b/objects/vulnerability/vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da.json new file mode 100644 index 00000000000..e04fcf2096a --- /dev/null +++ b/objects/vulnerability/vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4ae0160-d3fa-4452-aefb-db9a280f15cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20ea316b-7c5e-4d82-8271-18148b3676da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.348503Z", + "modified": "2024-12-07T00:22:22.348503Z", + "name": "CVE-2024-7874", + "description": "Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints \"/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx\" \nand \"/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx\"\nThis allows for injection of a malicious JavaScript code, leading to a possible information leak. \nExploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7874" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21bacda5-a534-494a-ad20-8e26d1985446.json b/objects/vulnerability/vulnerability--21bacda5-a534-494a-ad20-8e26d1985446.json new file mode 100644 index 00000000000..d3c17be3c0e --- /dev/null +++ b/objects/vulnerability/vulnerability--21bacda5-a534-494a-ad20-8e26d1985446.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c471535-69de-4a6a-ae8f-427feabad59c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21bacda5-a534-494a-ad20-8e26d1985446", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.746269Z", + "modified": "2024-12-07T00:22:22.746269Z", + "name": "CVE-2024-53825", + "description": "Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53825" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f.json b/objects/vulnerability/vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f.json new file mode 100644 index 00000000000..b6f1b94e261 --- /dev/null +++ b/objects/vulnerability/vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--654d0aa7-f556-47b0-8ffe-02057c9a3f6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22186c95-21d0-4dc7-8a55-942851c6535f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.212826Z", + "modified": "2024-12-07T00:22:22.212826Z", + "name": "CVE-2024-50387", + "description": "A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nSMB Service 4.15.002 and later\nSMB Service h4.15.002 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23a18630-8c41-4430-ad0e-2974251016f4.json b/objects/vulnerability/vulnerability--23a18630-8c41-4430-ad0e-2974251016f4.json new file mode 100644 index 00000000000..1ee36210559 --- /dev/null +++ b/objects/vulnerability/vulnerability--23a18630-8c41-4430-ad0e-2974251016f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b185c767-cf7a-40a9-aa63-fea577a2c772", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23a18630-8c41-4430-ad0e-2974251016f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.487209Z", + "modified": "2024-12-07T00:22:23.487209Z", + "name": "CVE-2024-54750", + "description": "Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457.json b/objects/vulnerability/vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457.json new file mode 100644 index 00000000000..c2f31ca4109 --- /dev/null +++ b/objects/vulnerability/vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--255dfec1-3c9f-4021-8426-715b394a7b6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--256f2cb6-f88b-46b5-b4ad-7853ce066457", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.909031Z", + "modified": "2024-12-07T00:22:21.909031Z", + "name": "CVE-2024-12254", + "description": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12254" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a.json b/objects/vulnerability/vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a.json new file mode 100644 index 00000000000..543d7da4aa4 --- /dev/null +++ b/objects/vulnerability/vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--17eede22-60ef-472c-9c54-103cfd7fc3f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--264df4c1-b437-43eb-9ab1-a4ef34c5bc6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.00651Z", + "modified": "2024-12-07T00:22:22.00651Z", + "name": "CVE-2024-9866", + "description": "The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9866" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72.json b/objects/vulnerability/vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72.json new file mode 100644 index 00000000000..bb8c60463dc --- /dev/null +++ b/objects/vulnerability/vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0ece890-c1d3-4b62-822d-02dfd2630cd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--278cc9a3-78e7-4afd-b966-ca698089da72", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.951217Z", + "modified": "2024-12-07T00:22:21.951217Z", + "name": "CVE-2024-10551", + "description": "The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10551" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd.json b/objects/vulnerability/vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd.json new file mode 100644 index 00000000000..2f2363aecab --- /dev/null +++ b/objects/vulnerability/vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68e5e7a2-0ead-4273-93cb-bc0373ae38b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27d45bdb-ead9-43eb-9529-5daf626b85bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.076898Z", + "modified": "2024-12-07T00:22:23.076898Z", + "name": "CVE-2024-41649", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29201a51-f74d-420b-ba46-8a16767770b4.json b/objects/vulnerability/vulnerability--29201a51-f74d-420b-ba46-8a16767770b4.json new file mode 100644 index 00000000000..d2b76ebe222 --- /dev/null +++ b/objects/vulnerability/vulnerability--29201a51-f74d-420b-ba46-8a16767770b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0931d587-4aed-4344-a699-7b62f9fde5a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29201a51-f74d-420b-ba46-8a16767770b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.893309Z", + "modified": "2024-12-07T00:22:22.893309Z", + "name": "CVE-2024-38925", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29906dfd-e253-4419-b936-8c11bff1b254.json b/objects/vulnerability/vulnerability--29906dfd-e253-4419-b936-8c11bff1b254.json new file mode 100644 index 00000000000..3ae85221d25 --- /dev/null +++ b/objects/vulnerability/vulnerability--29906dfd-e253-4419-b936-8c11bff1b254.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79bc0509-8935-4e25-a16d-4706cc43892b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29906dfd-e253-4419-b936-8c11bff1b254", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.171566Z", + "modified": "2024-12-07T00:22:22.171566Z", + "name": "CVE-2024-50389", + "description": "A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97.json b/objects/vulnerability/vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97.json new file mode 100644 index 00000000000..04a846cba0d --- /dev/null +++ b/objects/vulnerability/vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf3ba9b1-03fd-4897-bd75-b62b1f6e7992", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b6a6f4a-6f64-4d5d-ac8b-da95ca592f97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.593315Z", + "modified": "2024-12-07T00:22:21.593315Z", + "name": "CVE-2024-51727", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51727" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb.json b/objects/vulnerability/vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb.json new file mode 100644 index 00000000000..90251d09852 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b0210bd-51e4-4306-b1bb-5012717d0de8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c7b4d2e-991f-4c97-b8ee-f2d55d2596eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.734Z", + "modified": "2024-12-07T00:22:22.734Z", + "name": "CVE-2024-53807", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53807" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c.json b/objects/vulnerability/vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c.json new file mode 100644 index 00000000000..0ab38b68bb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9edbeec-32d4-4b50-8843-a5b79aa364cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--318b4d65-893c-43ae-9421-516aeebebb2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.097641Z", + "modified": "2024-12-07T00:22:23.097641Z", + "name": "CVE-2024-41646", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d.json b/objects/vulnerability/vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d.json new file mode 100644 index 00000000000..c0db9396b3e --- /dev/null +++ b/objects/vulnerability/vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76b82d84-f2e1-465c-83cd-83753ac031af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--318bc8a5-995c-4d83-a053-15e08a130a9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.653831Z", + "modified": "2024-12-07T00:22:21.653831Z", + "name": "CVE-2024-48871", + "description": "The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48871" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c.json b/objects/vulnerability/vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c.json new file mode 100644 index 00000000000..c3723ea9806 --- /dev/null +++ b/objects/vulnerability/vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a73bbd0e-7d01-4cfa-baea-5bb13d9d3dc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31e64ca9-87f7-4512-8e38-a4096a409b2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.880176Z", + "modified": "2024-12-07T00:22:22.880176Z", + "name": "CVE-2024-38924", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38924" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c.json b/objects/vulnerability/vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c.json new file mode 100644 index 00000000000..bf18d9cacc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32136e5b-4a7a-4ea8-8574-d62123127402", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--358cdcba-6c40-4bb7-b8d6-4dc392eaf36c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.463086Z", + "modified": "2024-12-07T00:22:22.463086Z", + "name": "CVE-2024-11738", + "description": "A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11738" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0.json b/objects/vulnerability/vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0.json new file mode 100644 index 00000000000..311c0f72584 --- /dev/null +++ b/objects/vulnerability/vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cdc1e18-e022-4ee7-92d3-f9e0cbf77ff2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3703e06c-96c5-4655-be5d-6d431d3432a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.11423Z", + "modified": "2024-12-07T00:22:23.11423Z", + "name": "CVE-2024-41650", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201.json b/objects/vulnerability/vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201.json new file mode 100644 index 00000000000..36f141e41d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca418b0b-65ee-4b8c-afab-c7142d265464", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--379b09f9-2ae0-43e4-9804-f039e062c201", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.452082Z", + "modified": "2024-12-07T00:22:22.452082Z", + "name": "CVE-2024-11022", + "description": "The authentication process to the web server uses a challenge response procedure which\ninludes the nonce and additional information. This challenge can be used several