From 4725b8a1c4d80d4502cb7c85840f0fc6da9a85bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 00:17:29 +0000 Subject: [PATCH] generated content from 2023-11-01 --- mapping.csv | 123 ++++++++++++++++++ ...-00802fde-8529-4762-9a74-d7cedee81b81.json | 22 ++++ ...-00b80c5e-bca3-425d-9759-4524643ded8f.json | 22 ++++ ...-034f7e65-d9ec-44f0-8832-f8b36a720d8d.json | 22 ++++ ...-04307026-e030-4ed1-a064-e7446c9634aa.json | 22 ++++ ...-0b288794-a67c-4d2e-a1ac-9379f5f47f7f.json | 22 ++++ ...-0ee2e4ea-81af-4176-9f0a-590bf3185003.json | 22 ++++ ...-0fb66817-6b81-4270-b137-a81087120a61.json | 22 ++++ ...-100faf86-555a-4702-803f-bdefc10eb389.json | 22 ++++ ...-109a021c-907e-42d8-9522-0ab9d05c63ec.json | 22 ++++ ...-163e3a1a-40e3-459f-bfe6-6a6401af2d19.json | 22 ++++ ...-17882932-5527-4848-b4a5-fa8eaeb0779b.json | 22 ++++ ...-1cf2f48a-e4c5-450d-8ae3-14f4ede47f01.json | 22 ++++ ...-1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1.json | 22 ++++ ...-2101e162-0b7c-4d88-a54f-bf481fb761af.json | 22 ++++ ...-22d7a15d-c79f-4a6a-b25d-e046c6612b24.json | 22 ++++ ...-25287649-012f-4141-add8-16364fc8662a.json | 22 ++++ ...-25374d87-4916-424c-ac47-b4a09dca7b8c.json | 22 ++++ ...-29d4723f-3b94-4851-a62a-3dbce1e120ae.json | 22 ++++ ...-2b9c6f61-9270-434b-b6e6-68a3854d6b95.json | 22 ++++ ...-2d3a5888-1c39-45d4-815b-67e039e2920d.json | 22 ++++ ...-2e17ec76-1e57-4d17-8b63-a5f49f82900f.json | 22 ++++ ...-31d0b751-1fbb-4bf5-9466-0219b881067d.json | 22 ++++ ...-362abe94-6310-4175-a2e0-a4b4ec851566.json | 22 ++++ ...-36ed8161-2cda-40b0-9647-ce580c96b8fc.json | 22 ++++ ...-3c83e775-48b7-47fe-bfe1-f43377d97f40.json | 22 ++++ ...-3d09cc58-2e18-43e5-9fe7-bfc72cf320c8.json | 22 ++++ ...-3e793ae2-7c46-4426-827d-fa3076308187.json | 22 ++++ ...-419f497c-74a0-422e-a3e8-13cc2386fcba.json | 22 ++++ ...-41c686ab-1d13-4009-84c6-fc73c59b56a1.json | 22 ++++ ...-41d7c4d9-b00e-4960-9abb-c2effcb264f6.json | 22 ++++ ...-423afa41-d54f-49a9-bd2a-b4b75219b318.json | 22 ++++ ...-4707a948-ca5b-400e-9e7b-7b183b71a937.json | 22 ++++ ...-4734b7a8-3872-4fb1-94e7-2370833bc099.json | 22 ++++ ...-4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449.json | 22 ++++ ...-4d470cbb-14c3-4150-9744-cc75b36b7d8a.json | 22 ++++ ...-4ea88dcd-516a-4e56-8bfa-093b4715efb8.json | 22 ++++ ...-5053d20c-babf-4a79-aa5c-46a6dc6648da.json | 22 ++++ ...-5208e485-b8ac-4523-aabb-19f7fba0b8e8.json | 22 ++++ ...-5251ec78-680d-46b2-b1a2-ca8e556835aa.json | 22 ++++ ...-53125340-408f-4bda-b25d-afd593ab9014.json | 22 ++++ ...-536a5a39-a0c4-4297-ba32-fb5419384dce.json | 22 ++++ ...-556c02f6-bdf3-4efe-b678-00062faa8d7e.json | 22 ++++ ...-577e23b4-717c-4413-b14b-5ff47eef6610.json | 22 ++++ ...-5956db19-87d8-4aa4-a9e2-2f55a61050f9.json | 22 ++++ ...-59cbf507-ca2c-4186-94f9-36208d792d1c.json | 22 ++++ ...-5b8f5f87-550b-4f24-bcfe-e2308d9cf906.json | 22 ++++ ...-5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189.json | 22 ++++ ...-5d6db720-da7b-43db-bd8a-e3a3270dd687.json | 22 ++++ ...-5fecc751-6981-4085-9efc-760e802ac557.json | 22 ++++ ...-610ca985-dded-41db-9a9f-632afaf4a59f.json | 22 ++++ ...-625e5791-6cee-4b47-b374-317fff71935d.json | 22 ++++ ...-6416d0ec-6286-49ab-b330-d5b19db45aee.json | 22 ++++ ...-694990da-4fa4-4206-8cfb-259728cf31ba.json | 22 ++++ ...-6ae20ead-a80f-484b-997e-e717da839f20.json | 22 ++++ ...-6cc93ded-1896-4da7-a1df-a794fb7f75d8.json | 22 ++++ ...-6ee952ac-cc8f-45f7-ae60-60b77aeee055.json | 22 ++++ ...-6fcf4136-8708-4cb9-bc00-f19e9ca4d37f.json | 22 ++++ ...-702867c7-62ea-469e-abb3-9051ac54d6d0.json | 22 ++++ ...-70fd61d2-92f9-4f5f-8a6c-75cb293478f4.json | 22 ++++ ...-7186b856-d894-4b7b-b28c-60191a90464f.json | 22 ++++ ...-73013861-3fa7-4ef3-b0d1-84a19fb51222.json | 22 ++++ ...-73bf6b0c-7e98-4014-bcc2-433f029b48fb.json | 22 ++++ ...-7444d1c7-7fc5-404c-9f75-197cfea437d7.json | 22 ++++ ...-7450e4c4-ccfa-4e35-8b0b-d2049939edf4.json | 22 ++++ ...-77893c45-5c92-45d1-9689-251e9261769d.json | 22 ++++ ...-78f016ae-26ea-4bac-8de5-04ddc31e78e7.json | 22 ++++ ...-79edd33f-f619-4101-b002-12f6aba06a04.json | 22 ++++ ...-7aec52f7-9273-4710-9521-cd77b41c9bae.json | 22 ++++ ...-7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7.json | 22 ++++ ...-7d6f24de-0bad-46dc-8310-34eb99442cc3.json | 22 ++++ ...-7f9e6469-7313-4425-bcca-a1bcb11171cd.json | 22 ++++ ...-80df2f78-439f-49ae-b8a5-d78156ffdf1f.json | 22 ++++ ...-82668e45-a855-4990-80e7-1923cd6260ad.json | 22 ++++ ...-83baac5e-bf34-40fa-9d37-f153c22fdbfa.json | 22 ++++ ...-84c39ab3-1348-4076-9026-1e51cdaf8090.json | 22 ++++ ...-85f3c1c5-c1ca-413a-a589-de06e879acbe.json | 22 ++++ ...-86fbaa23-ecc8-4d33-9852-05d263f314f9.json | 22 ++++ ...-880acf50-fc94-420b-a625-871506fef8bb.json | 22 ++++ ...-8b2ea167-3c25-452f-9879-21b920d7f01f.json | 22 ++++ ...-955f8e1c-caf1-405b-9ef2-ba2949a845e0.json | 22 ++++ ...-963b5037-9296-4b97-b2b3-6f27ffa11886.json | 22 ++++ ...-96bdc969-5ad8-4154-acfa-5bd593ab53f6.json | 22 ++++ ...-96e60ca5-22a0-45d2-800c-2fece48d8f21.json | 22 ++++ ...-9c922f88-0cac-4971-8cb0-85b557ca0581.json | 22 ++++ ...-9cb56056-0eed-4559-b1b9-7bf46ca85933.json | 22 ++++ ...-9d593607-3c0d-4e95-b097-6c049682468e.json | 22 ++++ ...-a38415eb-b9a7-4c52-ada0-5c8bbf647532.json | 22 ++++ ...-a3cb87d3-aa29-4595-b0ee-abd06483a4f7.json | 22 ++++ ...-a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9.json | 22 ++++ ...-a447731d-29ee-4065-924b-295349f83100.json | 22 ++++ ...-a7603ffa-048c-4473-9d7f-a1d2690974be.json | 22 ++++ ...-ac507362-b7a3-44d1-a958-038d5cfb345d.json | 22 ++++ ...-ac7b1d34-24bb-4bfd-8db6-93b13591c6d6.json | 22 ++++ ...-af1c3615-66f1-48b6-970c-68d5b85aedc8.json | 22 ++++ ...-b08277ba-d357-408b-b811-37c12848e0e8.json | 22 ++++ ...-b359d9a6-e6f2-49e3-afaa-e23656d49609.json | 22 ++++ ...-b42e94d5-8e89-491f-a0c4-f4c743f3b047.json | 22 ++++ ...-b99fe14e-5a1c-4bd0-a786-037fe45a14be.json | 22 ++++ ...-bbb71a37-e41b-4258-a1c5-b0253c1c2ca7.json | 22 ++++ ...-bd9bb936-d555-428e-aed2-483e466771db.json | 22 ++++ ...-bf990e5d-1030-445f-b1e4-f364ba70a4b4.json | 22 ++++ ...-c416a797-e95b-4f50-a4e0-3f39b3319e44.json | 22 ++++ ...-c6996823-344f-4a47-bf0f-40fdf2b508ce.json | 22 ++++ ...-c78bca41-436e-46e1-9582-72840ca8bbca.json | 22 ++++ ...-cd5198c1-714e-4224-9fd4-cb1e42e0fa7c.json | 22 ++++ ...-cd917260-9d12-449d-a922-027d5346b0dd.json | 22 ++++ ...-d2fc7a6f-89a2-4577-be95-aae0c83e5fd3.json | 22 ++++ ...-d61f3b9b-d568-4382-8988-c3227f28046e.json | 22 ++++ ...-d88db7fc-3f44-422b-9a3a-2af9e5611e34.json | 22 ++++ ...-d974027f-bb4d-4383-82fa-a8064582594a.json | 22 ++++ ...-da9adc75-9105-413b-8012-e0a4670b1c25.json | 22 ++++ ...-df671464-4a86-4ee0-beeb-a68845e87d8e.json | 22 ++++ ...-e19ffcba-943c-466f-991e-b633b8870d2e.json | 22 ++++ ...-e5ef6da5-dbca-42f7-9031-1af563d88a5d.json | 22 ++++ ...-e96bddc6-0ef5-4d62-aea7-5f018324af7a.json | 22 ++++ ...-ea08a136-7685-45df-a638-9c88557e8834.json | 22 ++++ ...-eb24970d-4628-4c15-8417-680c88f2911f.json | 22 ++++ ...-f713c866-8afb-4a67-990e-2cef06ea5e3b.json | 22 ++++ ...-f7867bf9-7e1b-4a3f-ae76-6a626569d0ea.json | 22 ++++ ...-f887dbe0-6522-44cf-a828-104e5233be78.json | 22 ++++ ...-f8ada99c-9dd5-40b9-95ec-24be998e89ec.json | 22 ++++ ...-fbc95103-52ad-40a5-b938-50d148757eb3.json | 22 ++++ ...-fe10d803-491b-4d94-b8e2-55e0aab35691.json | 22 ++++ 124 files changed, 2829 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00802fde-8529-4762-9a74-d7cedee81b81.json create mode 100644 objects/vulnerability/vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f.json create mode 100644 objects/vulnerability/vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d.json create mode 100644 objects/vulnerability/vulnerability--04307026-e030-4ed1-a064-e7446c9634aa.json create mode 100644 objects/vulnerability/vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f.json create mode 100644 objects/vulnerability/vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003.json create mode 100644 objects/vulnerability/vulnerability--0fb66817-6b81-4270-b137-a81087120a61.json create mode 100644 objects/vulnerability/vulnerability--100faf86-555a-4702-803f-bdefc10eb389.json create mode 100644 objects/vulnerability/vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec.json create mode 100644 objects/vulnerability/vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19.json create mode 100644 objects/vulnerability/vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b.json create mode 100644 objects/vulnerability/vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01.json create mode 100644 objects/vulnerability/vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1.json create mode 100644 objects/vulnerability/vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af.json create mode 100644 objects/vulnerability/vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24.json create mode 100644 objects/vulnerability/vulnerability--25287649-012f-4141-add8-16364fc8662a.json create mode 100644 objects/vulnerability/vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c.json create mode 100644 objects/vulnerability/vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae.json create mode 100644 objects/vulnerability/vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95.json create mode 100644 objects/vulnerability/vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d.json create mode 100644 objects/vulnerability/vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f.json create mode 100644 objects/vulnerability/vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d.json create mode 100644 objects/vulnerability/vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566.json create mode 100644 objects/vulnerability/vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc.json create mode 100644 objects/vulnerability/vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40.json create mode 100644 objects/vulnerability/vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8.json create mode 100644 objects/vulnerability/vulnerability--3e793ae2-7c46-4426-827d-fa3076308187.json create mode 100644 objects/vulnerability/vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba.json create mode 100644 objects/vulnerability/vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1.json create mode 100644 objects/vulnerability/vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6.json create mode 100644 objects/vulnerability/vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318.json create mode 100644 objects/vulnerability/vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937.json create mode 100644 objects/vulnerability/vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099.json create mode 100644 objects/vulnerability/vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449.json create mode 100644 objects/vulnerability/vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a.json create mode 100644 objects/vulnerability/vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8.json create mode 100644 objects/vulnerability/vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da.json create mode 100644 objects/vulnerability/vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8.json create mode 100644 objects/vulnerability/vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa.json create mode 100644 objects/vulnerability/vulnerability--53125340-408f-4bda-b25d-afd593ab9014.json create mode 100644 objects/vulnerability/vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce.json create mode 100644 objects/vulnerability/vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e.json create mode 100644 objects/vulnerability/vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610.json create mode 100644 objects/vulnerability/vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9.json create mode 100644 objects/vulnerability/vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c.json create mode 100644 objects/vulnerability/vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906.json create mode 100644 objects/vulnerability/vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189.json create mode 100644 objects/vulnerability/vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687.json create mode 100644 objects/vulnerability/vulnerability--5fecc751-6981-4085-9efc-760e802ac557.json create mode 100644 objects/vulnerability/vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f.json create mode 100644 objects/vulnerability/vulnerability--625e5791-6cee-4b47-b374-317fff71935d.json create mode 100644 objects/vulnerability/vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee.json create mode 100644 objects/vulnerability/vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba.json create mode 100644 objects/vulnerability/vulnerability--6ae20ead-a80f-484b-997e-e717da839f20.json create mode 100644 objects/vulnerability/vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8.json create mode 100644 objects/vulnerability/vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055.json create mode 100644 objects/vulnerability/vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f.json create mode 100644 objects/vulnerability/vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0.json create mode 100644 objects/vulnerability/vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4.json create mode 