diff --git a/mapping.csv b/mapping.csv index 93434c89333..4f660c032f9 100644 --- a/mapping.csv +++ b/mapping.csv @@ -260698,3 +260698,97 @@ vulnerability,CVE-2022-40733,vulnerability--80643042-539a-44e4-95de-f2192d9db339 vulnerability,CVE-2023-50956,vulnerability--a7def47a-b636-4e47-b6a1-58a404958fd4 vulnerability,CVE-2023-34990,vulnerability--af1b8a2d-a0f9-45bd-9dd7-468366634f50 vulnerability,CVE-2023-21586,vulnerability--3fed3aec-0b25-427d-9228-28eddbd9038b +vulnerability,CVE-2024-51471,vulnerability--12a86d4c-59bf-470f-9a12-da29136a93fc +vulnerability,CVE-2024-51532,vulnerability--f4e9daa9-6e26-4d9d-9c89-3f1c50f14348 +vulnerability,CVE-2024-52896,vulnerability--839b1dee-e34c-4d6f-a83b-25a07502fe69 +vulnerability,CVE-2024-52897,vulnerability--4a77cf95-276a-4c77-8fdb-1d2d09cfd5c7 +vulnerability,CVE-2024-52794,vulnerability--573f2276-a7af-44d9-acad-8de7f6a13c99 +vulnerability,CVE-2024-52589,vulnerability--109d998d-7d76-4fce-aeb3-34251fb9e09c +vulnerability,CVE-2024-45818,vulnerability--d786116d-6f69-4021-9630-6cfe797b12db +vulnerability,CVE-2024-45401,vulnerability--509d5725-e8ee-464c-848c-dabc6f592af9 +vulnerability,CVE-2024-45819,vulnerability--d31d7fdf-2301-47aa-a01b-f8328bb349b1 +vulnerability,CVE-2024-12783,vulnerability--b7850c0e-d3fb-439c-8362-05adad0bc255 +vulnerability,CVE-2024-12792,vulnerability--0639d182-fabe-4218-8626-d910af233ed7 +vulnerability,CVE-2024-12788,vulnerability--d99551a3-0165-4b87-989f-571de0e0d50a +vulnerability,CVE-2024-12793,vulnerability--968eec84-265b-449f-a9cd-c13e00b6da0a +vulnerability,CVE-2024-12798,vulnerability--8b1e9570-4917-4e42-aea9-fb619c6f7531 +vulnerability,CVE-2024-12331,vulnerability--48fe7085-6b25-4976-a603-f2adeca4fb9e +vulnerability,CVE-2024-12700,vulnerability--e9575d4e-7d10-4284-b27b-7679b0f08b1f +vulnerability,CVE-2024-12626,vulnerability--c1bcceb3-e1ef-4107-9369-702a7e46da30 +vulnerability,CVE-2024-12569,vulnerability--e3579bc6-6f69-4e86-9b4b-a9155a7eba60 +vulnerability,CVE-2024-12789,vulnerability--3b1cbff4-c141-411d-9e09-af105025074f +vulnerability,CVE-2024-12729,vulnerability--acfde247-1ad3-4dff-9cf3-3f5da05ab426 +vulnerability,CVE-2024-12794,vulnerability--aabbc92d-2a56-4278-a2ee-7157f4a35b68 +vulnerability,CVE-2024-12727,vulnerability--e530b50d-ebda-427d-99f1-4d4da947ca14 +vulnerability,CVE-2024-12801,vulnerability--b2181c9d-c07d-4099-8ffb-db387a7274a2 +vulnerability,CVE-2024-12791,vulnerability--26f677c7-004d-4037-a843-3a75d70daabb +vulnerability,CVE-2024-12786,vulnerability--84303e96-db6c-4c18-af2d-9bb890969b8e +vulnerability,CVE-2024-12560,vulnerability--828506b0-3437-42cd-ad9c-35f68a70884f +vulnerability,CVE-2024-12790,vulnerability--08d65725-420a-4cba-bf56-2a7f9e436036 +vulnerability,CVE-2024-12175,vulnerability--ba053b99-9128-4a18-9729-636ea92cc80c +vulnerability,CVE-2024-12787,vulnerability--6d4fd1e0-7c9f-4b39-a834-4e0970114bc4 +vulnerability,CVE-2024-12728,vulnerability--414dddfc-9a37-4f7c-8b28-e02e677a5687 +vulnerability,CVE-2024-12785,vulnerability--7a2dcc77-3fe6-4fa2-a9f2-da44ae3e2043 +vulnerability,CVE-2024-12121,vulnerability--5f111806-315c-4505-bdd8-b901f61b8dfa +vulnerability,CVE-2024-12782,vulnerability--76d2b44f-1cdd-4568-b99d-35d7845ed6cd +vulnerability,CVE-2024-12111,vulnerability--c98fee7f-6f81-4d76-84ca-266fc6b6a883 +vulnerability,CVE-2024-12784,vulnerability--c1e559a3-da29-4882-867e-e7ed009acbc8 +vulnerability,CVE-2024-12672,vulnerability--799c65a3-d062-4f6f-990b-b1333251d01d +vulnerability,CVE-2024-10244,vulnerability--c54255d0-9fe7-4ff0-b994-c34173dd1f22 +vulnerability,CVE-2024-10548,vulnerability--b8b0cd94-2963-41ca-9e29-8e48d637991e +vulnerability,CVE-2024-9102,vulnerability--1ffa36fd-10bf-4b52-8d0a-32d460397d14 +vulnerability,CVE-2024-9154,vulnerability--f9bb5877-89da-4c92-b267-5316778d1ebe +vulnerability,CVE-2024-9101,vulnerability--f1223fb0-1dd5-4986-8932-88947d848d78 +vulnerability,CVE-2024-47093,vulnerability--bffb2b85-6304-4a02-85fc-bf006cc3cd9b +vulnerability,CVE-2024-7139,vulnerability--b83b13df-c6b8-4cb3-8178-695af5fdd391 +vulnerability,CVE-2024-7138,vulnerability--7368183c-ce5f-4d06-9e1d-582c5e04d549 +vulnerability,CVE-2024-7137,vulnerability--50ec9736-36ca-4f4c-9012-21a97fcd8733 +vulnerability,CVE-2024-25131,vulnerability--cb0528c0-953c-4c6b-b932-d042c07af80c +vulnerability,CVE-2024-11768,vulnerability--794dc436-f7e9-4e3c-9b46-c1c46026a67a +vulnerability,CVE-2024-11616,vulnerability--75ff85d2-95e6-4be3-b75c-ef8544bb870e +vulnerability,CVE-2024-11364,vulnerability--80eb9125-ae12-48ac-8c3d-0fb081d84037 +vulnerability,CVE-2024-11157,vulnerability--cedcc414-790e-4634-88de-474f73adc10b +vulnerability,CVE-2024-11740,vulnerability--53e96827-69de-48e4-b233-eb7ec51120e4 +vulnerability,CVE-2024-11984,vulnerability--9376b4ae-ff3c-40ed-8a7e-9057a9ae5c2d +vulnerability,CVE-2024-53991,vulnerability--eaa856ee-ab28-469e-b591-fddc0d281ffb +vulnerability,CVE-2024-38864,vulnerability--0b6dc313-162c-428b-bffb-0692e4c6f958 +vulnerability,CVE-2024-38819,vulnerability--bb21dda6-0417-4300-8a29-fc04afd5fe8c +vulnerability,CVE-2024-37962,vulnerability--820ad9eb-1a41-4bd4-8688-216a0bc76de2 +vulnerability,CVE-2024-35141,vulnerability--372a8a0c-a5ac-4937-9db8-58b59b7186d9 +vulnerability,CVE-2024-54984,vulnerability--6e9131e9-6613-44e4-82e7-fa4568fe5e90 +vulnerability,CVE-2024-54663,vulnerability--0494934e-6727-48ca-a851-8768c3826500 +vulnerability,CVE-2024-54982,vulnerability--f8ce61eb-b59c-42c2-a163-f2706f5909ec +vulnerability,CVE-2024-54790,vulnerability--0fbe0487-0254-4ee7-9d64-04327bc4f40a +vulnerability,CVE-2024-54983,vulnerability--56b73ddb-ab86-4665-879d-bcff1c74de3e +vulnerability,CVE-2024-54009,vulnerability--c16948c6-7c5c-49fe-92d1-6bd02b8db2d6 +vulnerability,CVE-2024-54150,vulnerability--fa7c2765-a35b-4dd3-bb09-d6e2eb3317cb +vulnerability,CVE-2024-55196,vulnerability--84b28320-2ca2-494f-9ab7-4726db0f4b52 +vulnerability,CVE-2024-55082,vulnerability--84c290e3-ae05-44fb-9bcc-3a1c9cf668df +vulnerability,CVE-2024-55081,vulnerability--837ca77d-36e2-476a-af3f-a2006aa8abc8 +vulnerability,CVE-2024-49336,vulnerability--91ed746c-a3fa-47e4-a333-d915ae4683c5 +vulnerability,CVE-2024-49765,vulnerability--96528570-3de7-405a-aaac-8b45b3da76dd +vulnerability,CVE-2024-56159,vulnerability--ff5a2f7f-559c-411c-99ac-1514e8c7dd12 +vulnerability,CVE-2024-56327,vulnerability--f8ca1b6e-1032-4503-8ad9-038a4eca5388 +vulnerability,CVE-2024-56200,vulnerability--4bd7ad4f-9510-4d1c-9a3e-35427a2c116a +vulnerability,CVE-2024-2201,vulnerability--040c86bf-07ba-4dc7-8203-275301ac0546 +vulnerability,CVE-2024-4230,vulnerability--a183cb99-1a24-4f1e-8efb-08b682a3dbda +vulnerability,CVE-2024-4229,vulnerability--87a908a5-dd42-4a45-8a3a-aedb56ae1cea +vulnerability,CVE-2021-39081,vulnerability--cde3e840-9b5f-48f1-ab38-7f0653079ebf +vulnerability,CVE-2021-26102,vulnerability--3fb56dbe-ebfe-4f71-9d3a-75c735d5cf5f +vulnerability,CVE-2021-26115,vulnerability--021fdcef-75ed-48d5-a579-232fbaea9ef2 +vulnerability,CVE-2021-26093,vulnerability--15618042-9893-4e6a-bd0c-78aa9ae0e351 +vulnerability,CVE-2021-22501,vulnerability--793c6118-358c-4b5f-8183-d863c03f2f39 +vulnerability,CVE-2021-32589,vulnerability--5e762443-b34d-4613-998a-9a5b0abcebb4 +vulnerability,CVE-2022-33954,vulnerability--b7f98fa7-0ff0-487b-8d64-e1850b8c4b8b +vulnerability,CVE-2022-27595,vulnerability--8e1f341d-c6b4-4756-930c-8a5cb2b3c93e +vulnerability,CVE-2022-27600,vulnerability--67ea55f8-0253-4ab7-b87b-f1da1cda7bc0 +vulnerability,CVE-2023-30443,vulnerability--ff2e5cfe-f775-4d8b-9aa8-54ceece9341b +vulnerability,CVE-2023-7005,vulnerability--a7547e1f-bd01-47d0-bb36-aaf7e787b017 +vulnerability,CVE-2023-23357,vulnerability--81e38fae-7ca6-46ca-b092-e231328cfa31 +vulnerability,CVE-2023-23356,vulnerability--1c47b32c-d048-4e23-a44f-46874ceea808 +vulnerability,CVE-2023-23354,vulnerability--3e16eb93-d154-413e-bef1-6a99e9c7ec18 +vulnerability,CVE-2023-4617,vulnerability--7872bce2-37d9-487c-bb81-cf35c31c8464 +vulnerability,CVE-2020-12820,vulnerability--c348fddd-0bf1-49fb-8a26-5da43e47fb6e +vulnerability,CVE-2020-12819,vulnerability--cc7c4e85-f83d-4e75-abde-f3faa9b5b884 +vulnerability,CVE-2020-15934,vulnerability--931c70e6-b3f6-40d8-a349-9cc7b7490ac8 +vulnerability,CVE-2020-6923,vulnerability--72f42e3c-91b3-4658-8f84-0b5497de67d3 diff --git a/objects/vulnerability/vulnerability--021fdcef-75ed-48d5-a579-232fbaea9ef2.json b/objects/vulnerability/vulnerability--021fdcef-75ed-48d5-a579-232fbaea9ef2.json new file mode 100644 index 00000000000..9f1c6184c93 --- /dev/null +++ b/objects/vulnerability/vulnerability--021fdcef-75ed-48d5-a579-232fbaea9ef2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30bda055-e2fc-4a00-b676-f86fbc8045d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--021fdcef-75ed-48d5-a579-232fbaea9ef2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:07.036313Z", + "modified": "2024-12-20T00:21:07.036313Z", + "name": "CVE-2021-26115", + "description": "An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--040c86bf-07ba-4dc7-8203-275301ac0546.json b/objects/vulnerability/vulnerability--040c86bf-07ba-4dc7-8203-275301ac0546.json new file mode 100644 index 00000000000..13f397bebc2 --- /dev/null +++ b/objects/vulnerability/vulnerability--040c86bf-07ba-4dc7-8203-275301ac0546.