times for login and is\ntherefore vulnerable for a replay attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11022" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0.json b/objects/vulnerability/vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0.json new file mode 100644 index 00000000000..859cc28677b --- /dev/null +++ b/objects/vulnerability/vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--240092dd-4b12-40b3-bb3a-4f5868519819", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37b1b76f-a417-4bb2-b77b-a07612f653b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.494896Z", + "modified": "2024-12-07T00:22:23.494896Z", + "name": "CVE-2024-54137", + "description": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd.json b/objects/vulnerability/vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd.json new file mode 100644 index 00000000000..da32f2c2cea --- /dev/null +++ b/objects/vulnerability/vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8c06927-5057-4f37-a4f3-210d99a251ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c57e4b2-c0b4-4656-881d-bb10c24ea8cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.958862Z", + "modified": "2024-12-07T00:22:23.958862Z", + "name": "CVE-2024-0139", + "description": "NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c.json b/objects/vulnerability/vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c.json new file mode 100644 index 00000000000..2f57dabefe9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--072dbb65-0400-4624-90fe-8abe7ae36559", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d3fe1ff-1649-41a7-95ff-168312fdad7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.716514Z", + "modified": "2024-12-07T00:22:22.716514Z", + "name": "CVE-2024-53908", + "description": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53908" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7.json b/objects/vulnerability/vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7.json new file mode 100644 index 00000000000..38149bcf693 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3676f89e-805a-4089-8eab-e5e75a2466df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d57875b-9981-4aca-a442-0cf8643c29e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.448415Z", + "modified": "2024-12-07T00:22:22.448415Z", + "name": "CVE-2024-11460", + "description": "The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11460" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0.json b/objects/vulnerability/vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0.json new file mode 100644 index 00000000000..eb6caa9b6f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b50259ba-5bb4-431e-9883-82e00537701e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--401d58d0-b98d-4b73-8bd8-9f7478e186b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.728991Z", + "modified": "2024-12-07T00:22:22.728991Z", + "name": "CVE-2024-53813", + "description": "Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53813" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3.json b/objects/vulnerability/vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3.json new file mode 100644 index 00000000000..68966b100bb --- /dev/null +++ b/objects/vulnerability/vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b7525ef-deb3-4576-b798-8d8a8ad32289", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41f8962f-3e29-4bd3-8444-e2238293e5f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.86119Z", + "modified": "2024-12-07T00:22:22.86119Z", + "name": "CVE-2024-38926", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38926" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f.json b/objects/vulnerability/vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f.json new file mode 100644 index 00000000000..d33d7dc96bd --- /dev/null +++ b/objects/vulnerability/vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a38f4de9-6fa6-4fce-a911-31b880e23b3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--438c7f65-4b41-4127-8717-0451d85ae22f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.470228Z", + "modified": "2024-12-07T00:22:22.470228Z", + "name": "CVE-2024-11336", + "description": "The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46785564-103e-412a-afa3-91c28d568e84.json b/objects/vulnerability/vulnerability--46785564-103e-412a-afa3-91c28d568e84.json new file mode 100644 index 00000000000..db282635899 --- /dev/null +++ b/objects/vulnerability/vulnerability--46785564-103e-412a-afa3-91c28d568e84.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b68e16d9-5955-4e7e-bf8a-539720b77a29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46785564-103e-412a-afa3-91c28d568e84", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.735001Z", + "modified": "2024-12-07T00:22:22.735001Z", + "name": "CVE-2024-53815", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53815" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47149492-327a-4e68-b44f-6db4f8679535.json b/objects/vulnerability/vulnerability--47149492-327a-4e68-b44f-6db4f8679535.json new file mode 100644 index 00000000000..9383740e441 --- /dev/null +++ b/objects/vulnerability/vulnerability--47149492-327a-4e68-b44f-6db4f8679535.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--643baeee-8b5b-4945-ac26-5a59bfdbf39d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47149492-327a-4e68-b44f-6db4f8679535", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.50666Z", + "modified": "2024-12-07T00:22:23.50666Z", + "name": "CVE-2024-54206", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723.json b/objects/vulnerability/vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723.json new file mode 100644 index 00000000000..290e5ecf7e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2ad6877-343c-453a-a379-dad3d9669e80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--491755c6-6b93-4f0c-ac36-cd08c56f5723", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.467331Z", + "modified": "2024-12-07T00:22:22.467331Z", + "name": "CVE-2024-11379", + "description": "The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11379" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1.json b/objects/vulnerability/vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1.json new file mode 100644 index 00000000000..570f84ff239 --- /dev/null +++ b/objects/vulnerability/vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--616a6721-2fb4-4a43-9ded-26cbdf0b7e5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4983b77d-343e-46f1-8728-8f124486a1f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.876487Z", + "modified": "2024-12-07T00:22:22.876487Z", + "name": "CVE-2024-38922", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38922" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe.json b/objects/vulnerability/vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe.json new file mode 100644 index 00000000000..e524a07a88c --- /dev/null +++ b/objects/vulnerability/vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9bcd2eb-e858-4e22-bbfe-9ea9458c0e5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49b5214d-8689-4d51-942a-5931df74e3fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.69644Z", + "modified": "2024-12-07T00:22:21.69644Z", + "name": "CVE-2024-48866", + "description": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48866" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0.json b/objects/vulnerability/vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0.json new file mode 100644 index 00000000000..973917f7938 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76879aa7-c002-47c6-b502-bbc1b6d67b01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a3fdc76-1640-43e3-91f1-f62a3a28dbb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.446679Z", + "modified": "2024-12-07T00:22:23.446679Z", + "name": "CVE-2024-54747", + "description": "WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a.json b/objects/vulnerability/vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a.json new file mode 100644 index 00000000000..182dad96574 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--286eb77b-80aa-4f4d-b1c5-53db939a4a54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c17ec05-739e-4b73-b9b5-dc27f6af6a3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.903953Z", + "modified": "2024-12-07T00:22:22.903953Z", + "name": "CVE-2024-38923", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38923" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2.json b/objects/vulnerability/vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2.json new file mode 100644 index 00000000000..6404fcfc156 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--711215d6-74d5-4ab2-b6a1-566b927dcd42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d9bc1cf-45b4-436a-8696-d74b2cbaf6f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.9196Z", + "modified": "2024-12-07T00:22:21.9196Z", + "name": "CVE-2024-12060", + "description": "The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190.json b/objects/vulnerability/vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190.json new file mode 100644 index 00000000000..9fe59e9e527 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43ecc7d5-add7-4c56-8a9a-7f0d83e99d65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e1cb2bb-50a6-4f11-8a63-b6358747f190", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.445544Z", + "modified": "2024-12-07T00:22:22.445544Z", + "name": "CVE-2024-11220", + "description": "A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1.json b/objects/vulnerability/vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1.json new file mode 100644 index 00000000000..02986780bd2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c05011c4-dec7-4aea-8aec-ba8b6c5fbcba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fc2a13c-27b1-4af5-bf29-81b99b8c4de1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.931813Z", + "modified": "2024-12-07T00:22:21.931813Z", + "name": "CVE-2024-10849", + "description": "The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78.json b/objects/vulnerability/vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78.json new file mode 100644 index 00000000000..284cfa53931 --- /dev/null +++ b/objects/vulnerability/vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96745a0f-16dd-4f14-a744-60edb47a6e77", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5075a25a-22ef-407b-b9c5-cde50f6daf78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.963659Z", + "modified": "2024-12-07T00:22:21.963659Z", + "name": "CVE-2024-10320", + "description": "The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d.json b/objects/vulnerability/vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d.json new file mode 100644 index 00000000000..307c71ccc10 --- /dev/null +++ b/objects/vulnerability/vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcd66af8-4d48-4bf4-9d50-f51fc139d30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50ad54fe-dd83-4285-8cb4-3da86022553d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.182638Z", + "modified": "2024-12-07T00:22:22.182638Z", + "name": "CVE-2024-50677", + "description": "A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd.json b/objects/vulnerability/vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd.json new file mode 100644 index 00000000000..5b9b18c8e6f --- /dev/null +++ b/objects/vulnerability/vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c8204db-2627-4135-8f25-436a849bbd83", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50d5de35-4e35-4e42-b9b3-e6b0496276fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.580902Z", + "modified": "2024-12-07T00:22:22.580902Z", + "name": "CVE-2024-44854", + "description": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44854" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51342d5c-a474-4527-931a-a0752b0f5358.json b/objects/vulnerability/vulnerability--51342d5c-a474-4527-931a-a0752b0f5358.json new file mode 100644 index 00000000000..8dee2831cf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--51342d5c-a474-4527-931a-a0752b0f5358.