100644 objects/vulnerability/vulnerability--7186b856-d894-4b7b-b28c-60191a90464f.json create mode 100644 objects/vulnerability/vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222.json create mode 100644 objects/vulnerability/vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb.json create mode 100644 objects/vulnerability/vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7.json create mode 100644 objects/vulnerability/vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4.json create mode 100644 objects/vulnerability/vulnerability--77893c45-5c92-45d1-9689-251e9261769d.json create mode 100644 objects/vulnerability/vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7.json create mode 100644 objects/vulnerability/vulnerability--79edd33f-f619-4101-b002-12f6aba06a04.json create mode 100644 objects/vulnerability/vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae.json create mode 100644 objects/vulnerability/vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7.json create mode 100644 objects/vulnerability/vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3.json create mode 100644 objects/vulnerability/vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd.json create mode 100644 objects/vulnerability/vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f.json create mode 100644 objects/vulnerability/vulnerability--82668e45-a855-4990-80e7-1923cd6260ad.json create mode 100644 objects/vulnerability/vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa.json create mode 100644 objects/vulnerability/vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090.json create mode 100644 objects/vulnerability/vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe.json create mode 100644 objects/vulnerability/vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9.json create mode 100644 objects/vulnerability/vulnerability--880acf50-fc94-420b-a625-871506fef8bb.json create mode 100644 objects/vulnerability/vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f.json create mode 100644 objects/vulnerability/vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0.json create mode 100644 objects/vulnerability/vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886.json create mode 100644 objects/vulnerability/vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6.json create mode 100644 objects/vulnerability/vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21.json create mode 100644 objects/vulnerability/vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581.json create mode 100644 objects/vulnerability/vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933.json create mode 100644 objects/vulnerability/vulnerability--9d593607-3c0d-4e95-b097-6c049682468e.json create mode 100644 objects/vulnerability/vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532.json create mode 100644 objects/vulnerability/vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7.json create mode 100644 objects/vulnerability/vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9.json create mode 100644 objects/vulnerability/vulnerability--a447731d-29ee-4065-924b-295349f83100.json create mode 100644 objects/vulnerability/vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be.json create mode 100644 objects/vulnerability/vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d.json create mode 100644 objects/vulnerability/vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6.json create mode 100644 objects/vulnerability/vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8.json create mode 100644 objects/vulnerability/vulnerability--b08277ba-d357-408b-b811-37c12848e0e8.json create mode 100644 objects/vulnerability/vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609.json create mode 100644 objects/vulnerability/vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047.json create mode 100644 objects/vulnerability/vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be.json create mode 100644 objects/vulnerability/vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7.json create mode 100644 objects/vulnerability/vulnerability--bd9bb936-d555-428e-aed2-483e466771db.json create mode 100644 objects/vulnerability/vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4.json create mode 100644 objects/vulnerability/vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44.json create mode 100644 objects/vulnerability/vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce.json create mode 100644 objects/vulnerability/vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca.json create mode 100644 objects/vulnerability/vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c.json create mode 100644 objects/vulnerability/vulnerability--cd917260-9d12-449d-a922-027d5346b0dd.json create mode 100644 objects/vulnerability/vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3.json create mode 100644 objects/vulnerability/vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e.json create mode 100644 objects/vulnerability/vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34.json create mode 100644 objects/vulnerability/vulnerability--d974027f-bb4d-4383-82fa-a8064582594a.json create mode 100644 objects/vulnerability/vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25.json create mode 100644 objects/vulnerability/vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e.json create mode 100644 objects/vulnerability/vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e.json create mode 100644 objects/vulnerability/vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d.json create mode 100644 objects/vulnerability/vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a.json create mode 100644 objects/vulnerability/vulnerability--ea08a136-7685-45df-a638-9c88557e8834.json create mode 100644 objects/vulnerability/vulnerability--eb24970d-4628-4c15-8417-680c88f2911f.json create mode 100644 objects/vulnerability/vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b.json create mode 100644 objects/vulnerability/vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea.json create mode 100644 objects/vulnerability/vulnerability--f887dbe0-6522-44cf-a828-104e5233be78.json create mode 100644 objects/vulnerability/vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec.json create mode 100644 objects/vulnerability/vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3.json create mode 100644 objects/vulnerability/vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691.json diff --git a/mapping.csv b/mapping.csv index 99b141b3941..cf8d2d114db 100644 --- a/mapping.csv +++ b/mapping.csv @@ -216264,3 +216264,126 @@ vulnerability,CVE-2022-4575,vulnerability--9e079d86-70b0-4cc8-9e74-bc72a4454736 vulnerability,CVE-2022-4574,vulnerability--d5234880-323d-4804-82fa-d7c59dce3985 vulnerability,CVE-2022-48189,vulnerability--87bdab11-64f1-4981-8863-3cb597ee8500 vulnerability,CVE-2022-20264,vulnerability--4c1b89e1-cd95-42fe-a334-170d6b75b776 +vulnerability,CVE-2015-2968,vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec +vulnerability,CVE-2015-0897,vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0 +vulnerability,CVE-2015-20110,vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9 +vulnerability,CVE-2023-47097,vulnerability--a447731d-29ee-4065-924b-295349f83100 +vulnerability,CVE-2023-47174,vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a +vulnerability,CVE-2023-47095,vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa +vulnerability,CVE-2023-47096,vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d +vulnerability,CVE-2023-47098,vulnerability--9d593607-3c0d-4e95-b097-6c049682468e +vulnerability,CVE-2023-47094,vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee +vulnerability,CVE-2023-47099,vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d +vulnerability,CVE-2023-5519,vulnerability--25287649-012f-4141-add8-16364fc8662a +vulnerability,CVE-2023-5114,vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34 +vulnerability,CVE-2023-5867,vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8 +vulnerability,CVE-2023-5435,vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc +vulnerability,CVE-2023-5238,vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318 +vulnerability,CVE-2023-5073,vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba +vulnerability,CVE-2023-5098,vulnerability--04307026-e030-4ed1-a064-e7446c9634aa +vulnerability,CVE-2023-5430,vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7 +vulnerability,CVE-2023-5434,vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe +vulnerability,CVE-2023-5116,vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce +vulnerability,CVE-2023-5739,vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8 +vulnerability,CVE-2023-5229,vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7 +vulnerability,CVE-2023-5861,vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906 +vulnerability,CVE-2023-5862,vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189 +vulnerability,CVE-2023-5873,vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d +vulnerability,CVE-2023-5438,vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8 +vulnerability,CVE-2023-5099,vulnerability--5fecc751-6981-4085-9efc-760e802ac557 +vulnerability,CVE-2023-5437,vulnerability--00802fde-8529-4762-9a74-d7cedee81b81 +vulnerability,CVE-2023-5306,vulnerability--53125340-408f-4bda-b25d-afd593ab9014 +vulnerability,CVE-2023-5237,vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1 +vulnerability,CVE-2023-5464,vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4 +vulnerability,CVE-2023-5863,vulnerability--6ae20ead-a80f-484b-997e-e717da839f20 +vulnerability,CVE-2023-5439,vulnerability--b08277ba-d357-408b-b811-37c12848e0e8 +vulnerability,CVE-2023-5307,vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4 +vulnerability,CVE-2023-5458,vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c +vulnerability,CVE-2023-5866,vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c +vulnerability,CVE-2023-5428,vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be +vulnerability,CVE-2023-5211,vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0 +vulnerability,CVE-2023-5433,vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581 +vulnerability,CVE-2023-5431,vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933 +vulnerability,CVE-2023-5865,vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f +vulnerability,CVE-2023-5429,vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6 +vulnerability,CVE-2023-5243,vulnerability--f887dbe0-6522-44cf-a828-104e5233be78 +vulnerability,CVE-2023-5360,vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01 +vulnerability,CVE-2023-5864,vulnerability--79edd33f-f619-4101-b002-12f6aba06a04 +vulnerability,CVE-2023-5436,vulnerability--ea08a136-7685-45df-a638-9c88557e8834 +vulnerability,CVE-2023-5412,vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9 +vulnerability,CVE-2023-33927,vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c +vulnerability,CVE-2023-22518,vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a +vulnerability,CVE-2023-25045,vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d +vulnerability,CVE-2023-25047,vulnerability--3e793ae2-7c46-4426-827d-fa3076308187 +vulnerability,CVE-2023-43295,vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937 +vulnerability,CVE-2023-43796,vulnerability--bd9bb936-d555-428e-aed2-483e466771db +vulnerability,CVE-2023-43139,vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1 +vulnerability,CVE-2023-37831,vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f +vulnerability,CVE-2023-37966,vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d +vulnerability,CVE-2023-37243,vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f +vulnerability,CVE-2023-37832,vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec +vulnerability,CVE-2023-37833,vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae +vulnerability,CVE-2023-38994,vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609 +vulnerability,CVE-2023-36263,vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae +vulnerability,CVE-2023-36508,vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532 +vulnerability,CVE-2023-35879,vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610 +vulnerability,CVE-2023-24000,vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687 +vulnerability,CVE-2023-24410,vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f +vulnerability,CVE-2023-40050,vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce +vulnerability,CVE-2023-40681,vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40 +vulnerability,CVE-2023-3955,vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19 +vulnerability,CVE-2023-3676,vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691 +vulnerability,CVE-2023-39695,vulnerability--d974027f-bb4d-4383-82fa-a8064582594a +vulnerability,CVE-2023-39610,vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95 +vulnerability,CVE-2023-27846,vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3 +vulnerability,CVE-2023-42425,vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222 +vulnerability,CVE-2023-42658,vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7 +vulnerability,CVE-2023-4250,vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3 +vulnerability,CVE-2023-4390,vulnerability--880acf50-fc94-420b-a625-871506fef8bb +vulnerability,CVE-2023-4823,vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e +vulnerability,CVE-2023-4251,vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047 +vulnerability,CVE-2023-4836,vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090 +vulnerability,CVE-2023-44485,vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f +vulnerability,CVE-2023-44486,vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003 +vulnerability,CVE-2023-44484,vulnerability--7186b856-d894-4b7b-b28c-60191a90464f +vulnerability,CVE-2023-31212,vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb +vulnerability,CVE-2023-31794,vulnerability--eb24970d-4628-4c15-8417-680c88f2911f +vulnerability,CVE-2023-45955,vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7 +vulnerability,CVE-2023-45899,vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba +vulnerability,CVE-2023-45996,vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea +vulnerability,CVE-2023-45378,vulnerability--77893c45-5c92-45d1-9689-251e9261769d +vulnerability,CVE-2023-20886,vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4 +vulnerability,CVE-2023-28777,vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9 +vulnerability,CVE-2023-46256,vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af +vulnerability,CVE-2023-46978,vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3 +vulnerability,CVE-2023-46249,vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25 +vulnerability,CVE-2023-46255,vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6 +vulnerability,CVE-2023-46356,vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6 +vulnerability,CVE-2023-46245,vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886 +vulnerability,CVE-2023-46992,vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f +vulnerability,CVE-2023-46622,vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca +vulnerability,CVE-2023-46235,vulnerability--82668e45-a855-4990-80e7-1923cd6260ad +vulnerability,CVE-2023-46236,vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa +vulnerability,CVE-2023-46313,vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449 +vulnerability,CVE-2023-46485,vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8 +vulnerability,CVE-2023-46250,vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44 +vulnerability,CVE-2023-46237,vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e +vulnerability,CVE-2023-46977,vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b +vulnerability,CVE-2023-46248,vulnerability--0fb66817-6b81-4270-b137-a81087120a61 +vulnerability,CVE-2023-46040,vulnerability--100faf86-555a-4702-803f-bdefc10eb389 +vulnerability,CVE-2023-46484,vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7 +vulnerability,CVE-2023-46378,vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e +vulnerability,CVE-2023-46239,vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055 +vulnerability,CVE-2023-46722,vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b +vulnerability,CVE-2023-46278,vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24 +vulnerability,CVE-2023-46240,vulnerability--cd917260-9d12-449d-a922-027d5346b0dd +vulnerability,CVE-2023-46979,vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be +vulnerability,CVE-2023-46723,vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21 +vulnerability,CVE-2023-46312,vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da +vulnerability,CVE-2023-46993,vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f +vulnerability,CVE-2023-46451,vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd +vulnerability,CVE-2023-46976,vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e +vulnerability,CVE-2023-46361,vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566 +vulnerability,CVE-2023-46210,vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099 +vulnerability,CVE-2016-1203,vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8 +vulnerability,CVE-2022-3007,vulnerability--625e5791-6cee-4b47-b374-317fff71935d diff --git a/objects/vulnerability/vulnerability--00802fde-8529-4762-9a74-d7cedee81b81.json b/objects/vulnerability/vulnerability--00802fde-8529-4762-9a74-d7cedee81b81.json new file mode 100644 index 00000000000..321707af0d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--00802fde-8529-4762-9a74-d7cedee81b81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d2014fe-76ac-4d2e-8acb-0685fe6cfe7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00802fde-8529-4762-9a74-d7cedee81b81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.841545Z", + "modified": "2023-11-01T00:17:03.841545Z", + "name": "CVE-2023-5437", + "description": "The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f.json b/objects/vulnerability/vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f.json new file mode 100644 index 00000000000..cc6f9429aec --- /dev/null +++ b/objects/vulnerability/vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b787bc1-6fc0-4ab4-8ccf-05ae242434f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00b80c5e-bca3-425d-9759-4524643ded8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.877295Z", + "modified": "2023-11-01T00:17:03.877295Z", + "name": "CVE-2023-5865", + "description": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d.json b/objects/vulnerability/vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d.json new file mode 100644 index 00000000000..2bf4e91fb9d --- /dev/null +++ b/objects/vulnerability/vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--963cf874-80a7-4052-993e-447ab308fce5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--034f7e65-d9ec-44f0-8832-f8b36a720d8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.371819Z", + "modified": "2023-11-01T00:17:04.371819Z", + "name": "CVE-2023-37966", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04307026-e030-4ed1-a064-e7446c9634aa.json b/objects/vulnerability/vulnerability--04307026-e030-4ed1-a064-e7446c9634aa.json new file mode 100644 index 00000000000..0ec5550aac1 --- /dev/null +++ b/objects/vulnerability/vulnerability--04307026-e030-4ed1-a064-e7446c9634aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dfee1c7-ce42-44b7-bb5b-84567c2d5acf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04307026-e030-4ed1-a064-e7446c9634aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.797302Z", + "modified": "2023-11-01T00:17:03.797302Z", + "name": "CVE-2023-5098", + "description": "The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string \"true\", which could lead to a variety of outcomes, including DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f.json b/objects/vulnerability/vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f.json new file mode 100644 index 00000000000..4a9325391b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70a4b200-1c71-43df-bf1b-ade9782505e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b288794-a67c-4d2e-a1ac-9379f5f47f7f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.760486Z", + "modified": "2023-11-01T00:17:05.760486Z", + "name": "CVE-2023-44485", + "description": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003.json b/objects/vulnerability/vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003.json new file mode 100644 index 00000000000..c8af6ca04bd --- /dev/null +++ b/objects/vulnerability/vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a96b39bd-fe18-498d-b25c-c96b7ea8ee37", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ee2e4ea-81af-4176-9f0a-590bf3185003", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.952143Z", + "modified": "2023-11-01T00:17:05.952143Z", + "name": "CVE-2023-44486", + "description": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44486" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fb66817-6b81-4270-b137-a81087120a61.json b/objects/vulnerability/vulnerability--0fb66817-6b81-4270-b137-a81087120a61.json new file mode 100644 index 00000000000..315c4a61ea9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fb66817-6b81-4270-b137-a81087120a61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ffdf30f-7b1c-41a1-980c-50f242ae619f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fb66817-6b81-4270-b137-a81087120a61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.729085Z", + "modified": "2023-11-01T00:17:06.729085Z", + "name": "CVE-2023-46248", + "description": "Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user's machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can't promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--100faf86-555a-4702-803f-bdefc10eb389.json b/objects/vulnerability/vulnerability--100faf86-555a-4702-803f-bdefc10eb389.json new file mode 100644 index 00000000000..959ee34f4e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--100faf86-555a-4702-803f-bdefc10eb389.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a93b3d9-5807-4de6-b8c2-5b70b3d59632", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--100faf86-555a-4702-803f-bdefc10eb389", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.733277Z", + "modified": "2023-11-01T00:17:06.733277Z", + "name": "CVE-2023-46040", + "description": "Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46040" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec.json b/objects/vulnerability/vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec.json new file mode 100644 index 00000000000..97f3022c414 --- /dev/null +++ b/objects/vulnerability/vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--864ff6f2-575f-43fd-8560-f152eb7ca4c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--109a021c-907e-42d8-9522-0ab9d05c63ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.441273Z", + "modified": "2023-11-01T00:17:04.441273Z", + "name": "CVE-2023-37832", + "description": "A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19.json b/objects/vulnerability/vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19.json new file mode 100644 index 00000000000..88dd486e4a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c2ee429-6758-4c87-8a7a-0de2804f1195", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--163e3a1a-40e3-459f-bfe6-6a6401af2d19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.139228Z", + "modified": "2023-11-01T00:17:05.139228Z", + "name": "CVE-2023-3955", + "description": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b.json b/objects/vulnerability/vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b.json new file mode 100644 index 00000000000..014d6787551 --- /dev/null +++ b/objects/vulnerability/vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2752cbc-3300-4a18-91e8-98b6f73f43ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17882932-5527-4848-b4a5-fa8eaeb0779b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.724Z", + "modified": "2023-11-01T00:17:06.724Z", + "name": "CVE-2023-46977", + "description": "TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46977" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01.json b/objects/vulnerability/vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01.json new file mode 100644 index 00000000000..b4341f6018a --- /dev/null +++ b/objects/vulnerability/vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--626619c7-a8f0-4a14-9700-f73c972f273f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cf2f48a-e4c5-450d-8ae3-14f4ede47f01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.888215Z", + "modified": "2023-11-01T00:17:03.888215Z", + "name": "CVE-2023-5360", + "description": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5360" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1.json b/objects/vulnerability/vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1.json new file mode 100644 index 00000000000..07cbb8371a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1d68c4e-e4c7-4a2c-92bf-a3cd5ea4404c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fffe89e-479e-49ca-bfbc-cbcb9e2d5eb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.341739Z", + "modified": "2023-11-01T00:17:04.341739Z", + "name": "CVE-2023-43139", + "description": "An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-43139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af.json b/objects/vulnerability/vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af.json new file mode 100644 index 00000000000..9b529cbbb1a --- /dev/null +++ b/objects/vulnerability/vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff2aafee-4662-49a1-ad2f-a941bfde4a49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2101e162-0b7c-4d88-a54f-bf481fb761af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.671987Z", + "modified": "2023-11-01T00:17:06.671987Z", + "name": "CVE-2023-46256", + "description": "PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24.json b/objects/vulnerability/vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24.json new file mode 100644 index 00000000000..99272b38259 --- /dev/null +++ b/objects/vulnerability/vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f6bfac8-e875-41ae-9787-3c4cdf6f7727", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22d7a15d-c79f-4a6a-b25d-e046c6612b24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.748636Z", + "modified": "2023-11-01T00:17:06.748636Z", + "name": "CVE-2023-46278", + "description": "Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25287649-012f-4141-add8-16364fc8662a.json b/objects/vulnerability/vulnerability--25287649-012f-4141-add8-16364fc8662a.json new file mode 100644 index 00000000000..4a7934fc3ee --- /dev/null +++ b/objects/vulnerability/vulnerability--25287649-012f-4141-add8-16364fc8662a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e7c8320-57c9-46be-ac01-e66e4f1f45d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25287649-012f-4141-add8-16364fc8662a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.768071Z", + "modified": "2023-11-01T00:17:03.768071Z", + "name": "CVE-2023-5519", + "description": "The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c.json b/objects/vulnerability/vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c.json new file mode 100644 index 00000000000..4b6269e79df --- /dev/null +++ b/objects/vulnerability/vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3f08cde-72e5-4863-ac09-dfeaab5b0d25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25374d87-4916-424c-ac47-b4a09dca7b8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.984662Z", + "modified": "2023-11-01T00:17:03.984662Z", + "name": "CVE-2023-33927", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33927" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae.json b/objects/vulnerability/vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae.json new file mode 100644 index 00000000000..c047e422837 --- /dev/null +++ b/objects/vulnerability/vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88a9a85c-88de-430c-8303-d7ba9a881109", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29d4723f-3b94-4851-a62a-3dbce1e120ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.44718Z", + "modified": "2023-11-01T00:17:04.44718Z", + "name": "CVE-2023-37833", + "description": "Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37833" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95.json b/objects/vulnerability/vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95.json new file mode 100644 index 00000000000..2a93958daf3 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1a87299-bdd7-48b2-8a38-e93ecf00cab0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b9c6f61-9270-434b-b6e6-68a3854d6b95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.254252Z", + "modified": "2023-11-01T00:17:05.254252Z", + "name": "CVE-2023-39610", + "description": "An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d.json b/objects/vulnerability/vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d.json new file mode 100644 index 00000000000..849419b5820 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29a42485-b53e-4bf2-aa20-1460aded4d4e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d3a5888-1c39-45d4-815b-67e039e2920d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.22133Z", + "modified": "2023-11-01T00:17:04.22133Z", + "name": "CVE-2023-25045", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-25045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f.json b/objects/vulnerability/vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f.json new file mode 100644 index 00000000000..11fab986b4f --- /dev/null +++ b/objects/vulnerability/vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ca01e22-c8a7-49a6-b15a-e6c21f0714f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e17ec76-1e57-4d17-8b63-a5f49f82900f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.377074Z", + "modified": "2023-11-01T00:17:04.377074Z", + "name": "CVE-2023-37243", + "description": "The C:\\Windows\\Temp\\Agent.Package.Availability\\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\\Windows\\Temp\\Agent.Package.Availability folder inherits permissions from C:\\Windows\\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37243" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d.json b/objects/vulnerability/vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d.json new file mode 100644 index 00000000000..065d7bf8a83 --- /dev/null +++ b/objects/vulnerability/vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88f2aa4c-7b24-469d-b7d8-9f71c3275f2b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31d0b751-1fbb-4bf5-9466-0219b881067d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.832233Z", + "modified": "2023-11-01T00:17:03.832233Z", + "name": "CVE-2023-5873", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5873" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566.json b/objects/vulnerability/vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566.json new file mode 100644 index 00000000000..fcfc96f5df4 --- /dev/null +++ b/objects/vulnerability/vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--875c6760-e557-47b3-a7e9-ad123a565533", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--362abe94-6310-4175-a2e0-a4b4ec851566", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.778981Z", + "modified": "2023-11-01T00:17:06.778981Z", + "name": "CVE-2023-46361", + "description": "Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46361" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc.json b/objects/vulnerability/vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc.json new file mode 100644 index 00000000000..ce838586d9a --- /dev/null +++ b/objects/vulnerability/vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38a368d4-a0f7-4781-935a-577d53f0faca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36ed8161-2cda-40b0-9647-ce580c96b8fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.773973Z", + "modified": "2023-11-01T00:17:03.773973Z", + "name": "CVE-2023-5435", + "description": "The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5435" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40.json b/objects/vulnerability/vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40.json new file mode 100644 index 00000000000..30f58e63959 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f7652c2-d4d1-40a1-8e22-1ec0237e0d5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c83e775-48b7-47fe-bfe1-f43377d97f40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.979606Z", + "modified": "2023-11-01T00:17:04.979606Z", + "name": "CVE-2023-40681", + "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8.json b/objects/vulnerability/vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8.json new file mode 100644 index 00000000000..f06277dc4b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a2f38ed-4e6b-47d5-8a2e-31cf8deeadcb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d09cc58-2e18-43e5-9fe7-bfc72cf320c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.834881Z", + "modified": "2023-11-01T00:17:03.834881Z", + "name": "CVE-2023-5438", + "description": "The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5438" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e793ae2-7c46-4426-827d-fa3076308187.json b/objects/vulnerability/vulnerability--3e793ae2-7c46-4426-827d-fa3076308187.json new file mode 100644 index 00000000000..997270433fd --- /dev/null +++ b/objects/vulnerability/vulnerability--3e793ae2-7c46-4426-827d-fa3076308187.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--234834fe-a77b-4847-9d90-9f3ac45df4c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e793ae2-7c46-4426-827d-fa3076308187", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.258351Z", + "modified": "2023-11-01T00:17:04.258351Z", + "name": "CVE-2023-25047", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-25047" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba.json b/objects/vulnerability/vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba.json new file mode 100644 index 00000000000..1f82499c5a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b98adfe-5efe-4ed9-bdb9-1142908fede3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--419f497c-74a0-422e-a3e8-13cc2386fcba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.794829Z", + "modified": "2023-11-01T00:17:03.794829Z", + "name": "CVE-2023-5073", + "description": "The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1.json b/objects/vulnerability/vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1.json new file mode 100644 index 00000000000..4482ba0e5b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cdb36f1-b8ef-4309-8e4b-a542678bd28b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41c686ab-1d13-4009-84c6-fc73c59b56a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.847619Z", + "modified": "2023-11-01T00:17:03.847619Z", + "name": "CVE-2023-5237", + "description": "The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6.json b/objects/vulnerability/vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6.json new file mode 100644 index 00000000000..fcac5a94a2d --- /dev/null +++ b/objects/vulnerability/vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7a07dc7-10cc-4364-9718-bdf13f606c6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41d7c4d9-b00e-4960-9abb-c2effcb264f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.689357Z", + "modified": "2023-11-01T00:17:06.689357Z", + "name": "CVE-2023-46255", + "description": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46255" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318.json b/objects/vulnerability/vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318.json new file mode 100644 index 00000000000..52f8c937465 --- /dev/null +++ b/objects/vulnerability/vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fbad6e4-91fe-48f1-9f13-7b8a48163fae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--423afa41-d54f-49a9-bd2a-b4b75219b318", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.79256Z", + "modified": "2023-11-01T00:17:03.79256Z", + "name": "CVE-2023-5238", + "description": "The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937.json b/objects/vulnerability/vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937.json new file mode 100644 index 00000000000..f5fd2ae3377 --- /dev/null +++ b/objects/vulnerability/vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--123db6d6-8630-4a6d-a180-14329d97aec9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4707a948-ca5b-400e-9e7b-7b183b71a937", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.317676Z", + "modified": "2023-11-01T00:17:04.317676Z", + "name": "CVE-2023-43295", + "description": "Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-43295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099.json b/objects/vulnerability/vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099.json new file mode 100644 index 00000000000..72536ba2a4d --- /dev/null +++ b/objects/vulnerability/vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e42ce243-7dd0-431c-95a0-b3962ccdfaad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4734b7a8-3872-4fb1-94e7-2370833bc099", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.783872Z", + "modified": "2023-11-01T00:17:06.783872Z", + "name": "CVE-2023-46210", + "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449.json b/objects/vulnerability/vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449.json new file mode 100644 index 00000000000..bca20607e86 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51dc7e86-3796-4dd5-86b5-bfd6d10cd21f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a9ad5eb-47e4-4bf4-9a50-6c33a17f1449", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.712969Z", + "modified": "2023-11-01T00:17:06.712969Z", + "name": "CVE-2023-46313", + "description": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46313" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a.json b/objects/vulnerability/vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a.json new file mode 100644 index 00000000000..d4228994411 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22ca1cc9-f5a9-4522-99aa-6f050ddad744", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d470cbb-14c3-4150-9744-cc75b36b7d8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.658141Z", + "modified": "2023-11-01T00:17:03.658141Z", + "name": "CVE-2023-47174", + "description": "Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8.json b/objects/vulnerability/vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8.json new file mode 100644 index 00000000000..6ec568d7f23 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3d8b17b-7d71-4015-878e-bfaa244c5a6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ea88dcd-516a-4e56-8bfa-093b4715efb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.714899Z", + "modified": "2023-11-01T00:17:06.714899Z", + "name": "CVE-2023-46485", + "description": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da.json b/objects/vulnerability/vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da.json new file mode 100644 index 00000000000..f336e4d1b2e --- /dev/null +++ b/objects/vulnerability/vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ac77f57-2c60-4a93-8e0f-1d3380941f18", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5053d20c-babf-4a79-aa5c-46a6dc6648da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.758549Z", + "modified": "2023-11-01T00:17:06.758549Z", + "name": "CVE-2023-46312", + "description": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46312" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8.json b/objects/vulnerability/vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8.json new file mode 100644 index 00000000000..a3e811cd554 --- /dev/null +++ b/objects/vulnerability/vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09d6300c-77ee-4c3c-97b7-f8336ea1d4b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5208e485-b8ac-4523-aabb-19f7fba0b8e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.772126Z", + "modified": "2023-11-01T00:17:03.772126Z", + "name": "CVE-2023-5867", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5867" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa.json b/objects/vulnerability/vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa.json new file mode 100644 index 00000000000..0be88efbc32 --- /dev/null +++ b/objects/vulnerability/vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65e48b8c-a04e-4977-81e7-b1d8b635663d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5251ec78-680d-46b2-b1a2-ca8e556835aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.708312Z", + "modified": "2023-11-01T00:17:06.708312Z", + "name": "CVE-2023-46236", + "description": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53125340-408f-4bda-b25d-afd593ab9014.json b/objects/vulnerability/vulnerability--53125340-408f-4bda-b25d-afd593ab9014.json new file mode 100644 index 00000000000..53ac41e8b10 --- /dev/null +++ b/objects/vulnerability/vulnerability--53125340-408f-4bda-b25d-afd593ab9014.