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0067268c-0f2b-454a-beda-d2832977701a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--040c86bf-07ba-4dc7-8203-275301ac0546", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.62627Z", + "modified": "2024-12-20T00:21:04.62627Z", + "name": "CVE-2024-2201", + "description": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0494934e-6727-48ca-a851-8768c3826500.json b/objects/vulnerability/vulnerability--0494934e-6727-48ca-a851-8768c3826500.json new file mode 100644 index 00000000000..3ed3544afcb --- /dev/null +++ b/objects/vulnerability/vulnerability--0494934e-6727-48ca-a851-8768c3826500.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--925df4d7-7da2-4800-b7c2-63db8fc87a99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0494934e-6727-48ca-a851-8768c3826500", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.247389Z", + "modified": "2024-12-20T00:21:04.247389Z", + "name": "CVE-2024-54663", + "description": "An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54663" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0639d182-fabe-4218-8626-d910af233ed7.json b/objects/vulnerability/vulnerability--0639d182-fabe-4218-8626-d910af233ed7.json new file mode 100644 index 00000000000..d30edb76ef8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0639d182-fabe-4218-8626-d910af233ed7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80fae854-845f-477d-a01d-6a863448ae51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0639d182-fabe-4218-8626-d910af233ed7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.760914Z", + "modified": "2024-12-20T00:21:02.760914Z", + "name": "CVE-2024-12792", + "description": "A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08d65725-420a-4cba-bf56-2a7f9e436036.json b/objects/vulnerability/vulnerability--08d65725-420a-4cba-bf56-2a7f9e436036.json new file mode 100644 index 00000000000..59da429e6aa --- /dev/null +++ b/objects/vulnerability/vulnerability--08d65725-420a-4cba-bf56-2a7f9e436036.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39b7cd2c-05d1-45ca-81ac-f1f3eba7ccef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08d65725-420a-4cba-bf56-2a7f9e436036", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.796014Z", + "modified": "2024-12-20T00:21:02.796014Z", + "name": "CVE-2024-12790", + "description": "A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b6dc313-162c-428b-bffb-0692e4c6f958.json b/objects/vulnerability/vulnerability--0b6dc313-162c-428b-bffb-0692e4c6f958.json new file mode 100644 index 00000000000..49cf6090aaf --- /dev/null +++ b/objects/vulnerability/vulnerability--0b6dc313-162c-428b-bffb-0692e4c6f958.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1e7ff86-559e-4c60-b72e-9c9236cbb5a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b6dc313-162c-428b-bffb-0692e4c6f958", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.717223Z", + "modified": "2024-12-20T00:21:03.717223Z", + "name": "CVE-2024-38864", + "description": "Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38864" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fbe0487-0254-4ee7-9d64-04327bc4f40a.json b/objects/vulnerability/vulnerability--0fbe0487-0254-4ee7-9d64-04327bc4f40a.json new file mode 100644 index 00000000000..c6e07f72f14 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fbe0487-0254-4ee7-9d64-04327bc4f40a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--318658c2-9ee6-4387-8662-356f08ec42ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fbe0487-0254-4ee7-9d64-04327bc4f40a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.257186Z", + "modified": "2024-12-20T00:21:04.257186Z", + "name": "CVE-2024-54790", + "description": "A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--109d998d-7d76-4fce-aeb3-34251fb9e09c.json b/objects/vulnerability/vulnerability--109d998d-7d76-4fce-aeb3-34251fb9e09c.json new file mode 100644 index 00000000000..c5315e63739 --- /dev/null +++ b/objects/vulnerability/vulnerability--109d998d-7d76-4fce-aeb3-34251fb9e09c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c616471-b362-496b-96aa-cf8d87795afd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--109d998d-7d76-4fce-aeb3-34251fb9e09c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.672469Z", + "modified": "2024-12-20T00:21:02.672469Z", + "name": "CVE-2024-52589", + "description": "Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52589" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12a86d4c-59bf-470f-9a12-da29136a93fc.json b/objects/vulnerability/vulnerability--12a86d4c-59bf-470f-9a12-da29136a93fc.json new file mode 100644 index 00000000000..2fb3e8cc8a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--12a86d4c-59bf-470f-9a12-da29136a93fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed8614df-7c54-421a-b4fc-06c06226070a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12a86d4c-59bf-470f-9a12-da29136a93fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.483448Z", + "modified": "2024-12-20T00:21:02.483448Z", + "name": "CVE-2024-51471", + "description": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15618042-9893-4e6a-bd0c-78aa9ae0e351.json b/objects/vulnerability/vulnerability--15618042-9893-4e6a-bd0c-78aa9ae0e351.json new file mode 100644 index 00000000000..9b07140be1b --- /dev/null +++ b/objects/vulnerability/vulnerability--15618042-9893-4e6a-bd0c-78aa9ae0e351.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2060b2ad-3508-452e-b104-585a8b43d6cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15618042-9893-4e6a-bd0c-78aa9ae0e351", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:07.050455Z", + "modified": "2024-12-20T00:21:07.050455Z", + "name": "CVE-2021-26093", + "description": "An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c47b32c-d048-4e23-a44f-46874ceea808.json b/objects/vulnerability/vulnerability--1c47b32c-d048-4e23-a44f-46874ceea808.json new file mode 100644 index 00000000000..927a0bcdba7 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c47b32c-d048-4e23-a44f-46874ceea808.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18376bc2-b6b9-42e0-bb14-9cc244d6b670", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c47b32c-d048-4e23-a44f-46874ceea808", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:14.267519Z", + "modified": "2024-12-20T00:21:14.267519Z", + "name": "CVE-2023-23356", + "description": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-23356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ffa36fd-10bf-4b52-8d0a-32d460397d14.json b/objects/vulnerability/vulnerability--1ffa36fd-10bf-4b52-8d0a-32d460397d14.json new file mode 100644 index 00000000000..10a65764ebc --- /dev/null +++ b/objects/vulnerability/vulnerability--1ffa36fd-10bf-4b52-8d0a-32d460397d14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b80d21de-f808-4986-bf69-6d862dce4a7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ffa36fd-10bf-4b52-8d0a-32d460397d14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.896148Z", + "modified": "2024-12-20T00:21:02.896148Z", + "name": "CVE-2024-9102", + "description": "phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26f677c7-004d-4037-a843-3a75d70daabb.json b/objects/vulnerability/vulnerability--26f677c7-004d-4037-a843-3a75d70daabb.json new file mode 100644 index 00000000000..263417779d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--26f677c7-004d-4037-a843-3a75d70daabb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e9a2efc-c4ec-421d-86e8-ef258fb70de1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26f677c7-004d-4037-a843-3a75d70daabb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.789634Z", + "modified": "2024-12-20T00:21:02.789634Z", + "name": "CVE-2024-12791", + "description": "A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--372a8a0c-a5ac-4937-9db8-58b59b7186d9.json b/objects/vulnerability/vulnerability--372a8a0c-a5ac-4937-9db8-58b59b7186d9.json new file mode 100644 index 00000000000..31da636e268 --- /dev/null +++ b/objects/vulnerability/vulnerability--372a8a0c-a5ac-4937-9db8-58b59b7186d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15d1e570-d3ae-43b8-888a-bf3c469d211c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--372a8a0c-a5ac-4937-9db8-58b59b7186d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.220725Z", + "modified": "2024-12-20T00:21:04.220725Z", + "name": "CVE-2024-35141", + "description": "IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b1cbff4-c141-411d-9e09-af105025074f.json b/objects/vulnerability/vulnerability--3b1cbff4-c141-411d-9e09-af105025074f.json new file mode 100644 index 00000000000..862c8eb0498 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b1cbff4-c141-411d-9e09-af105025074f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b145ccac-aa24-4ca9-bec7-6095fb489db7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b1cbff4-c141-411d-9e09-af105025074f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.779929Z", + "modified": "2024-12-20T00:21:02.779929Z", + "name": "CVE-2024-12789", + "description": "A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e16eb93-d154-413e-bef1-6a99e9c7ec18.json