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01be965d-cd62-4304-86ba-3cd3e06211c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51342d5c-a474-4527-931a-a0752b0f5358", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.492453Z", + "modified": "2024-12-07T00:22:23.492453Z", + "name": "CVE-2024-54216", + "description": "Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4.json b/objects/vulnerability/vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4.json new file mode 100644 index 00000000000..b8d97c24c76 --- /dev/null +++ b/objects/vulnerability/vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24ab540c-a857-4a47-be64-c99121b2d487", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51b7f524-cb67-450d-aeb9-0becbf44c7d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.201915Z", + "modified": "2024-12-07T00:22:22.201915Z", + "name": "CVE-2024-50393", + "description": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca.json b/objects/vulnerability/vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca.json new file mode 100644 index 00000000000..41e4415c79d --- /dev/null +++ b/objects/vulnerability/vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35dd85b5-6271-47ca-8feb-1397328c1a42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53fd424c-cf8f-47b0-b9aa-7903abd06bca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.551598Z", + "modified": "2024-12-07T00:22:22.551598Z", + "name": "CVE-2024-44852", + "description": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58764a45-d4ab-4321-a392-8b68df360240.json b/objects/vulnerability/vulnerability--58764a45-d4ab-4321-a392-8b68df360240.json new file mode 100644 index 00000000000..3b3dc684c62 --- /dev/null +++ b/objects/vulnerability/vulnerability--58764a45-d4ab-4321-a392-8b68df360240.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9c1768d-3cec-44ba-8ff8-606bbb1899a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58764a45-d4ab-4321-a392-8b68df360240", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.418728Z", + "modified": "2024-12-07T00:22:22.418728Z", + "name": "CVE-2024-11323", + "description": "The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2.json b/objects/vulnerability/vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2.json new file mode 100644 index 00000000000..89db1f18c5f --- /dev/null +++ b/objects/vulnerability/vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad362eb1-57a3-44f8-95d9-ef61608890d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b8fe7ea-67ca-458b-a0b7-d2d0fd858bc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.120657Z", + "modified": "2024-12-07T00:22:22.120657Z", + "name": "CVE-2024-47547", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33.json b/objects/vulnerability/vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33.json new file mode 100644 index 00000000000..34e00a1b345 --- /dev/null +++ b/objects/vulnerability/vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24e06df7-5286-4264-b781-be5b7b00b890", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5da427c0-baa6-4a10-8b25-34eb2d9e5f33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.726908Z", + "modified": "2024-12-07T00:22:22.726908Z", + "name": "CVE-2024-53817", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53817" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f.json b/objects/vulnerability/vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f.json new file mode 100644 index 00000000000..b6b98f1a7b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69b19d94-cfe4-46ba-9ccb-5db17757f1a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f9d32b8-d364-4b04-b6b0-8014b722212f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.484368Z", + "modified": "2024-12-07T00:22:23.484368Z", + "name": "CVE-2024-54208", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6.json b/objects/vulnerability/vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6.json new file mode 100644 index 00000000000..f1e7577169e --- /dev/null +++ b/objects/vulnerability/vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37851d49-3e12-4679-8de3-7a1005168ec2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60f19f64-ecf5-4f84-9113-605f38f74ab6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.661458Z", + "modified": "2024-12-07T00:22:21.661458Z", + "name": "CVE-2024-48863", + "description": "A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.43 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48863" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c.json b/objects/vulnerability/vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c.json new file mode 100644 index 00000000000..ccf05452d5e --- /dev/null +++ b/objects/vulnerability/vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85de132f-602c-40ee-8c00-3e30db01947a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60f8844e-0b19-4921-af80-e0a647cd617c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.853876Z", + "modified": "2024-12-07T00:22:21.853876Z", + "name": "CVE-2024-45722", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45722" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e.json b/objects/vulnerability/vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e.json new file mode 100644 index 00000000000..bcfc219744b --- /dev/null +++ b/objects/vulnerability/vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04d8bf56-3186-4666-89ee-66fb73a648bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6152507c-8cfa-42ac-8049-994cb1b1168e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.440614Z", + "modified": "2024-12-07T00:22:22.440614Z", + "name": "CVE-2024-11292", + "description": "The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf.json b/objects/vulnerability/vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf.json new file mode 100644 index 00000000000..8726f76c1fa --- /dev/null +++ b/objects/vulnerability/vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--105f7077-70ef-4d9c-b352-a453f9de3844", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61c9cf7a-27c7-4e2f-80b7-c326ccbee7bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.587622Z", + "modified": "2024-12-07T00:22:23.587622Z", + "name": "CVE-2024-49041", + "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49041" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5.json b/objects/vulnerability/vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5.json new file mode 100644 index 00000000000..02ad710611c --- /dev/null +++ b/objects/vulnerability/vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ad6fc37-bd76-495a-bb27-792d5574d337", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66a0ce67-a5bb-413b-859b-d9a6f41f11a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.464103Z", + "modified": "2024-12-07T00:22:22.464103Z", + "name": "CVE-2024-11730", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11730" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e.json b/objects/vulnerability/vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e.json new file mode 100644 index 00000000000..8dac1348a9e --- /dev/null +++ b/objects/vulnerability/vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ad6366b-e176-46e1-be7f-d47d4c4ff7c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67661011-fb75-4e3a-adeb-582f32817f7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.833243Z", + "modified": "2024-12-07T00:22:21.833243Z", + "name": "CVE-2024-52324", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52324" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141.json b/objects/vulnerability/vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141.json new file mode 100644 index 00000000000..6d604ca67fb --- /dev/null +++ b/objects/vulnerability/vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--509c8576-d10c-4f5a-9cea-6db878e92b4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c94d0e9-36ac-4708-aee4-1dd1be074141", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.455183Z", + "modified": "2024-12-07T00:22:22.455183Z", + "name": "CVE-2024-11149", + "description": "In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11149" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7.json b/objects/vulnerability/vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7.json new file mode 100644 index 00000000000..701ba528549 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--788cefc1-283a-4cfb-8e66-0085a4b68f12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d093141-0a15-4847-a335-b1fd5707b3d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.160349Z", + "modified": "2024-12-07T00:22:23.160349Z", + "name": "CVE-2024-21571", + "description": "Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1.json b/objects/vulnerability/vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1.json new file mode 100644 index 00000000000..b2d1b3bb9d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfe4952b-6a10-404e-ac55-11fc0f0008cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d4bd18a-9e57-4353-a493-02335422f1f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.73508Z", + "modified": "2024-12-07T00:22:21.73508Z", + "name": "CVE-2024-30129", + "description": "The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-30129" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c.json b/objects/vulnerability/vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c.json new file mode 100644 index 00000000000..1b56492e424 --- /dev/null +++ b/objects/vulnerability/vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d24de088-a2a4-41e8-9ef3-133983c1ce7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70583a10-384f-4853-9607-7a4d76bb6e8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.430856Z", + "modified": "2024-12-07T00:22:22.430856Z", + "name": "CVE-2024-11321", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0.json b/objects/vulnerability/vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0.json new file mode 100644 index 00000000000..efdff5fc9e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0994697-7db9-476b-a3de-3195920f6308", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70622595-89c3-4bd9-aff3-38209c7dddc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.752431Z", + "modified": "2024-12-07T00:22:22.752431Z", + "name": "CVE-2024-53796", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c.json b/objects/vulnerability/vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c.json new file mode 100644 index 00000000000..7b369d62309 --- /dev/null +++ b/objects/vulnerability/vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54d7ec28-c101-400a-8e30-0c0f62c743c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70a79d6d-b0f1-42a0-8aa1-efaf12eab21c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.627952Z", + "modified": "2024-12-07T00:22:21.627952Z", + "name": "CVE-2024-51615", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238.json b/objects/vulnerability/vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238.json new file mode 100644 index 00000000000..a932b234bd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--242ccd9c-3ec7-4cfd-a225-e8578d543ea5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71b0d7b6-e5b2-46af-9351-32d3a37ee238", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.424076Z", + "modified": "2024-12-07T00:22:22.424076Z", + "name": "CVE-2024-11289", + "description": "The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11289" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1.json b/objects/vulnerability/vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1.json new file mode 100644 index 00000000000..d5af87e5532 --- /dev/null +++ b/objects/vulnerability/vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e799842-a564-44d2-98e4-62ade7ba455b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73b4f6f6-67a9-4f2d-bc72-8d0899d507e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.194385Z", + "modified": "2024-12-07T00:22:22.194385Z", + "name": "CVE-2024-50388", + "description": "An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.1.673 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50388" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b.json b/objects/vulnerability/vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b.json new file mode 100644 index 00000000000..cb377102dc8 --- /dev/null +++ b/objects/vulnerability/vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05e34869-f080-435c-823d-52688ee64faa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--782796be-c5db-43e7-ad25-382a1f649c4b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.454074Z", + "modified": "2024-12-07T00:22:22.454074Z", + "name": "CVE-2024-11444", + "description": "The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11444" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8.json b/objects/vulnerability/vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8.json new file mode 100644 index 00000000000..991c143c4d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22d81fa0-bd48-41ba-b5d1-541e43d814a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--788f4785-b8f3-4094-86a7-66b8528196c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.928131Z", + "modified": "2024-12-07T00:22:21.928131Z", + "name": "CVE-2024-10692", + "description": "The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10692" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff.json b/objects/vulnerability/vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff.json new file mode 100644 index 00000000000..de242b1e39d --- /dev/null +++ b/objects/vulnerability/vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c42b16e-a8f4-4bd6-916b-bb8f1368f08b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78bdb87d-f712-4166-a04e-19f48371aaff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.831741Z", + "modified": "2024-12-07T00:22:21.831741Z", + "name": "CVE-2024-52335", + "description": "A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07.json b/objects/vulnerability/vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07.json new file mode 100644 index 00000000000..442d275ae8c --- /dev/null +++ b/objects/vulnerability/vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4846c280-859f-4ec9-a322-6eb0a94e2e04", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78d4c926-486d-4028-88b8-aa5dea26cb07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.433565Z", + "modified": "2024-12-07T00:22:22.433565Z", + "name": "CVE-2024-11450", + "description": "The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c.json b/objects/vulnerability/vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c.json new file mode 100644 index 00000000000..19da068545d --- /dev/null +++ b/objects/vulnerability/vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22e90ae3-9b58-431e-8ae0-113d44104ff0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78f8f4fe-7b58-4b2a-984f-488bf45dbc1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.923641Z", + "modified": "2024-12-07T00:22:21.923641Z", + "name": "CVE-2024-10578", + "description": "The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10578" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3.json b/objects/vulnerability/vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3.json new file mode 100644 index 00000000000..ee7d83dec0b --- /dev/null +++ b/objects/vulnerability/vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2abac2b2-2f50-4b89-9c03-301609176ce5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--793bf1e8-7953-4089-af9e-6bd7cc6538f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.413543Z", + "modified": "2024-12-07T00:22:22.413543Z", + "name": "CVE-2024-11729", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650.json b/objects/vulnerability/vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650.json new file mode 100644 index 00000000000..8ee62017893 --- /dev/null +++ b/objects/vulnerability/vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bccdfd8a-117b-475b-adcc-f9cef33db9ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--795d2e26-0fe2-4c13-8d8b-b925dbe31650", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.456141Z", + "modified": "2024-12-07T00:22:22.456141Z", + "name": "CVE-2024-11276", + "description": "The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a.json b/objects/vulnerability/vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a.json new file mode 100644 index 00000000000..af8690fc9e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d92268a-8184-4d71-b87e-e2b24c834ecf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7fe4bd1d-e4a9-46ac-9ba9-343ef72a872a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.04951Z", + "modified": "2024-12-07T00:22:22.04951Z", + "name": "CVE-2024-9769", + "description": "The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9769" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406.json b/objects/vulnerability/vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406.json new file mode 100644 index 00000000000..fc4b4a0aa9c --- /dev/null +++ b/objects/vulnerability/vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac05f800-990f-430c-a9ca-a7619e8503e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80402464-aa85-4fa4-9502-e8c40f7ff406", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.42007Z", + "modified": "2024-12-07T00:22:22.42007Z", + "name": "CVE-2024-11687", + "description": "The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1.json b/objects/vulnerability/vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1.json new file mode 100644 index 00000000000..16253271b67 --- /dev/null +++ b/objects/vulnerability/vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2686e92a-02dc-4442-8bb5-b91a1a1e15c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82e3e693-e09a-4b2d-ac32-4117174d0fc1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.727845Z", + "modified": "2024-12-07T00:22:22.727845Z", + "name": "CVE-2024-53805", + "description": "Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53805" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2.json b/objects/vulnerability/vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2.json new file mode 100644 index 00000000000..ff4df741e94 --- /dev/null +++ b/objects/vulnerability/vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8eed14b3-beb4-43a4-9670-8521e4e09911", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83618e7a-334c-4489-96b3-8677b8acabc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.74875Z", + "modified": "2024-12-07T00:22:22.74875Z", + "name": "CVE-2024-53799", + "description": "Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa.json b/objects/vulnerability/vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa.json new file mode 100644 index 00000000000..66686ff0ead --- /dev/null +++ b/objects/vulnerability/vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f09938c-d76e-4a1f-a57f-e52f8befac0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--876e0ef1-b950-41b5-91fb-824def78b7aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.665371Z", + "modified": "2024-12-07T00:22:21.665371Z", + "name": "CVE-2024-48703", + "description": "PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48703" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5.json b/objects/vulnerability/vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5.json new file mode 100644 index 00000000000..423d2fa850d --- /dev/null +++ b/objects/vulnerability/vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b03a641-c715-4bac-a45d-9107475811e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8779ed84-954f-4599-bf0a-8ee6e6d860b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.478934Z", + "modified": "2024-12-07T00:22:22.478934Z", + "name": "CVE-2024-11368", + "description": "The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d.json b/objects/vulnerability/vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d.json new file mode 100644 index 00000000000..1f713a2ecaa --- /dev/null +++ b/objects/vulnerability/vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--352030e3-db46-4cc5-b3c7-915541a58b1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8904ed43-9c7f-485e-ba75-33a5ce054d9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.929422Z", + "modified": "2024-12-07T00:22:21.929422Z", + "name": "CVE-2024-10689", + "description": "The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67.json b/objects/vulnerability/vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67.json new file mode 100644 index 00000000000..f5ffce39bfb --- /dev/null +++ b/objects/vulnerability/vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc2cebdc-0a99-4a41-aaca-d605768515e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dc4282f-af7d-4bcf-afe5-7d83d81b2f67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.154185Z", + "modified": "2024-12-07T00:22:22.154185Z", + "name": "CVE-2024-47146", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7.json b/objects/vulnerability/vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7.json new file mode 100644 index 00000000000..50ed0dcff7a --- /dev/null +++ b/objects/vulnerability/vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6696171b-6c3c-4c31-8b5c-cd249223c7a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e93d424-ddb4-4bc7-b3dd-e154ee2162d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.911055Z", + "modified": "2024-12-07T00:22:21.911055Z", + "name": "CVE-2024-12003", + "description": "The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef.json b/objects/vulnerability/vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef.json new file mode 100644 index 00000000000..9a591e3c6e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--170e8dca-afd1-4915-afcc-86fb0b997314", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ea3bc91-53ce-4f96-bd16-6c93076131ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.092841Z", + "modified": "2024-12-07T00:22:23.092841Z", + "name": "CVE-2024-41647", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91a638ae-92ab-4915-866c-3306def20898.json b/objects/vulnerability/vulnerability--91a638ae-92ab-4915-866c-3306def20898.json new file mode 100644 index 00000000000..90c6dd05fd7 --- /dev/null +++ b/objects/vulnerability/vulnerability--91a638ae-92ab-4915-866c-3306def20898.