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8389976d-4067-4e36-922c-6c09dbf29de7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53125340-408f-4bda-b25d-afd593ab9014", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.843933Z", + "modified": "2023-11-01T00:17:03.843933Z", + "name": "CVE-2023-5306", + "description": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce.json b/objects/vulnerability/vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce.json new file mode 100644 index 00000000000..b321a804e62 --- /dev/null +++ b/objects/vulnerability/vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0a8a38b-861f-4139-977a-0561ff17aab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--536a5a39-a0c4-4297-ba32-fb5419384dce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.805831Z", + "modified": "2023-11-01T00:17:03.805831Z", + "name": "CVE-2023-5116", + "description": "The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e.json b/objects/vulnerability/vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e.json new file mode 100644 index 00000000000..fe6206226aa --- /dev/null +++ b/objects/vulnerability/vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9ac0156-144e-456a-add0-796b37bae75c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--556c02f6-bdf3-4efe-b678-00062faa8d7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.769727Z", + "modified": "2023-11-01T00:17:06.769727Z", + "name": "CVE-2023-46976", + "description": "TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610.json b/objects/vulnerability/vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610.json new file mode 100644 index 00000000000..ea2ca8e3486 --- /dev/null +++ b/objects/vulnerability/vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2fd77fdb-8069-45b6-a518-e791066e3959", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--577e23b4-717c-4413-b14b-5ff47eef6610", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.660354Z", + "modified": "2023-11-01T00:17:04.660354Z", + "name": "CVE-2023-35879", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9.json b/objects/vulnerability/vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9.json new file mode 100644 index 00000000000..db694c5256e --- /dev/null +++ b/objects/vulnerability/vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b80f35cb-0b07-4464-bfc5-010b45b4fb55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5956db19-87d8-4aa4-a9e2-2f55a61050f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:16:50.867228Z", + "modified": "2023-11-01T00:16:50.867228Z", + "name": "CVE-2015-20110", + "description": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2015-20110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c.json b/objects/vulnerability/vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c.json new file mode 100644 index 00000000000..baa888f7e3b --- /dev/null +++ b/objects/vulnerability/vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0fe62e1-af6f-4d82-8665-d7af8854622d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59cbf507-ca2c-4186-94f9-36208d792d1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.862476Z", + "modified": "2023-11-01T00:17:03.862476Z", + "name": "CVE-2023-5866", + "description": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5866" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906.json b/objects/vulnerability/vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906.json new file mode 100644 index 00000000000..7253a93709b --- /dev/null +++ b/objects/vulnerability/vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9dd59c0-37ff-4c70-a14b-6ff94d15b3a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b8f5f87-550b-4f24-bcfe-e2308d9cf906", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.824779Z", + "modified": "2023-11-01T00:17:03.824779Z", + "name": "CVE-2023-5861", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5861" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189.json b/objects/vulnerability/vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189.json new file mode 100644 index 00000000000..ac7a180f2c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f1e7202-972b-41ea-b322-b5bf72a8daa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c8bcfd7-b5d2-47d4-86c1-ff0e532fa189", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.830858Z", + "modified": "2023-11-01T00:17:03.830858Z", + "name": "CVE-2023-5862", + "description": "Missing Authorization in GitHub repository hamza417/inure prior to Build95.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5862" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687.json b/objects/vulnerability/vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687.json new file mode 100644 index 00000000000..ddd11ef1da3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb25dc77-3584-413d-8009-5ee96074f13c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d6db720-da7b-43db-bd8a-e3a3270dd687", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.752891Z", + "modified": "2023-11-01T00:17:04.752891Z", + "name": "CVE-2023-24000", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-24000" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fecc751-6981-4085-9efc-760e802ac557.json b/objects/vulnerability/vulnerability--5fecc751-6981-4085-9efc-760e802ac557.json new file mode 100644 index 00000000000..d7ea27da6bb --- /dev/null +++ b/objects/vulnerability/vulnerability--5fecc751-6981-4085-9efc-760e802ac557.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41d40b33-f391-4567-95de-e5bbefc3c0c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fecc751-6981-4085-9efc-760e802ac557", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.838475Z", + "modified": "2023-11-01T00:17:03.838475Z", + "name": "CVE-2023-5099", + "description": "The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f.json b/objects/vulnerability/vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f.json new file mode 100644 index 00000000000..585b1cc3f21 --- /dev/null +++ b/objects/vulnerability/vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46d08cd6-7079-4808-8808-4f681a778c50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--610ca985-dded-41db-9a9f-632afaf4a59f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.370084Z", + "modified": "2023-11-01T00:17:04.370084Z", + "name": "CVE-2023-37831", + "description": "An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--625e5791-6cee-4b47-b374-317fff71935d.json b/objects/vulnerability/vulnerability--625e5791-6cee-4b47-b374-317fff71935d.json new file mode 100644 index 00000000000..ad1b12a8163 --- /dev/null +++ b/objects/vulnerability/vulnerability--625e5791-6cee-4b47-b374-317fff71935d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e3a57970-bf33-4dad-869a-0d7bf561241b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--625e5791-6cee-4b47-b374-317fff71935d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:12.755162Z", + "modified": "2023-11-01T00:17:12.755162Z", + "name": "CVE-2022-3007", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-3007" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee.json b/objects/vulnerability/vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee.json new file mode 100644 index 00000000000..fe50ade8e52 --- /dev/null +++ b/objects/vulnerability/vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aecf3bbe-5eb6-43e0-9147-77ccde5444c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6416d0ec-6286-49ab-b330-d5b19db45aee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.686403Z", + "modified": "2023-11-01T00:17:03.686403Z", + "name": "CVE-2023-47094", + "description": "An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba.json b/objects/vulnerability/vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba.json new file mode 100644 index 00000000000..c4976efec15 --- /dev/null +++ b/objects/vulnerability/vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96ddca73-1395-40c8-b07a-6bd1e0d7af8d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--694990da-4fa4-4206-8cfb-259728cf31ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.180907Z", + "modified": "2023-11-01T00:17:06.180907Z", + "name": "CVE-2023-45899", + "description": "An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ae20ead-a80f-484b-997e-e717da839f20.json b/objects/vulnerability/vulnerability--6ae20ead-a80f-484b-997e-e717da839f20.json new file mode 100644 index 00000000000..ae439d3c65f --- /dev/null +++ b/objects/vulnerability/vulnerability--6ae20ead-a80f-484b-997e-e717da839f20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--948777a0-444b-433f-9594-8676f7256da1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ae20ead-a80f-484b-997e-e717da839f20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.853978Z", + "modified": "2023-11-01T00:17:03.853978Z", + "name": "CVE-2023-5863", + "description": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5863" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8.json b/objects/vulnerability/vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8.json new file mode 100644 index 00000000000..203f0cd61b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccf11400-320c-4ef3-a805-34993f24478c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cc93ded-1896-4da7-a1df-a794fb7f75d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.808842Z", + "modified": "2023-11-01T00:17:03.808842Z", + "name": "CVE-2023-5739", + "description": "Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5739" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055.json b/objects/vulnerability/vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055.json new file mode 100644 index 00000000000..052dc895b3a --- /dev/null +++ b/objects/vulnerability/vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d743a4a4-cd9c-42b8-b68b-a256efc4e107", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ee952ac-cc8f-45f7-ae60-60b77aeee055", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.744154Z", + "modified": "2023-11-01T00:17:06.744154Z", + "name": "CVE-2023-46239", + "description": "quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f.json b/objects/vulnerability/vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f.json new file mode 100644 index 00000000000..f19e9be57e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00b4ef51-aa33-4981-a07a-949bd82171ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6fcf4136-8708-4cb9-bc00-f19e9ca4d37f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.762391Z", + "modified": "2023-11-01T00:17:06.762391Z", + "name": "CVE-2023-46993", + "description": "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46993" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0.json b/objects/vulnerability/vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0.json new file mode 100644 index 00000000000..8c43cf5cfc4 --- /dev/null +++ b/objects/vulnerability/vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9be486c-d7fd-4388-80ec-17f8bf9e2194", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--702867c7-62ea-469e-abb3-9051ac54d6d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.870158Z", + "modified": "2023-11-01T00:17:03.870158Z", + "name": "CVE-2023-5211", + "description": "The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4.json b/objects/vulnerability/vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4.json new file mode 