b/objects/vulnerability/vulnerability--3e16eb93-d154-413e-bef1-6a99e9c7ec18.json new file mode 100644 index 00000000000..26565074dc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e16eb93-d154-413e-bef1-6a99e9c7ec18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdb057fa-f264-4799-9c82-5e1c4dda93d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e16eb93-d154-413e-bef1-6a99e9c7ec18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:14.269906Z", + "modified": "2024-12-20T00:21:14.269906Z", + "name": "CVE-2023-23354", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-23354" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3fb56dbe-ebfe-4f71-9d3a-75c735d5cf5f.json b/objects/vulnerability/vulnerability--3fb56dbe-ebfe-4f71-9d3a-75c735d5cf5f.json new file mode 100644 index 00000000000..1cf7e873d2a --- /dev/null +++ b/objects/vulnerability/vulnerability--3fb56dbe-ebfe-4f71-9d3a-75c735d5cf5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f8a24eb3-6a9d-47f4-a009-9102052a420a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3fb56dbe-ebfe-4f71-9d3a-75c735d5cf5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:07.024402Z", + "modified": "2024-12-20T00:21:07.024402Z", + "name": "CVE-2021-26102", + "description": "A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--414dddfc-9a37-4f7c-8b28-e02e677a5687.json b/objects/vulnerability/vulnerability--414dddfc-9a37-4f7c-8b28-e02e677a5687.json new file mode 100644 index 00000000000..afc419c2632 --- /dev/null +++ b/objects/vulnerability/vulnerability--414dddfc-9a37-4f7c-8b28-e02e677a5687.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68573ca7-6d31-48c5-a53f-26ff5ce21c5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--414dddfc-9a37-4f7c-8b28-e02e677a5687", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.813615Z", + "modified": "2024-12-20T00:21:02.813615Z", + "name": "CVE-2024-12728", + "description": "A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48fe7085-6b25-4976-a603-f2adeca4fb9e.json b/objects/vulnerability/vulnerability--48fe7085-6b25-4976-a603-f2adeca4fb9e.json new file mode 100644 index 00000000000..448f234d289 --- /dev/null +++ b/objects/vulnerability/vulnerability--48fe7085-6b25-4976-a603-f2adeca4fb9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c12feef-e525-43e2-9ffe-d107803610be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48fe7085-6b25-4976-a603-f2adeca4fb9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.767643Z", + "modified": "2024-12-20T00:21:02.767643Z", + "name": "CVE-2024-12331", + "description": "The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a77cf95-276a-4c77-8fdb-1d2d09cfd5c7.json b/objects/vulnerability/vulnerability--4a77cf95-276a-4c77-8fdb-1d2d09cfd5c7.json new file mode 100644 index 00000000000..5472506968e --- /dev/null +++ b/objects/vulnerability/vulnerability--4a77cf95-276a-4c77-8fdb-1d2d09cfd5c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a63ea19-6a2a-4da3-959f-26bee71b05f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a77cf95-276a-4c77-8fdb-1d2d09cfd5c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.643127Z", + "modified": "2024-12-20T00:21:02.643127Z", + "name": "CVE-2024-52897", + "description": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bd7ad4f-9510-4d1c-9a3e-35427a2c116a.json b/objects/vulnerability/vulnerability--4bd7ad4f-9510-4d1c-9a3e-35427a2c116a.json new file mode 100644 index 00000000000..f235592061f --- /dev/null +++ b/objects/vulnerability/vulnerability--4bd7ad4f-9510-4d1c-9a3e-35427a2c116a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97b922a5-5b7b-4e5e-9ab2-18c5323e3d8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bd7ad4f-9510-4d1c-9a3e-35427a2c116a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.555131Z", + "modified": "2024-12-20T00:21:04.555131Z", + "name": "CVE-2024-56200", + "description": "Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--509d5725-e8ee-464c-848c-dabc6f592af9.json b/objects/vulnerability/vulnerability--509d5725-e8ee-464c-848c-dabc6f592af9.json new file mode 100644 index 00000000000..0f2a4b7f21f --- /dev/null +++ b/objects/vulnerability/vulnerability--509d5725-e8ee-464c-848c-dabc6f592af9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e024c04f-9009-4cad-9166-4b41e5a2caab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--509d5725-e8ee-464c-848c-dabc6f592af9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.750223Z", + "modified": "2024-12-20T00:21:02.750223Z", + "name": "CVE-2024-45401", + "description": "stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50ec9736-36ca-4f4c-9012-21a97fcd8733.json b/objects/vulnerability/vulnerability--50ec9736-36ca-4f4c-9012-21a97fcd8733.json new file mode 100644 index 00000000000..d48380d4f71 --- /dev/null +++ b/objects/vulnerability/vulnerability--50ec9736-36ca-4f4c-9012-21a97fcd8733.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e79a512c-c666-42f8-8d1c-3d58bef3b130", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50ec9736-36ca-4f4c-9012-21a97fcd8733", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.226596Z", + "modified": "2024-12-20T00:21:03.226596Z", + "name": "CVE-2024-7137", + "description": "The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53e96827-69de-48e4-b233-eb7ec51120e4.json b/objects/vulnerability/vulnerability--53e96827-69de-48e4-b233-eb7ec51120e4.json new file mode 100644 index 00000000000..dd3b2c5ad12 --- /dev/null +++ b/objects/vulnerability/vulnerability--53e96827-69de-48e4-b233-eb7ec51120e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e130d65c-ce8c-46a1-8372-9ae718605457", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53e96827-69de-48e4-b233-eb7ec51120e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.351227Z", + "modified": "2024-12-20T00:21:03.351227Z", + "name": "CVE-2024-11740", + "description": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56b73ddb-ab86-4665-879d-bcff1c74de3e.json b/objects/vulnerability/vulnerability--56b73ddb-ab86-4665-879d-bcff1c74de3e.json new file mode 100644 index 00000000000..db1277ac020 --- /dev/null +++ b/objects/vulnerability/vulnerability--56b73ddb-ab86-4665-879d-bcff1c74de3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--807e3db9-2b8f-4484-8659-ea80e7aa8a7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56b73ddb-ab86-4665-879d-bcff1c74de3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.271216Z", + "modified": "2024-12-20T00:21:04.271216Z", + "name": "CVE-2024-54983", + "description": "An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--573f2276-a7af-44d9-acad-8de7f6a13c99.json b/objects/vulnerability/vulnerability--573f2276-a7af-44d9-acad-8de7f6a13c99.json new file mode 100644 index 00000000000..30df1b70981 --- /dev/null +++ b/objects/vulnerability/vulnerability--573f2276-a7af-44d9-acad-8de7f6a13c99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--086d3241-c146-46b4-9f39-98eb7ea6f0ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--573f2276-a7af-44d9-acad-8de7f6a13c99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.669108Z", + "modified": "2024-12-20T00:21:02.669108Z", + "name": "CVE-2024-52794", + "description": "Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e762443-b34d-4613-998a-9a5b0abcebb4.json b/objects/vulnerability/vulnerability--5e762443-b34d-4613-998a-9a5b0abcebb4.json new file mode 100644 index 00000000000..3e032fe9be1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e762443-b34d-4613-998a-9a5b0abcebb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e333dc29-ee35-4f36-9719-5b5161a53e50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e762443-b34d-4613-998a-9a5b0abcebb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:08.226219Z", + "modified": "2024-12-20T00:21:08.226219Z", + "name": "CVE-2021-32589", + "description": "A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-32589" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f111806-315c-4505-bdd8-b901f61b8dfa.json b/objects/vulnerability/vulnerability--5f111806-315c-4505-bdd8-b901f61b8dfa.json new file mode 100644 index 00000000000..6a58bdab7ec --- /dev/null +++ b/objects/vulnerability/vulnerability--5f111806-315c-4505-bdd8-b901f61b8dfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2839744-1107-4e25-8282-111ff3f88cbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f111806-315c-4505-bdd8-b901f61b8dfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.817182Z", + "modified": "2024-12-20T00:21:02.817182Z", + "name": "CVE-2024-12121", + "description": "The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12121" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67ea55f8-0253-4ab7-b87b-f1da1cda7bc0.json b/objects/vulnerability/vulnerability--67ea55f8-0253-4ab7-b87b-f1da1cda7bc0.json new file mode 100644 index 00000000000..eec282dd2cc --- /dev/null +++ b/objects/vulnerability/vulnerability--67ea55f8-0253-4ab7-b87b-f1da1cda7bc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e429da80-8c82-4936-8605-e3e7734951cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67ea55f8-0253-4ab7-b87b-f1da1cda7bc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:10.918931Z", + "modified": "2024-12-20T00:21:10.918931Z", + "name": "CVE-2022-27600", + "description": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-27600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d4fd1e0-7c9f-4b39-a834-4e0970114bc4.json b/objects/vulnerability/vulnerability--6d4fd1e0-7c9f-4b39-a834-4e0970114bc4.json new file mode 100644 index 00000000000..a1f2c37e3ef --- /dev/null +++ b/objects/vulnerability/vulnerability--6d4fd1e0-7c9f-4b39-a834-4e0970114bc4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8893c6d-efa9-4284-b891-97c9cbc12503", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d4fd1e0-7c9f-4b39-a834-4e0970114bc4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.810813Z", + "modified": "2024-12-20T00:21:02.810813Z", + "name": "CVE-2024-12787", + "description": "A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12787" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e9131e9-6613-44e4-82e7-fa4568fe5e90.json b/objects/vulnerability/vulnerability--6e9131e9-6613-44e4-82e7-fa4568fe5e90.json new file mode 100644 index 00000000000..952603e209f --- /dev/null +++ b/objects/vulnerability/vulnerability--6e9131e9-6613-44e4-82e7-fa4568fe5e90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ae8152c-0488-47d0-94dd-0728c5c68078", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e9131e9-6613-44e4-82e7-fa4568fe5e90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.244578Z", + "modified": "2024-12-20T00:21:04.244578Z", + "name": "CVE-2024-54984", + "description": "An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72f42e3c-91b3-4658-8f84-0b5497de67d3.json b/objects/vulnerability/vulnerability--72f42e3c-91b3-4658-8f84-0b5497de67d3.json new file mode 100644 index 00000000000..422b697e36b --- /dev/null +++ b/objects/vulnerability/vulnerability--72f42e3c-91b3-4658-8f84-0b5497de67d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37a64924-b17e-49fa-bef4-984709d2a13e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72f42e3c-91b3-4658-8f84-0b5497de67d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:19.813008Z", + "modified": "2024-12-20T00:21:19.813008Z", + "name": "CVE-2020-6923", + "description": "The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-6923" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7368183c-ce5f-4d06-9e1d-582c5e04d549.json b/objects/vulnerability/vulnerability--7368183c-ce5f-4d06-9e1d-582c5e04d549.json new file mode 100644 index 00000000000..882c40b3d14 --- /dev/null +++ b/objects/vulnerability/vulnerability--7368183c-ce5f-4d06-9e1d-582c5e04d549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ac73245-6b36-474d-8cc0-92e63719e897", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7368183c-ce5f-4d06-9e1d-582c5e04d549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.198336Z", + "modified": "2024-12-20T00:21:03.198336Z", + "name": "CVE-2024-7138", + "description": "An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75ff85d2-95e6-4be3-b75c-ef8544bb870e.json b/objects/vulnerability/vulnerability--75ff85d2-95e6-4be3-b75c-ef8544bb870e.json new file mode 100644 index 00000000000..5cef7ef806e --- /dev/null +++ b/objects/vulnerability/vulnerability--75ff85d2-95e6-4be3-b75c-ef8544bb870e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84aae3a7-a6c5-4d3a-bf58-c18fad3a3c5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75ff85d2-95e6-4be3-b75c-ef8544bb870e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.324479Z", + "modified": "2024-12-20T00:21:03.324479Z", + "name": "CVE-2024-11616", + "description": "Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.\nThis issue affects Endpoint DLP version below R119.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76d2b44f-1cdd-4568-b99d-35d7845ed6cd.json b/objects/vulnerability/vulnerability--76d2b44f-1cdd-4568-b99d-35d7845ed6cd.json new file mode 100644 index 00000000000..31f58f3271d --- /dev/null +++ b/objects/vulnerability/vulnerability--76d2b44f-1cdd-4568-b99d-35d7845ed6cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ed029dd-6fdd-4809-978a-0b392a95f009", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76d2b44f-1cdd-4568-b99d-35d7845ed6cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.818896Z", + "modified": "2024-12-20T00:21:02.818896Z", + "name": "CVE-2024-12782", + "description": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7872bce2-37d9-487c-bb81-cf35c31c8464.json b/objects/vulnerability/vulnerability--7872bce2-37d9-487c-bb81-cf35c31c8464.json new file mode 100644 index 00000000000..6a1318c194c --- /dev/null +++ b/objects/vulnerability/vulnerability--7872bce2-37d9-487c-bb81-cf35c31c8464.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd0894f5-e2cf-4889-8dab-bfacfc15ec7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7872bce2-37d9-487c-bb81-cf35c31c8464", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:14.771594Z", + "modified": "2024-12-20T00:21:14.771594Z", + "name": "CVE-2023-4617", + "description": "Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing \"device\", \"sku\" and \"type\" fields' values. \nThis issue affects Govee Home applications on Android and iOS in versions before 5.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--793c6118-358c-4b5f-8183-d863c03f2f39.json b/objects/vulnerability/vulnerability--793c6118-358c-4b5f-8183-d863c03f2f39.json new file mode 100644 index 00000000000..2fd14cfab93 --- /dev/null +++ b/objects/vulnerability/vulnerability--793c6118-358c-4b5f-8183-d863c03f2f39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b24170f-63e6-4dbd-b2b7-a2b5b71df49a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--793c6118-358c-4b5f-8183-d863c03f2f39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:07.507863Z", + "modified": "2024-12-20T00:21:07.507863Z", + "name": "CVE-2021-22501", + "description": "Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation. \n\nThe vulnerability could be exploited to confidential information\n\nThis issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22501" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--794dc436-f7e9-4e3c-9b46-c1c46026a67a.json b/objects/vulnerability/vulnerability--794dc436-f7e9-4e3c-9b46-c1c46026a67a.json new file mode 100644 index 00000000000..72e7213d193 --- /dev/null +++ b/objects/vulnerability/vulnerability--794dc436-f7e9-4e3c-9b46-c1c46026a67a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5822a116-93be-489d-a334-1678ca9cf27a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--794dc436-f7e9-4e3c-9b46-c1c46026a67a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.314633Z", + "modified": "2024-12-20T00:21:03.314633Z", + "name": "CVE-2024-11768", + "description": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11768" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--799c65a3-d062-4f6f-990b-b1333251d01d.json b/objects/vulnerability/vulnerability--799c65a3-d062-4f6f-990b-b1333251d01d.json new file mode 100644 index 00000000000..2e50a7ffa9d --- /dev/null +++ b/objects/vulnerability/vulnerability--799c65a3-d062-4f6f-990b-b1333251d01d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53fdbecb-5830-4e1d-b347-2bf4ded51092", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--799c65a3-d062-4f6f-990b-b1333251d01d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.823317Z", + "modified": "2024-12-20T00:21:02.823317Z", + "name": "CVE-2024-12672", + "description": "A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a2dcc77-3fe6-4fa2-a9f2-da44ae3e2043.json b/objects/vulnerability/vulnerability--7a2dcc77-3fe6-4fa2-a9f2-da44ae3e2043.json new file mode 100644 index 00000000000..0042fe76d31 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a2dcc77-3fe6-4fa2-a9f2-da44ae3e2043.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e9d9d07-d707-4c6d-8af1-90753d337c30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a2dcc77-3fe6-4fa2-a9f2-da44ae3e2043", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.815993Z", + "modified": "2024-12-20T00:21:02.815993Z", + "name": "CVE-2024-12785", + "description": "A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80eb9125-ae12-48ac-8c3d-0fb081d84037.json b/objects/vulnerability/vulnerability--80eb9125-ae12-48ac-8c3d-0fb081d84037.json new file mode 100644 index 00000000000..9c665594d93 --- /dev/null +++ b/objects/vulnerability/vulnerability--80eb9125-ae12-48ac-8c3d-0fb081d84037.