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25722372-ed8d-4935-9902-b44b92d7e193", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91a638ae-92ab-4915-866c-3306def20898", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.617567Z", + "modified": "2024-12-07T00:22:21.617567Z", + "name": "CVE-2024-51815", + "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51815" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c.json b/objects/vulnerability/vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c.json new file mode 100644 index 00000000000..46a3577a184 --- /dev/null +++ b/objects/vulnerability/vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a75765b7-bd4e-4bcc-b431-fbaab8b99328", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93f3723d-1734-4188-a5e6-187cff354b4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.461882Z", + "modified": "2024-12-07T00:22:23.461882Z", + "name": "CVE-2024-54210", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10.json b/objects/vulnerability/vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10.json new file mode 100644 index 00000000000..6ef6ffb4c41 --- /dev/null +++ b/objects/vulnerability/vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83c521de-3e88-4ce1-8264-fd29ac127769", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94b0b792-be99-48eb-848b-fc8d53f65e10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.811213Z", + "modified": "2024-12-07T00:22:21.811213Z", + "name": "CVE-2024-52320", + "description": "The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a.json b/objects/vulnerability/vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a.json new file mode 100644 index 00000000000..2073acaafda --- /dev/null +++ b/objects/vulnerability/vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f842ef53-861c-40e8-b67b-eb410d681f4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94e438e3-9b39-4d63-9045-b6b7c49cdd4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.772838Z", + "modified": "2024-12-07T00:22:22.772838Z", + "name": "CVE-2024-53811", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53811" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731.json b/objects/vulnerability/vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731.json new file mode 100644 index 00000000000..253442ec29d --- /dev/null +++ b/objects/vulnerability/vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f6a2f40-9505-490c-90ed-10f8b9fce17e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--961cbf2b-102a-42d8-a58f-44b110d64731", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.978098Z", + "modified": "2024-12-07T00:22:21.978098Z", + "name": "CVE-2024-10774", + "description": "Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a.json b/objects/vulnerability/vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a.json new file mode 100644 index 00000000000..ee32498fe11 --- /dev/null +++ b/objects/vulnerability/vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29f1ee15-ea57-4899-b36a-c12adff5dc92", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9695f7f0-0f7c-44b1-9165-cc9e99ba8d2a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.71357Z", + "modified": "2024-12-07T00:22:22.71357Z", + "name": "CVE-2024-53803", + "description": "Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9.json b/objects/vulnerability/vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9.json new file mode 100644 index 00000000000..89d854e061f --- /dev/null +++ b/objects/vulnerability/vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3547aa14-ff15-4e1b-be55-604548327565", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97e4a9b3-7928-4f88-9983-8d0bfae470d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.848172Z", + "modified": "2024-12-07T00:22:23.848172Z", + "name": "CVE-2024-42196", + "description": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42196" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085.json b/objects/vulnerability/vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085.json new file mode 100644 index 00000000000..d880921b46e --- /dev/null +++ b/objects/vulnerability/vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f46411ff-c435-4b45-a802-d8e197a164e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97eab1b0-ace6-43de-9dbe-fff52196d085", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.953109Z", + "modified": "2024-12-07T00:22:21.953109Z", + "name": "CVE-2024-10681", + "description": "The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98150763-f09c-4eed-85df-0772b9658442.json b/objects/vulnerability/vulnerability--98150763-f09c-4eed-85df-0772b9658442.json new file mode 100644 index 00000000000..1f109aead71 --- /dev/null +++ b/objects/vulnerability/vulnerability--98150763-f09c-4eed-85df-0772b9658442.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1ebd7de-5e82-4db7-93a0-d243c8eb907f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98150763-f09c-4eed-85df-0772b9658442", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.496451Z", + "modified": "2024-12-07T00:22:23.496451Z", + "name": "CVE-2024-54138", + "description": "NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9863932c-8f33-48d6-80df-68d27e653935.json b/objects/vulnerability/vulnerability--9863932c-8f33-48d6-80df-68d27e653935.json new file mode 100644 index 00000000000..55d11d8bebd --- /dev/null +++ b/objects/vulnerability/vulnerability--9863932c-8f33-48d6-80df-68d27e653935.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e968286-33fe-4e7c-8355-0b368acf87b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9863932c-8f33-48d6-80df-68d27e653935", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.509236Z", + "modified": "2024-12-07T00:22:23.509236Z", + "name": "CVE-2024-54143", + "description": "openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to \"poison\" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54143" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9948d7eb-1428-4048-9208-48094b71dacd.json b/objects/vulnerability/vulnerability--9948d7eb-1428-4048-9208-48094b71dacd.json new file mode 100644 index 00000000000..77593ddfce7 --- /dev/null +++ b/objects/vulnerability/vulnerability--9948d7eb-1428-4048-9208-48094b71dacd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91724ee3-f819-44fa-9cf9-e7ee2e40350b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9948d7eb-1428-4048-9208-48094b71dacd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:24.13983Z", + "modified": "2024-12-07T00:22:24.13983Z", + "name": "CVE-2024-4633", + "description": "The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609.json b/objects/vulnerability/vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609.json new file mode 100644 index 00000000000..06cddafb34d --- /dev/null +++ b/objects/vulnerability/vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67ae01a2-95aa-4500-b99b-087ce4b3926e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--996b9546-6d5d-4263-9e2c-2b110449b609", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.926571Z", + "modified": "2024-12-07T00:22:21.926571Z", + "name": "CVE-2024-10879", + "description": "The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032.json b/objects/vulnerability/vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032.json new file mode 100644 index 00000000000..0a0c1cbaad9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23492249-6136-46b1-bc9f-640b575d6f4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c27f911-981d-44d4-8b47-0e76cca25032", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.479884Z", + "modified": "2024-12-07T00:22:23.479884Z", + "name": "CVE-2024-54205", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242.json b/objects/vulnerability/vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242.json new file mode 100644 index 00000000000..6c1ff7c2f2f --- /dev/null +++ b/objects/vulnerability/vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dded421c-f80b-4865-a1a6-ccaffdf67476", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d66ca7f-6799-42e8-9beb-3f75ba48c242", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.007576Z", + "modified": "2024-12-07T00:22:22.007576Z", + "name": "CVE-2024-9872", + "description": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec.json b/objects/vulnerability/vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec.json new file mode 100644 index 00000000000..547cb89f954 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e85a96e5-5f49-4069-b89a-acf749c116d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e296cc4-43a3-469c-bebe-56bd2cb640ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.934755Z", + "modified": "2024-12-07T00:22:21.934755Z", + "name": "CVE-2024-10516", + "description": "The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f.json b/objects/vulnerability/vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f.json new file mode 100644 index 00000000000..7df2ebe3776 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59956f8b-1c56-4523-a6c5-b0693c4600ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0514325-35a1-4764-971c-009fd5e83d4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.949395Z", + "modified": "2024-12-07T00:22:21.949395Z", + "name": "CVE-2024-10773", + "description": "The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain\nfull access to the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10773" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443.json b/objects/vulnerability/vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443.json new file mode 100644 index 00000000000..cd26c1a13cf --- /dev/null +++ b/objects/vulnerability/vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a5f9961-9831-4a12-be2d-c87b7067c674", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1332b89-1ba4-4081-bd57-4e4de4c2f443", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.986414Z", + "modified": "2024-12-07T00:22:21.986414Z", + "name": "CVE-2024-10247", + "description": "The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10247" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197.json b/objects/vulnerability/vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197.json new file mode 100644 index 00000000000..0fc26838838 --- /dev/null +++ b/objects/vulnerability/vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--505c93ef-d2af-4e38-aad4-d68c6161d30d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a28b45ed-f5d3-4851-8da7-0c80c0fd9197", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.13855Z", + "modified": "2024-12-07T00:22:22.13855Z", + "name": "CVE-2024-47791", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce.json b/objects/vulnerability/vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce.json new file mode 100644 index 00000000000..523d7d884c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f956951-9f0f-4f32-aa7d-4b355d8a2d41", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5f83a1f-797c-4115-af3a-7ddcaf0c20ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.847344Z", + "modified": "2024-12-07T00:22:22.847344Z", + "name": "CVE-2024-38927", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38927" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7928626-243b-454b-a5d7-296a081a43dd.json