100644 index 00000000000..d5fedde04b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b60a73e-ba58-41f3-9bd6-623e4e040795", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70fd61d2-92f9-4f5f-8a6c-75cb293478f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.849767Z", + "modified": "2023-11-01T00:17:03.849767Z", + "name": "CVE-2023-5464", + "description": "The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5464" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7186b856-d894-4b7b-b28c-60191a90464f.json b/objects/vulnerability/vulnerability--7186b856-d894-4b7b-b28c-60191a90464f.json new file mode 100644 index 00000000000..f7a0e151fa6 --- /dev/null +++ b/objects/vulnerability/vulnerability--7186b856-d894-4b7b-b28c-60191a90464f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ad348f9-0966-4d86-abdf-6b89012b22d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7186b856-d894-4b7b-b28c-60191a90464f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.954528Z", + "modified": "2023-11-01T00:17:05.954528Z", + "name": "CVE-2023-44484", + "description": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222.json b/objects/vulnerability/vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222.json new file mode 100644 index 00000000000..27d672e71ee --- /dev/null +++ b/objects/vulnerability/vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--213bcaf8-ade2-4088-8eee-5b7c3a136a1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73013861-3fa7-4ef3-b0d1-84a19fb51222", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.404046Z", + "modified": "2023-11-01T00:17:05.404046Z", + "name": "CVE-2023-42425", + "description": "An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42425" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb.json b/objects/vulnerability/vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb.json new file mode 100644 index 00000000000..6540ae29610 --- /dev/null +++ b/objects/vulnerability/vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1026a6d-6dc9-4680-960d-40dd6391cde5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--73bf6b0c-7e98-4014-bcc2-433f029b48fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.006607Z", + "modified": "2023-11-01T00:17:06.006607Z", + "name": "CVE-2023-31212", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7.json b/objects/vulnerability/vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7.json new file mode 100644 index 00000000000..221a687e7e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7187f3d9-eeb6-4c98-9cd3-d01a1bac86cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7444d1c7-7fc5-404c-9f75-197cfea437d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.736941Z", + "modified": "2023-11-01T00:17:06.736941Z", + "name": "CVE-2023-46484", + "description": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4.json b/objects/vulnerability/vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4.json new file mode 100644 index 00000000000..65efc6576e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51b6ef0c-00ca-41d8-b8ee-1c2114d3722a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7450e4c4-ccfa-4e35-8b0b-d2049939edf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.553741Z", + "modified": "2023-11-01T00:17:06.553741Z", + "name": "CVE-2023-20886", + "description": "VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-20886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77893c45-5c92-45d1-9689-251e9261769d.json b/objects/vulnerability/vulnerability--77893c45-5c92-45d1-9689-251e9261769d.json new file mode 100644 index 00000000000..c7c7d80df1e --- /dev/null +++ b/objects/vulnerability/vulnerability--77893c45-5c92-45d1-9689-251e9261769d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6d58546-e3c3-4999-ad8d-f062f401e81a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77893c45-5c92-45d1-9689-251e9261769d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.210478Z", + "modified": "2023-11-01T00:17:06.210478Z", + "name": "CVE-2023-45378", + "description": "In the module \"PrestaBlog\" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45378" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7.json b/objects/vulnerability/vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7.json new file mode 100644 index 00000000000..8ac5ef2a4fc --- /dev/null +++ b/objects/vulnerability/vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df8d5dbd-fc33-461d-868c-f9b0347a1545", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78f016ae-26ea-4bac-8de5-04ddc31e78e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.413931Z", + "modified": "2023-11-01T00:17:05.413931Z", + "name": "CVE-2023-42658", + "description": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79edd33f-f619-4101-b002-12f6aba06a04.json b/objects/vulnerability/vulnerability--79edd33f-f619-4101-b002-12f6aba06a04.json new file mode 100644 index 00000000000..0525ae92d55 --- /dev/null +++ b/objects/vulnerability/vulnerability--79edd33f-f619-4101-b002-12f6aba06a04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d23d941-c2a7-47b8-8ab0-6ca841cfed19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79edd33f-f619-4101-b002-12f6aba06a04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.891674Z", + "modified": "2023-11-01T00:17:03.891674Z", + "name": "CVE-2023-5864", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5864" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae.json b/objects/vulnerability/vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae.json new file mode 100644 index 00000000000..95b9902072a --- /dev/null +++ b/objects/vulnerability/vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9bcdc66-2d66-4e35-85fb-ae53fbc0abfb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7aec52f7-9273-4710-9521-cd77b41c9bae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.554569Z", + "modified": "2023-11-01T00:17:04.554569Z", + "name": "CVE-2023-36263", + "description": "Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7.json b/objects/vulnerability/vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7.json new file mode 100644 index 00000000000..1b4addd6e82 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9773ace3-7d4c-4ceb-85a3-be298111a6b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b80e8f6-d9e9-493a-b3dd-b7565dcd28b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.798564Z", + "modified": "2023-11-01T00:17:03.798564Z", + "name": "CVE-2023-5430", + "description": "The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5430" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3.json b/objects/vulnerability/vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3.json new file mode 100644 index 00000000000..ac3155064a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5597ae4-e856-4807-8713-d0bf3dc3c64b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d6f24de-0bad-46dc-8310-34eb99442cc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.676311Z", + "modified": "2023-11-01T00:17:06.676311Z", + "name": "CVE-2023-46978", + "description": "TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd.json b/objects/vulnerability/vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd.json new file mode 100644 index 00000000000..bd1fce69e83 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e31d19ec-f010-40b8-a8d2-91631c3aa0b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f9e6469-7313-4425-bcca-a1bcb11171cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.764559Z", + "modified": "2023-11-01T00:17:06.764559Z", + "name": "CVE-2023-46451", + "description": "Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f.json b/objects/vulnerability/vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f.json new file mode 100644 index 00000000000..f5aea749323 --- /dev/null +++ b/objects/vulnerability/vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0545825-4c12-4de8-92a5-5eb7bc80396a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80df2f78-439f-49ae-b8a5-d78156ffdf1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.77717Z", + "modified": "2023-11-01T00:17:04.77717Z", + "name": "CVE-2023-24410", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-24410" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82668e45-a855-4990-80e7-1923cd6260ad.json b/objects/vulnerability/vulnerability--82668e45-a855-4990-80e7-1923cd6260ad.json new file mode 100644 index 00000000000..efa0eab006b --- /dev/null +++ b/objects/vulnerability/vulnerability--82668e45-a855-4990-80e7-1923cd6260ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c1ca89a-5b20-465e-b9ec-de79d6607c9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82668e45-a855-4990-80e7-1923cd6260ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.70364Z", + "modified": "2023-11-01T00:17:06.70364Z", + "name": "CVE-2023-46235", + "description": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa.json b/objects/vulnerability/vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa.json new file mode 100644 index 00000000000..d66843f82cc --- /dev/null +++ b/objects/vulnerability/vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c9541c6-9c77-40c4-9e64-4d35ba11826f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83baac5e-bf34-40fa-9d37-f153c22fdbfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.665171Z", + "modified": "2023-11-01T00:17:03.665171Z", + "name": "CVE-2023-47095", + "description": "An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47095" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090.json b/objects/vulnerability/vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090.json new file mode 100644 index 00000000000..6e5a214f53a --- /dev/null +++ b/objects/vulnerability/vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16b655d1-12b4-46b4-a3a8-d0106e34f9bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84c39ab3-1348-4076-9026-1e51cdaf8090", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.516055Z", + "modified": "2023-11-01T00:17:05.516055Z", + "name": "CVE-2023-4836", + "description": "The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4836" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe.json b/objects/vulnerability/vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe.json new file mode 100644 index 00000000000..a8d7aab5a83 --- /dev/null +++ b/objects/vulnerability/vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f8410f0-45b8-4a39-a9c3-c6d5f0e88b07", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85f3c1c5-c1ca-413a-a589-de06e879acbe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.803203Z", + "modified": "2023-11-01T00:17:03.803203Z", + "name": "CVE-2023-5434", + "description": "The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9.json b/objects/vulnerability/vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9.json new file mode 100644 index 00000000000..144afd96bf0 --- /dev/null +++ b/objects/vulnerability/vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81df6f9e-b52b-490c-9def-11822ccf0867", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86fbaa23-ecc8-4d33-9852-05d263f314f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.899654Z", + "modified": "2023-11-01T00:17:03.899654Z", + "name": "CVE-2023-5412", + "description": "The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--880acf50-fc94-420b-a625-871506fef8bb.json b/objects/vulnerability/vulnerability--880acf50-fc94-420b-a625-871506fef8bb.json new file mode 100644 index 00000000000..ffa9a877aae --- /dev/null +++ b/objects/vulnerability/vulnerability--880acf50-fc94-420b-a625-871506fef8bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--630af311-c06f-4c2f-8f12-60738bec50d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--880acf50-fc94-420b-a625-871506fef8bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.477183Z", + "modified": "2023-11-01T00:17:05.477183Z", + "name": "CVE-2023-4390", + "description": "The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f.json b/objects/vulnerability/vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f.json new file mode 100644 index 00000000000..40d9e333abb --- /dev/null +++ b/objects/vulnerability/vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f8009e4-05df-465a-95f0-1c0a11616058", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b2ea167-3c25-452f-9879-21b920d7f01f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.698151Z", + "modified": "2023-11-01T00:17:06.698151Z", + "name": "CVE-2023-46992", + "description": "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46992" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0.json b/objects/vulnerability/vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0.json new file mode 100644 index 00000000000..2add74f189c --- /dev/null +++ b/objects/vulnerability/vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72ce3aa7-789f-42e2-a102-43bfaa2a739d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--955f8e1c-caf1-405b-9ef2-ba2949a845e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:16:50.355396Z", + "modified": "2023-11-01T00:16:50.355396Z", + "name": "CVE-2015-0897", + "description": "LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2015-0897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886.json