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2297bc14-f50d-48ad-956d-62f1cced5d27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80eb9125-ae12-48ac-8c3d-0fb081d84037", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.329614Z", + "modified": "2024-12-20T00:21:03.329614Z", + "name": "CVE-2024-11364", + "description": "Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81e38fae-7ca6-46ca-b092-e231328cfa31.json b/objects/vulnerability/vulnerability--81e38fae-7ca6-46ca-b092-e231328cfa31.json new file mode 100644 index 00000000000..96efd327c8d --- /dev/null +++ b/objects/vulnerability/vulnerability--81e38fae-7ca6-46ca-b092-e231328cfa31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aead19fd-9c4b-4bb4-b9ea-b2ccefcf8903", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81e38fae-7ca6-46ca-b092-e231328cfa31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:14.256385Z", + "modified": "2024-12-20T00:21:14.256385Z", + "name": "CVE-2023-23357", + "description": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-23357" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--820ad9eb-1a41-4bd4-8688-216a0bc76de2.json b/objects/vulnerability/vulnerability--820ad9eb-1a41-4bd4-8688-216a0bc76de2.json new file mode 100644 index 00000000000..2840a266d7b --- /dev/null +++ b/objects/vulnerability/vulnerability--820ad9eb-1a41-4bd4-8688-216a0bc76de2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45c04f60-a380-4c25-98e4-e0dbfbf05271", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--820ad9eb-1a41-4bd4-8688-216a0bc76de2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.173969Z", + "modified": "2024-12-20T00:21:04.173969Z", + "name": "CVE-2024-37962", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--828506b0-3437-42cd-ad9c-35f68a70884f.json b/objects/vulnerability/vulnerability--828506b0-3437-42cd-ad9c-35f68a70884f.json new file mode 100644 index 00000000000..5c7dd0fbbef --- /dev/null +++ b/objects/vulnerability/vulnerability--828506b0-3437-42cd-ad9c-35f68a70884f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ca1578d-436e-4856-acc1-65a2288c24ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--828506b0-3437-42cd-ad9c-35f68a70884f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.79324Z", + "modified": "2024-12-20T00:21:02.79324Z", + "name": "CVE-2024-12560", + "description": "The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--837ca77d-36e2-476a-af3f-a2006aa8abc8.json b/objects/vulnerability/vulnerability--837ca77d-36e2-476a-af3f-a2006aa8abc8.json new file mode 100644 index 00000000000..576926f73ec --- /dev/null +++ b/objects/vulnerability/vulnerability--837ca77d-36e2-476a-af3f-a2006aa8abc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dfe2ca1-8b5d-4fdc-b91c-6c52c8a549b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--837ca77d-36e2-476a-af3f-a2006aa8abc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.330686Z", + "modified": "2024-12-20T00:21:04.330686Z", + "name": "CVE-2024-55081", + "description": "An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55081" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--839b1dee-e34c-4d6f-a83b-25a07502fe69.json b/objects/vulnerability/vulnerability--839b1dee-e34c-4d6f-a83b-25a07502fe69.json new file mode 100644 index 00000000000..6ba832e2609 --- /dev/null +++ b/objects/vulnerability/vulnerability--839b1dee-e34c-4d6f-a83b-25a07502fe69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cac93ce-b4c5-487f-ba98-6504bb57ca9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--839b1dee-e34c-4d6f-a83b-25a07502fe69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.63464Z", + "modified": "2024-12-20T00:21:02.63464Z", + "name": "CVE-2024-52896", + "description": "IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52896" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84303e96-db6c-4c18-af2d-9bb890969b8e.json b/objects/vulnerability/vulnerability--84303e96-db6c-4c18-af2d-9bb890969b8e.json new file mode 100644 index 00000000000..14e67469565 --- /dev/null +++ b/objects/vulnerability/vulnerability--84303e96-db6c-4c18-af2d-9bb890969b8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27905647-e220-4839-9ede-bc2330d1ff19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84303e96-db6c-4c18-af2d-9bb890969b8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.791147Z", + "modified": "2024-12-20T00:21:02.791147Z", + "name": "CVE-2024-12786", + "description": "A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84b28320-2ca2-494f-9ab7-4726db0f4b52.json b/objects/vulnerability/vulnerability--84b28320-2ca2-494f-9ab7-4726db0f4b52.json new file mode 100644 index 00000000000..c438dac5a77 --- /dev/null +++ b/objects/vulnerability/vulnerability--84b28320-2ca2-494f-9ab7-4726db0f4b52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdd4f020-118b-4c4c-bd56-796469a1da34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84b28320-2ca2-494f-9ab7-4726db0f4b52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.301067Z", + "modified": "2024-12-20T00:21:04.301067Z", + "name": "CVE-2024-55196", + "description": "Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55196" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84c290e3-ae05-44fb-9bcc-3a1c9cf668df.json b/objects/vulnerability/vulnerability--84c290e3-ae05-44fb-9bcc-3a1c9cf668df.json new file mode 100644 index 00000000000..5182e91c9cf --- /dev/null +++ b/objects/vulnerability/vulnerability--84c290e3-ae05-44fb-9bcc-3a1c9cf668df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96572041-99bd-41f2-b387-3be60aba4c82", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84c290e3-ae05-44fb-9bcc-3a1c9cf668df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.310837Z", + "modified": "2024-12-20T00:21:04.310837Z", + "name": "CVE-2024-55082", + "description": "A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87a908a5-dd42-4a45-8a3a-aedb56ae1cea.json b/objects/vulnerability/vulnerability--87a908a5-dd42-4a45-8a3a-aedb56ae1cea.json new file mode 100644 index 00000000000..ce942245b29 --- /dev/null +++ b/objects/vulnerability/vulnerability--87a908a5-dd42-4a45-8a3a-aedb56ae1cea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--add81191-9fec-4bac-97a3-0f305946115d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87a908a5-dd42-4a45-8a3a-aedb56ae1cea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:05.09163Z", + "modified": "2024-12-20T00:21:05.09163Z", + "name": "CVE-2024-4229", + "description": "Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b1e9570-4917-4e42-aea9-fb619c6f7531.json b/objects/vulnerability/vulnerability--8b1e9570-4917-4e42-aea9-fb619c6f7531.json new file mode 100644 index 00000000000..6d9440ea111 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b1e9570-4917-4e42-aea9-fb619c6f7531.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e886ccd4-48a1-4384-9cd3-37eff08938e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b1e9570-4917-4e42-aea9-fb619c6f7531", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.765511Z", + "modified": "2024-12-20T00:21:02.765511Z", + "name": "CVE-2024-12798", + "description": "ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core\n upto and including version 1.5.12 in Java applications allows\n attacker to execute arbitrary code by compromising an existing\n logback configuration file or by injecting an environment variable\n before program execution.\n\n\n\n\n\nMalicious logback configuration files can allow the attacker to execute \narbitrary code using the JaninoEventEvaluator extension.\n\n\n\nA successful attack requires the user to have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e1f341d-c6b4-4756-930c-8a5cb2b3c93e.json b/objects/vulnerability/vulnerability--8e1f341d-c6b4-4756-930c-8a5cb2b3c93e.json new file mode 100644 index 00000000000..159f9471507 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e1f341d-c6b4-4756-930c-8a5cb2b3c93e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2abeca4c-0d68-4cd0-9e36-96707b14ef2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e1f341d-c6b4-4756-930c-8a5cb2b3c93e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:10.86209Z", + "modified": "2024-12-20T00:21:10.86209Z", + "name": "CVE-2022-27595", + "description": "An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands.\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\nQVPN Windows 2.0.0.1310 and later", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-27595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91ed746c-a3fa-47e4-a333-d915ae4683c5.json b/objects/vulnerability/vulnerability--91ed746c-a3fa-47e4-a333-d915ae4683c5.json new file mode 100644 index 00000000000..ad56c097105 --- /dev/null +++ b/objects/vulnerability/vulnerability--91ed746c-a3fa-47e4-a333-d915ae4683c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--468cfbd3-3191-4ff0-9ae1-403b49e811dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91ed746c-a3fa-47e4-a333-d915ae4683c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.36871Z", + "modified": "2024-12-20T00:21:04.36871Z", + "name": "CVE-2024-49336", + "description": "IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--931c70e6-b3f6-40d8-a349-9cc7b7490ac8.json b/objects/vulnerability/vulnerability--931c70e6-b3f6-40d8-a349-9cc7b7490ac8.json new file mode 100644 index 00000000000..6cd2df71a28 --- /dev/null +++ b/objects/vulnerability/vulnerability--931c70e6-b3f6-40d8-a349-9cc7b7490ac8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--711bb221-2cc8-4ef7-b996-33fb504a7ef9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--931c70e6-b3f6-40d8-a349-9cc7b7490ac8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:19.244805Z", + "modified": "2024-12-20T00:21:19.244805Z", + "name": "CVE-2020-15934", + "description": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-15934" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9376b4ae-ff3c-40ed-8a7e-9057a9ae5c2d.json