b/objects/vulnerability/vulnerability--a7928626-243b-454b-a5d7-296a081a43dd.json new file mode 100644 index 00000000000..a0db66e727e --- /dev/null +++ b/objects/vulnerability/vulnerability--a7928626-243b-454b-a5d7-296a081a43dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4320726e-2466-4907-b3b0-0cecb931b7ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7928626-243b-454b-a5d7-296a081a43dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.722419Z", + "modified": "2024-12-07T00:22:22.722419Z", + "name": "CVE-2024-53691", + "description": "A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQTS 5.2.0.2802 build 20240620 and later\nQuTS hero h5.1.8.2823 build 20240712 and later\nQuTS hero h5.2.0.2802 build 20240620 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667.json b/objects/vulnerability/vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667.json new file mode 100644 index 00000000000..8f6ec74e85a --- /dev/null +++ b/objects/vulnerability/vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05381fdf-e300-4138-9599-1e995e5b7c31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a97d7b37-7be3-4cc0-ad2b-4473a9e7d667", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.706509Z", + "modified": "2024-12-07T00:22:22.706509Z", + "name": "CVE-2024-53806", + "description": "Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53806" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c.json b/objects/vulnerability/vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c.json new file mode 100644 index 00000000000..108a1cdd3b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1459d2fb-d0e8-4c39-95d2-44ffcee9745f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9b2f471-2340-490c-bc62-67cfb391954c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.91291Z", + "modified": "2024-12-07T00:22:21.91291Z", + "name": "CVE-2024-12326", + "description": "Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9.json b/objects/vulnerability/vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9.json new file mode 100644 index 00000000000..55c800bdd6e --- /dev/null +++ b/objects/vulnerability/vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ceccb20-9f96-4eca-8f77-f460eed7a7db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa297e3e-d095-4291-8f5c-cf97db550bf9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.7411Z", + "modified": "2024-12-07T00:22:22.7411Z", + "name": "CVE-2024-53812", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53812" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c.json b/objects/vulnerability/vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c.json new file mode 100644 index 00000000000..46d4b93debd --- /dev/null +++ b/objects/vulnerability/vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b22fccec-ad2b-454c-a1df-bf197de34fb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aabb2a19-c47c-40b4-a64d-fd7778f64b1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.901944Z", + "modified": "2024-12-07T00:22:21.901944Z", + "name": "CVE-2024-12028", + "description": "The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8.json b/objects/vulnerability/vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8.json new file mode 100644 index 00000000000..cd7741eb609 --- /dev/null +++ b/objects/vulnerability/vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3903a22e-42ff-45cb-b76c-e82aed74a935", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acc7ea32-8293-4415-8c0f-bb4cee4c95a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.099819Z", + "modified": "2024-12-07T00:22:23.099819Z", + "name": "CVE-2024-41645", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acddd76f-612d-417d-a447-74e7f61b62da.json b/objects/vulnerability/vulnerability--acddd76f-612d-417d-a447-74e7f61b62da.json new file mode 100644 index 00000000000..1fce1065651 --- /dev/null +++ b/objects/vulnerability/vulnerability--acddd76f-612d-417d-a447-74e7f61b62da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1a8b943-1fc2-438c-9fa2-52952fa26ffe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acddd76f-612d-417d-a447-74e7f61b62da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.7445Z", + "modified": "2024-12-07T00:22:22.7445Z", + "name": "CVE-2024-53824", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53824" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18.json b/objects/vulnerability/vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18.json new file mode 100644 index 00000000000..2a3a607eaae --- /dev/null +++ b/objects/vulnerability/vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba3c3a4c-2965-4827-b007-40d503a51ac5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae7baaab-5524-4881-ae94-abdc352b2f18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.830091Z", + "modified": "2024-12-07T00:22:23.830091Z", + "name": "CVE-2024-42494", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42494" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b.json b/objects/vulnerability/vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b.json new file mode 100644 index 00000000000..301c062ada0 --- /dev/null +++ b/objects/vulnerability/vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a702f5d-425e-4a0e-b9f9-c48b1e534abe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b33ce97f-7241-4295-9507-7ba390923e6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.121854Z", + "modified": "2024-12-07T00:22:23.121854Z", + "name": "CVE-2024-41648", + "description": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3d499b5-4b20-4414-9dba-b07592878727.json b/objects/vulnerability/vulnerability--b3d499b5-4b20-4414-9dba-b07592878727.json new file mode 100644 index 00000000000..b45dbd4f5c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3d499b5-4b20-4414-9dba-b07592878727.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--108a5b71-6848-4267-bba7-fb1e5526eefc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3d499b5-4b20-4414-9dba-b07592878727", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.47733Z", + "modified": "2024-12-07T00:22:23.47733Z", + "name": "CVE-2024-54214", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b.json b/objects/vulnerability/vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b.json new file mode 100644 index 00000000000..911d2cbe3b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--506642e6-1d3e-4370-b6c4-0c9a7cf438b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b817ce4c-400a-4cf2-b5d8-83c88551db2b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.489724Z", + "modified": "2024-12-07T00:22:23.489724Z", + "name": "CVE-2024-54745", + "description": "WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54745" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade.json b/objects/vulnerability/vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade.json new file mode 100644 index 00000000000..d0ed2e03322 --- /dev/null +++ b/objects/vulnerability/vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfbe1890-814d-4c15-bcd6-fa06b375cbc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b989f9c5-2c42-445b-9c97-9f02f0910ade", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.468507Z", + "modified": "2024-12-07T00:22:23.468507Z", + "name": "CVE-2024-54136", + "description": "ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574.json b/objects/vulnerability/vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574.json new file mode 100644 index 00000000000..1772e8f9bf7 --- /dev/null +++ b/objects/vulnerability/vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec8b7cf3-ff52-4889-80bc-7af56019e9b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bade830f-0c13-4a1a-ab97-a86fa0174574", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.989128Z", + "modified": "2024-12-07T00:22:21.989128Z", + "name": "CVE-2024-10836", + "description": "The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10836" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2.json b/objects/vulnerability/vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2.json new file mode 100644 index 00000000000..a9b00ce4f19 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41563b20-d806-4b26-8762-434391d49508", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0b0f6f8-775a-4c11-9d8d-d025b8717fd2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.471654Z", + "modified": "2024-12-07T00:22:23.471654Z", + "name": "CVE-2024-54749", + "description": "Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef.json b/objects/vulnerability/vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef.json new file mode 100644 index 00000000000..5c6a2a81ba4 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75c80d3a-f360-4250-b500-99e90183be02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1f049a5-ba2a-4a44-ba75-db5f3cf779ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.459041Z", + "modified": "2024-12-07T00:22:22.459041Z", + "name": "CVE-2024-11339", + "description": "The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's\r\n'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c.json b/objects/vulnerability/vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c.json new file mode 100644 index 00000000000..ed136a5893f --- /dev/null +++ b/objects/vulnerability/vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cef41662-1725-4d43-93ad-9a23cc92ddf4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c23a93ae-6072-4253-b468-3ad685daca8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.231405Z", + "modified": "2024-12-07T00:22:22.231405Z", + "name": "CVE-2024-50403", + "description": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50403" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7.json b/objects/vulnerability/vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7.json new file mode 100644 index 00000000000..9f601edd40a --- /dev/null +++ b/objects/vulnerability/vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01a30337-01cd-4cd7-a63f-9d4606da491c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c37ba43f-41e6-432d-9a14-81e3e43f92e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.022707Z", + "modified": "2024-12-07T00:22:22.022707Z", + "name": "CVE-2024-9705", + "description": "The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef.json b/objects/vulnerability/vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef.json new file mode 100644 index 00000000000..e7c92a06f19 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8e3d903-b366-47bc-8cdf-c068850a54e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3b260c3-9903-4301-babd-f6ed9c8d34ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.427365Z", + "modified": "2024-12-07T00:22:22.427365Z", + "name": "CVE-2024-11728", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1.json b/objects/vulnerability/vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1.json new file mode 100644 index 00000000000..ad0aba2a7c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf0c9fdb-113e-4bad-8d86-8694aac536f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c42fe83c-eab6-4f04-a4e1-596d267533a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.736064Z", + "modified": "2024-12-07T00:22:22.736064Z", + "name": "CVE-2024-53809", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53809" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9.json