b/objects/vulnerability/vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886.json new file mode 100644 index 00000000000..4ad48a401da --- /dev/null +++ b/objects/vulnerability/vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5cdc29c-b985-4c49-a1c3-7dac6af261d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--963b5037-9296-4b97-b2b3-6f27ffa11886", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.69529Z", + "modified": "2023-11-01T00:17:06.69529Z", + "name": "CVE-2023-46245", + "description": "Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46245" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6.json b/objects/vulnerability/vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6.json new file mode 100644 index 00000000000..9234ba20bd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--339cc739-3777-4d89-89c5-362717679658", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96bdc969-5ad8-4154-acfa-5bd593ab53f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.885075Z", + "modified": "2023-11-01T00:17:03.885075Z", + "name": "CVE-2023-5429", + "description": "The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5429" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21.json b/objects/vulnerability/vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21.json new file mode 100644 index 00000000000..e3a2cc9ffd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--189e88c0-3016-4a59-af40-dd714ecf143e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96e60ca5-22a0-45d2-800c-2fece48d8f21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.754948Z", + "modified": "2023-11-01T00:17:06.754948Z", + "name": "CVE-2023-46723", + "description": "lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46723" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581.json b/objects/vulnerability/vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581.json new file mode 100644 index 00000000000..24a080ce9e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9489e0b-0168-4f4f-aa50-246abbf95e39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c922f88-0cac-4971-8cb0-85b557ca0581", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.871553Z", + "modified": "2023-11-01T00:17:03.871553Z", + "name": "CVE-2023-5433", + "description": "The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5433" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933.json b/objects/vulnerability/vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933.json new file mode 100644 index 00000000000..261ca3dfb74 --- /dev/null +++ b/objects/vulnerability/vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac499e2a-fc12-41b0-8b55-6a536da985ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9cb56056-0eed-4559-b1b9-7bf46ca85933", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.873667Z", + "modified": "2023-11-01T00:17:03.873667Z", + "name": "CVE-2023-5431", + "description": "The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5431" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d593607-3c0d-4e95-b097-6c049682468e.json b/objects/vulnerability/vulnerability--9d593607-3c0d-4e95-b097-6c049682468e.json new file mode 100644 index 00000000000..5b131ac0b8f --- /dev/null +++ b/objects/vulnerability/vulnerability--9d593607-3c0d-4e95-b097-6c049682468e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4827f565-50a0-4f33-abdd-facab1532682", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d593607-3c0d-4e95-b097-6c049682468e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.68413Z", + "modified": "2023-11-01T00:17:03.68413Z", + "name": "CVE-2023-47098", + "description": "An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the \"Real name or description\" field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532.json b/objects/vulnerability/vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532.json new file mode 100644 index 00000000000..bc225b59d1a --- /dev/null +++ b/objects/vulnerability/vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1556298-c6f4-4784-a5ea-7685149714ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a38415eb-b9a7-4c52-ada0-5c8bbf647532", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.620949Z", + "modified": "2023-11-01T00:17:04.620949Z", + "name": "CVE-2023-36508", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7.json b/objects/vulnerability/vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7.json new file mode 100644 index 00000000000..c50d21e9336 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d0dfa34-d67c-45da-9c9d-d17519701f00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3cb87d3-aa29-4595-b0ee-abd06483a4f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.817748Z", + "modified": "2023-11-01T00:17:03.817748Z", + "name": "CVE-2023-5229", + "description": "The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9.json b/objects/vulnerability/vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9.json new file mode 100644 index 00000000000..7be81085d8c --- /dev/null +++ b/objects/vulnerability/vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--641a58ea-ed55-42e5-a7c7-50e724a73207", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a43db0b9-4a90-4b6f-8a31-9a7f2f0f69a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.609034Z", + "modified": "2023-11-01T00:17:06.609034Z", + "name": "CVE-2023-28777", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28777" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a447731d-29ee-4065-924b-295349f83100.json b/objects/vulnerability/vulnerability--a447731d-29ee-4065-924b-295349f83100.json new file mode 100644 index 00000000000..8f6e5f90714 --- /dev/null +++ b/objects/vulnerability/vulnerability--a447731d-29ee-4065-924b-295349f83100.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3de6d84d-c0b8-4ecf-b290-82fb00a6583e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a447731d-29ee-4065-924b-295349f83100", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.655376Z", + "modified": "2023-11-01T00:17:03.655376Z", + "name": "CVE-2023-47097", + "description": "An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47097" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be.json b/objects/vulnerability/vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be.json new file mode 100644 index 00000000000..5f595677d0c --- /dev/null +++ b/objects/vulnerability/vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d766d927-bf77-4320-ac17-d140d9e2688b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7603ffa-048c-4473-9d7f-a1d2690974be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.752536Z", + "modified": "2023-11-01T00:17:06.752536Z", + "name": "CVE-2023-46979", + "description": "TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d.json b/objects/vulnerability/vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d.json new file mode 100644 index 00000000000..086dbec577c --- /dev/null +++ b/objects/vulnerability/vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8e724de-468c-41ff-9b5b-3ad17bf0b2b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac507362-b7a3-44d1-a958-038d5cfb345d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.682053Z", + "modified": "2023-11-01T00:17:03.682053Z", + "name": "CVE-2023-47096", + "description": "An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6.json b/objects/vulnerability/vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6.json new file mode 100644 index 00000000000..80156519ed2 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e413d68-ea25-47fd-9e21-982ceff3be05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac7b1d34-24bb-4bfd-8db6-93b13591c6d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.692987Z", + "modified": "2023-11-01T00:17:06.692987Z", + "name": "CVE-2023-46356", + "description": "In the module \"CSV Feeds PRO\" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8.json b/objects/vulnerability/vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8.json new file mode 100644 index 00000000000..c445bdc4a5d --- /dev/null +++ b/objects/vulnerability/vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bc9ea27-7996-48a4-acc8-259e536e39bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af1c3615-66f1-48b6-970c-68d5b85aedc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:11.283471Z", + "modified": "2023-11-01T00:17:11.283471Z", + "name": "CVE-2016-1203", + "description": "Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2016-1203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b08277ba-d357-408b-b811-37c12848e0e8.json b/objects/vulnerability/vulnerability--b08277ba-d357-408b-b811-37c12848e0e8.json new file mode 100644 index 00000000000..dd8088645cb --- /dev/null +++ b/objects/vulnerability/vulnerability--b08277ba-d357-408b-b811-37c12848e0e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b74de40-c7cd-44c3-aa2e-d784d9afe46f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b08277ba-d357-408b-b811-37c12848e0e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.857332Z", + "modified": "2023-11-01T00:17:03.857332Z", + "name": "CVE-2023-5439", + "description": "The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5439" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609.json b/objects/vulnerability/vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609.json new file mode 100644 index 00000000000..626dd08a89f --- /dev/null +++ b/objects/vulnerability/vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3e93a186-54c8-436e-a94d-46ebbeb8b3fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b359d9a6-e6f2-49e3-afaa-e23656d49609", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.50062Z", + "modified": "2023-11-01T00:17:04.50062Z", + "name": "CVE-2023-38994", + "description": "An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38994" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047.json b/objects/vulnerability/vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047.json new file mode 100644 index 00000000000..f2256a5be6d --- /dev/null +++ b/objects/vulnerability/vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4edc9613-3f43-43c7-afcc-58b63e1f6264", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b42e94d5-8e89-491f-a0c4-f4c743f3b047", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.483303Z", + "modified": "2023-11-01T00:17:05.483303Z", + "name": "CVE-2023-4251", + "description": "The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4251" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be.json b/objects/vulnerability/vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be.json new file mode 100644 index 00000000000..5f87757775b --- /dev/null +++ b/objects/vulnerability/vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fd15b72-3fa1-4e2b-9a02-2449660eba5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b99fe14e-5a1c-4bd0-a786-037fe45a14be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.865481Z", + "modified": "2023-11-01T00:17:03.865481Z", + "name": "CVE-2023-5428", + "description": "The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7.json b/objects/vulnerability/vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7.json new file mode 100644 index 00000000000..4286ebc5ac1 --- /dev/null +++ b/objects/vulnerability/vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e9adc39-00cb-4a3c-9722-cfaa329d4c81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbb71a37-e41b-4258-a1c5-b0253c1c2ca7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.1769Z", + "modified": "2023-11-01T00:17:06.1769Z", + "name": "CVE-2023-45955", + "description": "An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd9bb936-d555-428e-aed2-483e466771db.json b/objects/vulnerability/vulnerability--bd9bb936-d555-428e-aed2-483e466771db.json new file mode 100644 index 00000000000..853b8058200 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd9bb936-d555-428e-aed2-483e466771db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c4b0fe3-6284-4fc0-a88c-09294bcaafc9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd9bb936-d555-428e-aed2-483e466771db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.320708Z", + "modified": "2023-11-01T00:17:04.320708Z", + "name": "CVE-2023-43796", + "description": "Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-43796" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4.json b/objects/vulnerability/vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4.json new file mode 100644 index 00000000000..c7ece2fc738 --- /dev/null +++ b/objects/vulnerability/vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0295070-b84c-4dbe-9bb7-9090a3c19bac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf990e5d-1030-445f-b1e4-f364ba70a4b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.858879Z", + "modified": "2023-11-01T00:17:03.858879Z", + "name": "CVE-2023-5307", + "description": "The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5307" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44.json b/objects/vulnerability/vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44.json new file mode 100644 index 00000000000..482677ecd95 --- /dev/null +++ b/objects/vulnerability/vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae2ca2a8-3d99-4c10-bc73-2699f3f2d21d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c416a797-e95b-4f50-a4e0-3f39b3319e44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.718203Z", + "modified": "2023-11-01T00:17:06.718203Z", + "name": "CVE-2023-46250", + "description": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce.json b/objects/vulnerability/vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce.json new file mode 100644 index 00000000000..77ecf4e2d2e --- /dev/null +++ b/objects/vulnerability/vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--904fb80b-e061-4e04-a2d3-5d7262708a3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6996823-344f-4a47-bf0f-40fdf2b508ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.975345Z", + "modified": "2023-11-01T00:17:04.975345Z", + "name": "CVE-2023-40050", + "description": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40050" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca.json b/objects/vulnerability/vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca.json new file mode 100644 index 00000000000..ae3d866b078 --- /dev/null +++ b/objects/vulnerability/vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53011708-f42e-4230-bee4-70da6973441b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c78bca41-436e-46e1-9582-72840ca8bbca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.700923Z", + "modified": "2023-11-01T00:17:06.700923Z", + "name": "CVE-2023-46622", + "description": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.18.2 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c.json b/objects/vulnerability/vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c.json new file mode 100644 index 00000000000..c310b72c141 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b806211-3d96-4c9d-bac5-ec4beac8fcbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd5198c1-714e-4224-9fd4-cb1e42e0fa7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.860756Z", + "modified": "2023-11-01T00:17:03.860756Z", + "name": "CVE-2023-5458", + "description": "The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5458" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd917260-9d12-449d-a922-027d5346b0dd.json b/objects/vulnerability/vulnerability--cd917260-9d12-449d-a922-027d5346b0dd.json new file mode 100644 index 00000000000..a571e246103 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd917260-9d12-449d-a922-027d5346b0dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a18cc14-0165-42b7-a090-f98ae5a28476", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd917260-9d12-449d-a922-027d5346b0dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.750988Z", + "modified": "2023-11-01T00:17:06.750988Z", + "name": "CVE-2023-46240", + "description": "CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3.json b/objects/vulnerability/vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3.json new file mode 100644 index 00000000000..2dc2d232ef0 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54ec5a6b-cb42-4e8d-a53c-53e9f98ee552", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2fc7a6f-89a2-4577-be95-aae0c83e5fd3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.470247Z", + "modified": "2023-11-01T00:17:05.470247Z", + "name": "CVE-2023-4250", + "description": "The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e.json b/objects/vulnerability/vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e.json new file mode 100644 index 00000000000..f05635ca7b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7736390-f4dc-4714-80c3-742dd8c37e00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d61f3b9b-d568-4382-8988-c3227f28046e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.720027Z", + "modified": "2023-11-01T00:17:06.720027Z", + "name": "CVE-2023-46237", + "description": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34.json b/objects/vulnerability/vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34.json new file mode 100644 index 00000000000..2994f9d85d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9691f3e-0899-4127-8199-dd02a68f396e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d88db7fc-3f44-422b-9a3a-2af9e5611e34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.770601Z", + "modified": "2023-11-01T00:17:03.770601Z", + "name": "CVE-2023-5114", + "description": "The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d974027f-bb4d-4383-82fa-a8064582594a.json b/objects/vulnerability/vulnerability--d974027f-bb4d-4383-82fa-a8064582594a.json new file mode 100644 index 00000000000..ccf4bc063c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d974027f-bb4d-4383-82fa-a8064582594a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--696e7f38-6a0e-46c9-95cd-b42cbf04e341", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d974027f-bb4d-4383-82fa-a8064582594a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.236863Z", + "modified": "2023-11-01T00:17:05.236863Z", + "name": "CVE-2023-39695", + "description": "Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25.json b/objects/vulnerability/vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25.json new file mode 100644 index 00000000000..f8ca7117dc5 --- /dev/null +++ b/objects/vulnerability/vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd635bc6-0bb7-4f0f-8e09-29c81aaf5051", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da9adc75-9105-413b-8012-e0a4670b1c25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.685572Z", + "modified": "2023-11-01T00:17:06.685572Z", + "name": "CVE-2023-46249", + "description": "authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46249" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e.json b/objects/vulnerability/vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e.json new file mode 100644 index 00000000000..d6ac64e98c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fea714d-26ea-4f62-aa9a-98fccb98c08b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df671464-4a86-4ee0-beeb-a68845e87d8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.741996Z", + "modified": "2023-11-01T00:17:06.741996Z", + "name": "CVE-2023-46378", + "description": "Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46378" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e.json b/objects/vulnerability/vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e.json new file mode 100644 index 00000000000..1d56f27f80a --- /dev/null +++ b/objects/vulnerability/vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09ee5bc3-a20d-46e1-aaf4-1e62670267ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e19ffcba-943c-466f-991e-b633b8870d2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.481422Z", + "modified": "2023-11-01T00:17:05.481422Z", + "name": "CVE-2023-4823", + "description": "The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d.json b/objects/vulnerability/vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d.json new file mode 100644 index 00000000000..8a4707b2145 --- /dev/null +++ b/objects/vulnerability/vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3460b1a-c4bb-4079-b498-d13dabd4d407", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5ef6da5-dbca-42f7-9031-1af563d88a5d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.688632Z", + "modified": "2023-11-01T00:17:03.688632Z", + "name": "CVE-2023-47099", + "description": "An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a.json b/objects/vulnerability/vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a.json new file mode 100644 index 00000000000..f8c71f4f026 --- /dev/null +++ b/objects/vulnerability/vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2872c5bf-61e2-49f4-b0bc-9f86fa77a4b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e96bddc6-0ef5-4d62-aea7-5f018324af7a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:04.184533Z", + "modified": "2023-11-01T00:17:04.184533Z", + "name": "CVE-2023-22518", + "description": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-22518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea08a136-7685-45df-a638-9c88557e8834.json b/objects/vulnerability/vulnerability--ea08a136-7685-45df-a638-9c88557e8834.json new file mode 100644 index 00000000000..d7018ca4142 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea08a136-7685-45df-a638-9c88557e8834.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12f792d5-9c9f-43ef-983f-7a02a1bfcc90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea08a136-7685-45df-a638-9c88557e8834", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.894829Z", + "modified": "2023-11-01T00:17:03.894829Z", + "name": "CVE-2023-5436", + "description": "The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb24970d-4628-4c15-8417-680c88f2911f.json b/objects/vulnerability/vulnerability--eb24970d-4628-4c15-8417-680c88f2911f.json new file mode 100644 index 00000000000..2d1232935a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb24970d-4628-4c15-8417-680c88f2911f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07b270bf-6dc0-49a3-97bf-5dd2a6319b14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb24970d-4628-4c15-8417-680c88f2911f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.037352Z", + "modified": "2023-11-01T00:17:06.037352Z", + "name": "CVE-2023-31794", + "description": "MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b.json b/objects/vulnerability/vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b.json new file mode 100644 index 00000000000..9a94656ba89 --- /dev/null +++ b/objects/vulnerability/vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43609f32-0ea1-48a3-943a-953dd2f5c9f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f713c866-8afb-4a67-990e-2cef06ea5e3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.74601Z", + "modified": "2023-11-01T00:17:06.74601Z", + "name": "CVE-2023-46722", + "description": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46722" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea.json b/objects/vulnerability/vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea.json new file mode 100644 index 00000000000..ecbab326dc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56a34acd-086c-426e-a289-bbccb5a3a436", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f7867bf9-7e1b-4a3f-ae76-6a626569d0ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:06.201487Z", + "modified": "2023-11-01T00:17:06.201487Z", + "name": "CVE-2023-45996", + "description": "SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-45996" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f887dbe0-6522-44cf-a828-104e5233be78.json b/objects/vulnerability/vulnerability--f887dbe0-6522-44cf-a828-104e5233be78.json new file mode 100644 index 00000000000..69afb7aaf58 --- /dev/null +++ b/objects/vulnerability/vulnerability--f887dbe0-6522-44cf-a828-104e5233be78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb5cbe1f-018f-4eb8-b4a1-d9bf463a8a0c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f887dbe0-6522-44cf-a828-104e5233be78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:03.886926Z", + "modified": "2023-11-01T00:17:03.886926Z", + "name": "CVE-2023-5243", + "description": "The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5243" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec.json b/objects/vulnerability/vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec.json new file mode 100644 index 00000000000..6c063f732ab --- /dev/null +++ b/objects/vulnerability/vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15e452c0-23d6-47d2-8376-c772c4d0a869", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8ada99c-9dd5-40b9-95ec-24be998e89ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:16:50.316084Z", + "modified": "2023-11-01T00:16:50.316084Z", + "name": "CVE-2015-2968", + "description": "LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2015-2968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3.json b/objects/vulnerability/vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3.json new file mode 100644 index 00000000000..f40a7d43e6b --- /dev/null +++ b/objects/vulnerability/vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8cb6559-7659-49dd-9ced-1ae9b6ce8864", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbc95103-52ad-40a5-b938-50d148757eb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.380898Z", + "modified": "2023-11-01T00:17:05.380898Z", + "name": "CVE-2023-27846", + "description": "SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-27846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691.json b/objects/vulnerability/vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691.json new file mode 100644 index 00000000000..1a8f8718877 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ecbabb1-5581-4b5e-8d84-86bbad05282a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe10d803-491b-4d94-b8e2-55e0aab35691", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-11-01T00:17:05.157437Z", + "modified": "2023-11-01T00:17:05.157437Z", + "name": "CVE-2023-3676", + "description": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3676" + } + ] + } + ] +} \ No newline at end of file