b/objects/vulnerability/vulnerability--9376b4ae-ff3c-40ed-8a7e-9057a9ae5c2d.json new file mode 100644 index 00000000000..eacb3f67f54 --- /dev/null +++ b/objects/vulnerability/vulnerability--9376b4ae-ff3c-40ed-8a7e-9057a9ae5c2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09877e33-df13-49ed-b4bf-db1d1fc45b01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9376b4ae-ff3c-40ed-8a7e-9057a9ae5c2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.358992Z", + "modified": "2024-12-20T00:21:03.358992Z", + "name": "CVE-2024-11984", + "description": "A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96528570-3de7-405a-aaac-8b45b3da76dd.json b/objects/vulnerability/vulnerability--96528570-3de7-405a-aaac-8b45b3da76dd.json new file mode 100644 index 00000000000..56ad012aed1 --- /dev/null +++ b/objects/vulnerability/vulnerability--96528570-3de7-405a-aaac-8b45b3da76dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60a43f3a-29dc-49aa-b8fd-23a183e34276", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96528570-3de7-405a-aaac-8b45b3da76dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.398708Z", + "modified": "2024-12-20T00:21:04.398708Z", + "name": "CVE-2024-49765", + "description": "Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--968eec84-265b-449f-a9cd-c13e00b6da0a.json b/objects/vulnerability/vulnerability--968eec84-265b-449f-a9cd-c13e00b6da0a.json new file mode 100644 index 00000000000..e2ac30f6805 --- /dev/null +++ b/objects/vulnerability/vulnerability--968eec84-265b-449f-a9cd-c13e00b6da0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bef1d9f7-f69b-410f-bad5-ff23a0374b31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--968eec84-265b-449f-a9cd-c13e00b6da0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.764432Z", + "modified": "2024-12-20T00:21:02.764432Z", + "name": "CVE-2024-12793", + "description": "A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a183cb99-1a24-4f1e-8efb-08b682a3dbda.json b/objects/vulnerability/vulnerability--a183cb99-1a24-4f1e-8efb-08b682a3dbda.json new file mode 100644 index 00000000000..55dfb9ace50 --- /dev/null +++ b/objects/vulnerability/vulnerability--a183cb99-1a24-4f1e-8efb-08b682a3dbda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--596043b7-8d06-4cc6-9ffd-6e19912b2eaf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a183cb99-1a24-4f1e-8efb-08b682a3dbda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:05.040682Z", + "modified": "2024-12-20T00:21:05.040682Z", + "name": "CVE-2024-4230", + "description": "External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7547e1f-bd01-47d0-bb36-aaf7e787b017.json b/objects/vulnerability/vulnerability--a7547e1f-bd01-47d0-bb36-aaf7e787b017.json new file mode 100644 index 00000000000..563107960f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--a7547e1f-bd01-47d0-bb36-aaf7e787b017.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72d4b92d-0cf0-45cc-9e9a-86eb06e6417e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7547e1f-bd01-47d0-bb36-aaf7e787b017", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:13.196223Z", + "modified": "2024-12-20T00:21:13.196223Z", + "name": "CVE-2023-7005", + "description": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7005" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aabbc92d-2a56-4278-a2ee-7157f4a35b68.json b/objects/vulnerability/vulnerability--aabbc92d-2a56-4278-a2ee-7157f4a35b68.json new file mode 100644 index 00000000000..25303697acb --- /dev/null +++ b/objects/vulnerability/vulnerability--aabbc92d-2a56-4278-a2ee-7157f4a35b68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d631b6c-df9e-4c5e-93b1-562c3938f532", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aabbc92d-2a56-4278-a2ee-7157f4a35b68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.783266Z", + "modified": "2024-12-20T00:21:02.783266Z", + "name": "CVE-2024-12794", + "description": "A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acfde247-1ad3-4dff-9cf3-3f5da05ab426.json b/objects/vulnerability/vulnerability--acfde247-1ad3-4dff-9cf3-3f5da05ab426.json new file mode 100644 index 00000000000..c01b31c1b5a --- /dev/null +++ b/objects/vulnerability/vulnerability--acfde247-1ad3-4dff-9cf3-3f5da05ab426.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c522880a-5b5e-4380-989a-058a7d56f16c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acfde247-1ad3-4dff-9cf3-3f5da05ab426", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.781256Z", + "modified": "2024-12-20T00:21:02.781256Z", + "name": "CVE-2024-12729", + "description": "A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2181c9d-c07d-4099-8ffb-db387a7274a2.json b/objects/vulnerability/vulnerability--b2181c9d-c07d-4099-8ffb-db387a7274a2.json new file mode 100644 index 00000000000..ea27f6ba625 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2181c9d-c07d-4099-8ffb-db387a7274a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f27f059-4582-497f-8691-8f6aee20a268", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2181c9d-c07d-4099-8ffb-db387a7274a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.78731Z", + "modified": "2024-12-20T00:21:02.78731Z", + "name": "CVE-2024-12801", + "description": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\n\nThe attacks involves the modification of DOCTYPE declaration in  XML configuration files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7850c0e-d3fb-439c-8362-05adad0bc255.json b/objects/vulnerability/vulnerability--b7850c0e-d3fb-439c-8362-05adad0bc255.json new file mode 100644 index 00000000000..3ef1e4e7990 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7850c0e-d3fb-439c-8362-05adad0bc255.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc20325c-d6f1-433c-806a-b793af2cbb30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7850c0e-d3fb-439c-8362-05adad0bc255", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.758317Z", + "modified": "2024-12-20T00:21:02.758317Z", + "name": "CVE-2024-12783", + "description": "A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7f98fa7-0ff0-487b-8d64-e1850b8c4b8b.json b/objects/vulnerability/vulnerability--b7f98fa7-0ff0-487b-8d64-e1850b8c4b8b.json new file mode 100644 index 00000000000..97c9c9ad06b --- /dev/null +++ b/objects/vulnerability/vulnerability--b7f98fa7-0ff0-487b-8d64-e1850b8c4b8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--010f46b6-5ee9-4d37-bf1b-c7a4e0bfcb59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7f98fa7-0ff0-487b-8d64-e1850b8c4b8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:09.397172Z", + "modified": "2024-12-20T00:21:09.397172Z", + "name": "CVE-2022-33954", + "description": "IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-33954" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b83b13df-c6b8-4cb3-8178-695af5fdd391.json b/objects/vulnerability/vulnerability--b83b13df-c6b8-4cb3-8178-695af5fdd391.json new file mode 100644 index 00000000000..7a44c642a61 --- /dev/null +++ b/objects/vulnerability/vulnerability--b83b13df-c6b8-4cb3-8178-695af5fdd391.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fdfec3a-47a7-4aa6-82bc-00cef05460de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b83b13df-c6b8-4cb3-8178-695af5fdd391", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.189528Z", + "modified": "2024-12-20T00:21:03.189528Z", + "name": "CVE-2024-7139", + "description": "Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service. \n\nIf a watchdog timer is not enabled, a hard reset is required to recover the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8b0cd94-2963-41ca-9e29-8e48d637991e.json b/objects/vulnerability/vulnerability--b8b0cd94-2963-41ca-9e29-8e48d637991e.json new file mode 100644 index 00000000000..bc62ddbcc52 --- /dev/null +++ b/objects/vulnerability/vulnerability--b8b0cd94-2963-41ca-9e29-8e48d637991e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c3eafae-3a79-407a-9ca1-bf637740e5bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8b0cd94-2963-41ca-9e29-8e48d637991e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.853967Z", + "modified": "2024-12-20T00:21:02.853967Z", + "name": "CVE-2024-10548", + "description": "The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba053b99-9128-4a18-9729-636ea92cc80c.json b/objects/vulnerability/vulnerability--ba053b99-9128-4a18-9729-636ea92cc80c.json new file mode 100644 index 00000000000..64445eadee9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba053b99-9128-4a18-9729-636ea92cc80c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5ad77f6-ab15-4548-a61e-b472ab42968d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba053b99-9128-4a18-9729-636ea92cc80c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.809681Z", + "modified": "2024-12-20T00:21:02.809681Z", + "name": "CVE-2024-12175", + "description": "Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb21dda6-0417-4300-8a29-fc04afd5fe8c.json b/objects/vulnerability/vulnerability--bb21dda6-0417-4300-8a29-fc04afd5fe8c.json new file mode 100644 index 