b/objects/vulnerability/vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9.json new file mode 100644 index 00000000000..e527a99756a --- /dev/null +++ b/objects/vulnerability/vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20ce371d-5c67-42b3-b718-c52b5607bbb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c48fbbda-5325-4947-b4e8-f94772c946b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.426279Z", + "modified": "2024-12-07T00:22:22.426279Z", + "name": "CVE-2024-11201", + "description": "The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32.json b/objects/vulnerability/vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32.json new file mode 100644 index 00000000000..86889b889cd --- /dev/null +++ b/objects/vulnerability/vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e91e8ed4-bf1f-48ba-b653-5bc491da6dff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c74589a4-776f-40b9-a542-e5e1abfa0f32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.709962Z", + "modified": "2024-12-07T00:22:22.709962Z", + "name": "CVE-2024-53804", + "description": "Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d.json b/objects/vulnerability/vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d.json new file mode 100644 index 00000000000..edbab060e7b --- /dev/null +++ b/objects/vulnerability/vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03ceceff-74fa-473f-a34f-66549efb84f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8b03aa1-0ffd-47a3-8fad-ccd440952d2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.974728Z", + "modified": "2024-12-07T00:22:21.974728Z", + "name": "CVE-2024-10909", + "description": "The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10909" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8.json b/objects/vulnerability/vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8.json new file mode 100644 index 00000000000..23b3c61d14b --- /dev/null +++ b/objects/vulnerability/vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--348d75ec-0cdd-4a5b-aac9-4ee1a6e92d36", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c94e28b5-23ad-4677-8587-7d0762ef7cb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.936399Z", + "modified": "2024-12-07T00:22:21.936399Z", + "name": "CVE-2024-10776", + "description": "Lua apps can be deployed, removed, started, reloaded or stopped without authorization via\nAppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write\nfiles or load apps that use all features of the product available to a customer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10776" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9.json b/objects/vulnerability/vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9.json new file mode 100644 index 00000000000..0a6d0878a9b --- /dev/null +++ b/objects/vulnerability/vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89a759a6-4443-4840-a6ad-76df46703185", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca1b4832-3384-458a-9274-d43e85e54fe9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.210614Z", + "modified": "2024-12-07T00:22:22.210614Z", + "name": "CVE-2024-50404", + "description": "A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.\n\nWe have already fixed the vulnerability in the following versions:\nQsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b.json b/objects/vulnerability/vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b.json new file mode 100644 index 00000000000..e257a8d154a --- /dev/null +++ b/objects/vulnerability/vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--186fb1b8-3e01-4dda-ac7a-531ea8e4c1f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cca7fe09-70e8-4d47-8b3b-c2b55090a53b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.719658Z", + "modified": "2024-12-07T00:22:22.719658Z", + "name": "CVE-2024-53821", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a through n/a.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53821" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e.json b/objects/vulnerability/vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e.json new file mode 100644 index 00000000000..4b0cd52e70c --- /dev/null +++ b/objects/vulnerability/vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3faef88b-2b0d-48af-94a6-78ee64c48aa6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0e65f38-2210-433b-9412-cb30d4fbd47e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.668701Z", + "modified": "2024-12-07T00:22:21.668701Z", + "name": "CVE-2024-48867", + "description": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48867" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc.json b/objects/vulnerability/vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc.json new file mode 100644 index 00000000000..d117279e2b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9472cd2-fb84-4632-bb67-7e1bf8e9d1dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0ed90a0-4cf2-4358-b0a6-12752848e9fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.758504Z", + "modified": "2024-12-07T00:22:22.758504Z", + "name": "CVE-2024-53795", + "description": "Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f.json b/objects/vulnerability/vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f.json new file mode 100644 index 00000000000..a141111c901 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26d7883f-960f-40a7-a958-349a35ca9f24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1c6ee30-9064-4b3b-9f48-57c20314b80f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.12824Z", + "modified": "2024-12-07T00:22:22.12824Z", + "name": "CVE-2024-47043", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47043" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a.json b/objects/vulnerability/vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a.json new file mode 100644 index 00000000000..4da5d755938 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--857f0d7d-51bd-42da-aebd-a87a42973ca6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2ec128e-a102-49dd-b56b-d9fd2f76145a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.663017Z", + "modified": "2024-12-07T00:22:21.663017Z", + "name": "CVE-2024-48865", + "description": "An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2.json b/objects/vulnerability/vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2.json new file mode 100644 index 00000000000..bc20fec1960 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c65f5b6-6bc8-497a-8c2c-348ff9271f05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3242e41-cf80-43b4-abc3-f98a29bd74b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.65089Z", + "modified": "2024-12-07T00:22:21.65089Z", + "name": "CVE-2024-48859", + "description": "An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846.json b/objects/vulnerability/vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846.json new file mode 100644 index 00000000000..a1fc2c298df --- /dev/null +++ b/objects/vulnerability/vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c10bd0c-6358-4262-93c4-bf24b1acdf47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3e1baec-3f45-4b2f-b551-81b4557b1846", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.579362Z", + "modified": "2024-12-07T00:22:22.579362Z", + "name": "CVE-2024-44855", + "description": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44855" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33.json b/objects/vulnerability/vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33.json new file mode 100644 index 00000000000..ae468586453 --- /dev/null +++ b/objects/vulnerability/vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d817229b-8b45-4ce9-891b-5d75ebac9f35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5a77cc5-62ec-448b-8f67-057f407bba33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.785698Z", + "modified": "2024-12-07T00:22:23.785698Z", + "name": "CVE-2024-46874", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46874" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba.json b/objects/vulnerability/vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba.json new file mode 100644 index 00000000000..187cd5c934b --- /dev/null +++ b/objects/vulnerability/vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6eea4a55-6b1d-4d9d-b6db-13d85695a516", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d749f666-ac4b-46e2-9528-cf0f651bf6ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.466032Z", + "modified": "2024-12-07T00:22:22.466032Z", + "name": "CVE-2024-11585", + "description": "The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37.json b/objects/vulnerability/vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37.json new file mode 100644 index 00000000000..e9740168725 --- /dev/null +++ b/objects/vulnerability/vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd4c34e1-b71a-4607-95f6-78ba3fb5a4c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da88dcfa-4fee-4bee-8ae5-415744503c37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.47396Z", + "modified": "2024-12-07T00:22:23.47396Z", + "name": "CVE-2024-54209", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54209" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b.json b/objects/vulnerability/vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b.json new file mode 100644 index 00000000000..cad63ee92eb --- /dev/null +++ b/objects/vulnerability/vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a21a7ff8-6d8d-4637-9787-b36aa29d31ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dafbe7dd-14d3-4f75-b736-8fd7530c2f3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.703819Z", + "modified": "2024-12-07T00:22:22.703819Z", + "name": "CVE-2024-53826", + "description": "Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53826" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c.json b/objects/vulnerability/vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c.json new file mode 100644 index 00000000000..d84377c4864 --- /dev/null +++ b/objects/vulnerability/vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92b348ab-1b25-466c-ba74-53e310c11a76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dbb7625c-a19e-4ca2-ab72-07df2c82480c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.947507Z", + "modified": "2024-12-07T00:22:21.947507Z", + "name": "CVE-2024-10480", + "description": "The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536.json b/objects/vulnerability/vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536.json new file mode 100644 index 00000000000..a403169ed4d --- /dev/null +++ b/objects/vulnerability/vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f23173c1-ca1d-4b23-9799-23a070847af7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ddb969c4-274f-4928-8e63-e79a0da3b536", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.19001Z", + "modified": "2024-12-07T00:22:22.19001Z", + "name": "CVE-2024-50402", + "description": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50402" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e14aba10-e208-4c32-96ef-192819501a62.json b/objects/vulnerability/vulnerability--e14aba10-e208-4c32-96ef-192819501a62.json new file mode 100644 index 00000000000..20b47216df6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e14aba10-e208-4c32-96ef-192819501a62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--748b5f9b-5bbb-4082-b815-09ccd007201c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e14aba10-e208-4c32-96ef-192819501a62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.652249Z", + "modified": "2024-12-07T00:22:21.652249Z", + "name": "CVE-2024-48868", + "description": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48868" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef.json b/objects/vulnerability/vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef.json new file mode 100644 index 00000000000..33e5a7c7b67 --- /dev/null +++ b/objects/vulnerability/vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5a55979-5e13-4096-911a-8e36db2067a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e20e8d89-a279-45b0-8c23-f5908e69feef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.464511Z", + "modified": "2024-12-07T00:22:23.464511Z", + "name": "CVE-2024-54141", + "description": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89.json b/objects/vulnerability/vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89.json new file mode 100644 index 00000000000..1f704843728 --- /dev/null +++ b/objects/vulnerability/vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f1025c0-89b3-4227-a057-36a9b596bcd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e634e83d-2a2c-48bb-918a-68c022386e89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.765928Z", + "modified": "2024-12-07T00:22:22.765928Z", + "name": "CVE-2024-53820", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c.json b/objects/vulnerability/vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c.json new file mode 100644 index 00000000000..2f54a0f8642 --- /dev/null +++ b/objects/vulnerability/vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a5f363e-a8ea-4231-b516-21c36cf8964f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e683ba6e-ef0d-4577-ba2b-7c5a2bc2217c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.502645Z", + "modified": "2024-12-07T00:22:23.502645Z", + "name": "CVE-2024-54135", + "description": "ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54135" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236.json b/objects/vulnerability/vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236.json new file mode 100644 index 00000000000..2369bc1062b --- /dev/null +++ b/objects/vulnerability/vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b311240b-c531-4590-aca3-4d8f25a6b6f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7efbea7-daf9-4c70-bc8e-d0aca545f236", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.731839Z", + "modified": "2024-12-07T00:22:22.731839Z", + "name": "CVE-2024-53142", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ninitramfs: avoid filename buffer overrun\n\nThe initramfs filename field is defined in\nDocumentation/driver-api/early-userspace/buffer-format.rst as:\n\n 37 cpio_file := ALGN(4) + cpio_header + filename + \"\\0\" + ALGN(4) + data\n...\n 55 ============= ================== =========================\n 56 Field name Field size Meaning\n 57 ============= ================== =========================\n...\n 70 c_namesize 8 bytes Length of filename, including final \\0\n\nWhen extracting an initramfs cpio archive, the kernel's do_name() path\nhandler assumes a zero-terminated path at @collected, passing it\ndirectly to filp_open() / init_mkdir() / init_mknod().\n\nIf a specially crafted cpio entry carries a non-zero-terminated filename\nand is followed by uninitialized memory, then a file may be created with\ntrailing characters that represent the uninitialized memory. The ability\nto create an initramfs entry would imply already having full control of\nthe system, so the buffer overrun shouldn't be considered a security\nvulnerability.\n\nAppend the output of the following bash script to an existing initramfs\nand observe any created /initramfs_test_fname_overrunAA* path. E.g.\n ./reproducer.sh | gzip >> /myinitramfs\n\nIt's easiest to observe non-zero uninitialized memory when the output is\ngzipped, as it'll overflow the heap allocated @out_buf in __gunzip(),\nrather than the initrd_start+initrd_size block.\n\n---- reproducer.sh ----\nnilchar=\"A\"\t# change to \"\\0\" to properly zero terminate / pad\nmagic=\"070701\"\nino=1\nmode=$(( 0100777 ))\nuid=0\ngid=0\nnlink=1\nmtime=1\nfilesize=0\ndevmajor=0\ndevminor=1\nrdevmajor=0\nrdevminor=0\ncsum=0\nfname=\"initramfs_test_fname_overrun\"\nnamelen=$(( ${#fname} + 1 ))\t# plus one to account for terminator\n\nprintf \"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\" \\\n\t$magic $ino $mode $uid $gid $nlink $mtime $filesize \\\n\t$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname\n\ntermpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) ))\nprintf \"%.s${nilchar}\" $(seq 1 $termpadlen)\n---- reproducer.sh ----\n\nSymlink filename fields handled in do_symlink() won't overrun past the\ndata segment, due to the explicit zero-termination of the symlink\ntarget.\n\nFix filename buffer overrun by aborting the initramfs FSM if any cpio\nentry doesn't carry a zero-terminator at the expected (name_len - 1)\noffset.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75.json b/objects/vulnerability/vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75.json new file mode 100644 index 00000000000..d5fb7084d11 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd7a8136-ff91-43cb-9bb7-e41b57fb09b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0a7ef0b-a24e-4c06-8543-32f05a90da75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:23.505185Z", + "modified": "2024-12-07T00:22:23.505185Z", + "name": "CVE-2024-54213", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8.json b/objects/vulnerability/vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8.json new file mode 100644 index 00000000000..58f22daf2bf --- /dev/null +++ b/objects/vulnerability/vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4574023e-5c33-44fa-9588-8f8a339a8709", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1d0e62c-fd9d-4301-ac7c-b32c25a933b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.760359Z", + "modified": "2024-12-07T00:22:22.760359Z", + "name": "CVE-2024-53810", + "description": "Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53810" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795.json b/objects/vulnerability/vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795.json new file mode 100644 index 00000000000..22482f58718 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91ee4c41-b4e1-4714-b983-6d59f565f359", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2dc233d-0ad4-4afb-a361-a30184183795", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.763235Z", + "modified": "2024-12-07T00:22:22.763235Z", + "name": "CVE-2024-53802", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb.json b/objects/vulnerability/vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb.json new file mode 100644 index 00000000000..c469ad8b3d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c9795b8-8848-492e-b11e-46947d4fccbd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4000edd-ef02-4025-a892-b782ea5710cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.739862Z", + "modified": "2024-12-07T00:22:22.739862Z", + "name": "CVE-2024-53141", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add missing range check in bitmap_ip_uadt\n\nWhen tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,\nthe values of ip and ip_to are slightly swapped. Therefore, the range check\nfor ip should be done later, but this part is missing and it seems that the\nvulnerability occurs.\n\nSo we should add missing range checks and remove unnecessary range checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce.json b/objects/vulnerability/vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce.json new file mode 100644 index 00000000000..384124728e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ce47a7f-833d-41ea-8afd-24d4739706da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4d68e7b-3bc9-4616-a261-c3c866a9a7ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:21.666681Z", + "modified": "2024-12-07T00:22:21.666681Z", + "name": "CVE-2024-48874", + "description": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48874" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46.json b/objects/vulnerability/vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46.json new file mode 100644 index 00000000000..111bfcabc52 --- /dev/null +++ b/objects/vulnerability/vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0d7c70e-266d-4399-9264-e599673e3543", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f674ee76-b02a-4c0b-b868-af0ce2f89c46", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.738087Z", + "modified": "2024-12-07T00:22:22.738087Z", + "name": "CVE-2024-53808", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53808" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80.json b/objects/vulnerability/vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80.json new file mode 100644 index 00000000000..11fd0a8b22d --- /dev/null +++ b/objects/vulnerability/vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--511eb3a3-ee49-42c2-8bd4-97c75a294a1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9175daa-9633-4f4c-828a-502df2c80a80", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.70499Z", + "modified": "2024-12-07T00:22:22.70499Z", + "name": "CVE-2024-53797", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53797" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2.json b/objects/vulnerability/vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2.json new file mode 100644 index 00000000000..23321cf22c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--553aa8a1-c5bb-4e5f-a8a6-925ecc78329a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa9d6ba5-77d4-4067-a7f3-7f5f21e8bef2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.405973Z", + "modified": "2024-12-07T00:22:22.405973Z", + "name": "CVE-2024-11204", + "description": "The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6.json b/objects/vulnerability/vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6.json new file mode 100644 index 00000000000..d81a6646b46 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04616e22-14fe-4663-afbd-d86aba1183c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe305d6d-fab8-41ea-80ce-4f365c3c28b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.026438Z", + "modified": "2024-12-07T00:22:22.026438Z", + "name": "CVE-2024-9706", + "description": "The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9706" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481.json b/objects/vulnerability/vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481.json new file mode 100644 index 00000000000..215c60f3c80 --- /dev/null +++ b/objects/vulnerability/vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51da80f7-7fad-411c-862d-cdb5efc981dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fedd9ef1-4417-4a99-8f9d-06279225f481", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-07T00:22:22.85853Z", + "modified": "2024-12-07T00:22:22.85853Z", + "name": "CVE-2024-38921", + "description": "Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38921" + } + ] + } + ] +} \ No newline at end of file