00000000000..9fb95c9be43 --- /dev/null +++ b/objects/vulnerability/vulnerability--bb21dda6-0417-4300-8a29-fc04afd5fe8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8fb215c9-8750-4e15-b9bb-13a45cde7c9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb21dda6-0417-4300-8a29-fc04afd5fe8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.760226Z", + "modified": "2024-12-20T00:21:03.760226Z", + "name": "CVE-2024-38819", + "description": "Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bffb2b85-6304-4a02-85fc-bf006cc3cd9b.json b/objects/vulnerability/vulnerability--bffb2b85-6304-4a02-85fc-bf006cc3cd9b.json new file mode 100644 index 00000000000..e624c509476 --- /dev/null +++ b/objects/vulnerability/vulnerability--bffb2b85-6304-4a02-85fc-bf006cc3cd9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa19b901-3014-40b9-a5b0-56f7f4d4cf69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bffb2b85-6304-4a02-85fc-bf006cc3cd9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.010915Z", + "modified": "2024-12-20T00:21:03.010915Z", + "name": "CVE-2024-47093", + "description": "Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c16948c6-7c5c-49fe-92d1-6bd02b8db2d6.json b/objects/vulnerability/vulnerability--c16948c6-7c5c-49fe-92d1-6bd02b8db2d6.json new file mode 100644 index 00000000000..149f57c1925 --- /dev/null +++ b/objects/vulnerability/vulnerability--c16948c6-7c5c-49fe-92d1-6bd02b8db2d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff1777fc-b489-4f7b-888a-1452c54a83c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c16948c6-7c5c-49fe-92d1-6bd02b8db2d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.274092Z", + "modified": "2024-12-20T00:21:04.274092Z", + "name": "CVE-2024-54009", + "description": "Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54009" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1bcceb3-e1ef-4107-9369-702a7e46da30.json b/objects/vulnerability/vulnerability--c1bcceb3-e1ef-4107-9369-702a7e46da30.json new file mode 100644 index 00000000000..b838c3891a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1bcceb3-e1ef-4107-9369-702a7e46da30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca76ca65-c8f0-42a3-a955-1b5e4da15ada", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1bcceb3-e1ef-4107-9369-702a7e46da30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.770113Z", + "modified": "2024-12-20T00:21:02.770113Z", + "name": "CVE-2024-12626", + "description": "The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1e559a3-da29-4882-867e-e7ed009acbc8.json b/objects/vulnerability/vulnerability--c1e559a3-da29-4882-867e-e7ed009acbc8.json new file mode 100644 index 00000000000..e1e4bf63800 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1e559a3-da29-4882-867e-e7ed009acbc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67250361-8983-4fb8-884e-1b782a982bbd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1e559a3-da29-4882-867e-e7ed009acbc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.822187Z", + "modified": "2024-12-20T00:21:02.822187Z", + "name": "CVE-2024-12784", + "description": "A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c348fddd-0bf1-49fb-8a26-5da43e47fb6e.json b/objects/vulnerability/vulnerability--c348fddd-0bf1-49fb-8a26-5da43e47fb6e.json new file mode 100644 index 00000000000..67f05d74c4f --- /dev/null +++ b/objects/vulnerability/vulnerability--c348fddd-0bf1-49fb-8a26-5da43e47fb6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30be96f3-1175-42f3-8b8d-876329f115c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c348fddd-0bf1-49fb-8a26-5da43e47fb6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:18.280786Z", + "modified": "2024-12-20T00:21:18.280786Z", + "name": "CVE-2020-12820", + "description": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-12820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c54255d0-9fe7-4ff0-b994-c34173dd1f22.json b/objects/vulnerability/vulnerability--c54255d0-9fe7-4ff0-b994-c34173dd1f22.json new file mode 100644 index 00000000000..2cde2d95aaa --- /dev/null +++ b/objects/vulnerability/vulnerability--c54255d0-9fe7-4ff0-b994-c34173dd1f22.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fbb11c4-2bf1-4091-bf70-6f8f04ce694a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c54255d0-9fe7-4ff0-b994-c34173dd1f22", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.849957Z", + "modified": "2024-12-20T00:21:02.849957Z", + "name": "CVE-2024-10244", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10244" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c98fee7f-6f81-4d76-84ca-266fc6b6a883.json b/objects/vulnerability/vulnerability--c98fee7f-6f81-4d76-84ca-266fc6b6a883.json new file mode 100644 index 00000000000..936d45c6234 --- /dev/null +++ b/objects/vulnerability/vulnerability--c98fee7f-6f81-4d76-84ca-266fc6b6a883.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e788851-2875-4db4-8fd7-e16bd1450fdd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c98fee7f-6f81-4d76-84ca-266fc6b6a883", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.821196Z", + "modified": "2024-12-20T00:21:02.821196Z", + "name": "CVE-2024-12111", + "description": "In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb0528c0-953c-4c6b-b932-d042c07af80c.json b/objects/vulnerability/vulnerability--cb0528c0-953c-4c6b-b932-d042c07af80c.json new file mode 100644 index 00000000000..93f1dbf4ada --- /dev/null +++ b/objects/vulnerability/vulnerability--cb0528c0-953c-4c6b-b932-d042c07af80c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da5fba71-c2e8-41d3-b411-7b168f72f74e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb0528c0-953c-4c6b-b932-d042c07af80c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.280455Z", + "modified": "2024-12-20T00:21:03.280455Z", + "name": "CVE-2024-25131", + "description": "A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc7c4e85-f83d-4e75-abde-f3faa9b5b884.json b/objects/vulnerability/vulnerability--cc7c4e85-f83d-4e75-abde-f3faa9b5b884.json new file mode 100644 index 00000000000..fbdfef61964 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc7c4e85-f83d-4e75-abde-f3faa9b5b884.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18513674-10f1-4b12-9b70-0c3d2dbfdd9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc7c4e85-f83d-4e75-abde-f3faa9b5b884", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:18.326746Z", + "modified": "2024-12-20T00:21:18.326746Z", + "name": "CVE-2020-12819", + "description": "A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-12819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cde3e840-9b5f-48f1-ab38-7f0653079ebf.json b/objects/vulnerability/vulnerability--cde3e840-9b5f-48f1-ab38-7f0653079ebf.json new file mode 100644 index 00000000000..d8bee21a5b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--cde3e840-9b5f-48f1-ab38-7f0653079ebf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56ae8e32-af70-4a72-8ffc-932c96498a01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cde3e840-9b5f-48f1-ab38-7f0653079ebf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:06.909156Z", + "modified": "2024-12-20T00:21:06.909156Z", + "name": "CVE-2021-39081", + "description": "IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-39081" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cedcc414-790e-4634-88de-474f73adc10b.json b/objects/vulnerability/vulnerability--cedcc414-790e-4634-88de-474f73adc10b.json new file mode 100644 index 00000000000..21f7afe2693 --- /dev/null +++ b/objects/vulnerability/vulnerability--cedcc414-790e-4634-88de-474f73adc10b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3489d955-ab8d-4de1-8e6c-5e0398769cbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cedcc414-790e-4634-88de-474f73adc10b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.33694Z", + "modified": "2024-12-20T00:21:03.33694Z", + "name": "CVE-2024-11157", + "description": "A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11157" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d31d7fdf-2301-47aa-a01b-f8328bb349b1.json b/objects/vulnerability/vulnerability--d31d7fdf-2301-47aa-a01b-f8328bb349b1.json new file mode 100644 index 00000000000..d40410ec4cb --- /dev/null +++ b/objects/vulnerability/vulnerability--d31d7fdf-2301-47aa-a01b-f8328bb349b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7287926d-bf72-4be8-ac0d-5d561c381929", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d31d7fdf-2301-47aa-a01b-f8328bb349b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.753593Z", + "modified": "2024-12-20T00:21:02.753593Z", + "name": "CVE-2024-45819", + "description": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d786116d-6f69-4021-9630-6cfe797b12db.json b/objects/vulnerability/vulnerability--d786116d-6f69-4021-9630-6cfe797b12db.json new file mode 100644 index 00000000000..64a1062e55c --- /dev/null +++ b/objects/vulnerability/vulnerability--d786116d-6f69-4021-9630-6cfe797b12db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7da333a8-9724-470c-9c98-19cf5e6c293b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d786116d-6f69-4021-9630-6cfe797b12db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.699616Z", + "modified": "2024-12-20T00:21:02.699616Z", + "name": "CVE-2024-45818", + "description": "The hypervisor contains code to accelerate VGA memory accesses for HVM\nguests, when the (virtual) VGA is in \"standard\" mode. Locking involved\nthere has an unusual discipline, leaving a lock acquired past the\nreturn from the function that acquired it. This behavior results in a\nproblem when emulating an instruction with two memory accesses, both of\nwhich touch VGA memory (plus some further constraints which aren't\nrelevant here). When emulating the 2nd access, the lock that is already\nbeing held would be attempted to be re-acquired, resulting in a\ndeadlock.\n\nThis deadlock was already found when the code was first introduced, but\nwas analysed incorrectly and the fix was incomplete. Analysis in light\nof the new finding cannot find a way to make the existing locking\ndiscipline work.\n\nIn staging, this logic has all been removed because it was discovered\nto be accidentally disabled since Xen 4.7. Therefore, we are fixing the\nlocking problem by backporting the removal of most of the feature. Note\nthat even with the feature disabled, the lock would still be acquired\nfor any accesses to the VGA MMIO region.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d99551a3-0165-4b87-989f-571de0e0d50a.json b/objects/vulnerability/vulnerability--d99551a3-0165-4b87-989f-571de0e0d50a.json new file mode 100644 index 00000000000..293ee061ae3 --- /dev/null +++ b/objects/vulnerability/vulnerability--d99551a3-0165-4b87-989f-571de0e0d50a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8968051-e749-4743-8568-caa0843c82d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d99551a3-0165-4b87-989f-571de0e0d50a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.763332Z", + "modified": "2024-12-20T00:21:02.763332Z", + "name": "CVE-2024-12788", + "description": "A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e3579bc6-6f69-4e86-9b4b-a9155a7eba60.json b/objects/vulnerability/vulnerability--e3579bc6-6f69-4e86-9b4b-a9155a7eba60.json new file mode 100644 index 00000000000..09b98822a96 --- /dev/null +++ b/objects/vulnerability/vulnerability--e3579bc6-6f69-4e86-9b4b-a9155a7eba60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--519cd68d-e510-4fc8-8f1e-60e581dbc21b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e3579bc6-6f69-4e86-9b4b-a9155a7eba60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.775293Z", + "modified": "2024-12-20T00:21:02.775293Z", + "name": "CVE-2024-12569", + "description": "Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e530b50d-ebda-427d-99f1-4d4da947ca14.json b/objects/vulnerability/vulnerability--e530b50d-ebda-427d-99f1-4d4da947ca14.json new file mode 100644 index 00000000000..931e47c80ab --- /dev/null +++ b/objects/vulnerability/vulnerability--e530b50d-ebda-427d-99f1-4d4da947ca14.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d66811fd-774e-447a-8adf-2467d762cf34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e530b50d-ebda-427d-99f1-4d4da947ca14", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.78472Z", + "modified": "2024-12-20T00:21:02.78472Z", + "name": "CVE-2024-12727", + "description": "A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12727" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9575d4e-7d10-4284-b27b-7679b0f08b1f.json b/objects/vulnerability/vulnerability--e9575d4e-7d10-4284-b27b-7679b0f08b1f.json new file mode 100644 index 00000000000..cb0e53e3c4f --- /dev/null +++ b/objects/vulnerability/vulnerability--e9575d4e-7d10-4284-b27b-7679b0f08b1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f5558ea-42a6-4383-895e-b3b4f7779dcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9575d4e-7d10-4284-b27b-7679b0f08b1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.768815Z", + "modified": "2024-12-20T00:21:02.768815Z", + "name": "CVE-2024-12700", + "description": "There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eaa856ee-ab28-469e-b591-fddc0d281ffb.json b/objects/vulnerability/vulnerability--eaa856ee-ab28-469e-b591-fddc0d281ffb.json new file mode 100644 index 00000000000..b6703721b9e --- /dev/null +++ b/objects/vulnerability/vulnerability--eaa856ee-ab28-469e-b591-fddc0d281ffb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce4f4287-793b-4c7d-a679-dcae7337255a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eaa856ee-ab28-469e-b591-fddc0d281ffb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:03.606326Z", + "modified": "2024-12-20T00:21:03.606326Z", + "name": "CVE-2024-53991", + "description": "Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1223fb0-1dd5-4986-8932-88947d848d78.json b/objects/vulnerability/vulnerability--f1223fb0-1dd5-4986-8932-88947d848d78.json new file mode 100644 index 00000000000..8e0f15510a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1223fb0-1dd5-4986-8932-88947d848d78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1efcaac-1046-4ceb-b91b-2242d06e2018", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1223fb0-1dd5-4986-8932-88947d848d78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.935111Z", + "modified": "2024-12-20T00:21:02.935111Z", + "name": "CVE-2024-9101", + "description": "A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9101" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4e9daa9-6e26-4d9d-9c89-3f1c50f14348.json b/objects/vulnerability/vulnerability--f4e9daa9-6e26-4d9d-9c89-3f1c50f14348.json new file mode 100644 index 00000000000..9d045593e7a --- /dev/null +++ b/objects/vulnerability/vulnerability--f4e9daa9-6e26-4d9d-9c89-3f1c50f14348.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92f0204b-e377-4eab-894f-112695201493", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4e9daa9-6e26-4d9d-9c89-3f1c50f14348", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.508375Z", + "modified": "2024-12-20T00:21:02.508375Z", + "name": "CVE-2024-51532", + "description": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8ca1b6e-1032-4503-8ad9-038a4eca5388.json b/objects/vulnerability/vulnerability--f8ca1b6e-1032-4503-8ad9-038a4eca5388.json new file mode 100644 index 00000000000..01cd759a3ef --- /dev/null +++ b/objects/vulnerability/vulnerability--f8ca1b6e-1032-4503-8ad9-038a4eca5388.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ee28e42-9504-46db-be18-161fbd82d9c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8ca1b6e-1032-4503-8ad9-038a4eca5388", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.469021Z", + "modified": "2024-12-20T00:21:04.469021Z", + "name": "CVE-2024-56327", + "description": "pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8ce61eb-b59c-42c2-a163-f2706f5909ec.json b/objects/vulnerability/vulnerability--f8ce61eb-b59c-42c2-a163-f2706f5909ec.json new file mode 100644 index 00000000000..b82bcc16595 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8ce61eb-b59c-42c2-a163-f2706f5909ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--205508c0-fbb4-4334-a913-eac87831eb2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8ce61eb-b59c-42c2-a163-f2706f5909ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.255389Z", + "modified": "2024-12-20T00:21:04.255389Z", + "name": "CVE-2024-54982", + "description": "An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9bb5877-89da-4c92-b267-5316778d1ebe.json b/objects/vulnerability/vulnerability--f9bb5877-89da-4c92-b267-5316778d1ebe.json new file mode 100644 index 00000000000..3e5a8df3cc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9bb5877-89da-4c92-b267-5316778d1ebe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c627e732-c3b1-478a-b574-8950ad85597e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9bb5877-89da-4c92-b267-5316778d1ebe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:02.919317Z", + "modified": "2024-12-20T00:21:02.919317Z", + "name": "CVE-2024-9154", + "description": "A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9154" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa7c2765-a35b-4dd3-bb09-d6e2eb3317cb.json b/objects/vulnerability/vulnerability--fa7c2765-a35b-4dd3-bb09-d6e2eb3317cb.json new file mode 100644 index 00000000000..5a71debb99c --- /dev/null +++ b/objects/vulnerability/vulnerability--fa7c2765-a35b-4dd3-bb09-d6e2eb3317cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9505da8e-bbe8-453e-b7fc-4d072f4b0458", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa7c2765-a35b-4dd3-bb09-d6e2eb3317cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.290503Z", + "modified": "2024-12-20T00:21:04.290503Z", + "name": "CVE-2024-54150", + "description": "cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to \"HS256\" while the server expects an asymmetric algorithm like \"RS256\". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54150" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff2e5cfe-f775-4d8b-9aa8-54ceece9341b.json b/objects/vulnerability/vulnerability--ff2e5cfe-f775-4d8b-9aa8-54ceece9341b.json new file mode 100644 index 00000000000..7f3d60e24f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff2e5cfe-f775-4d8b-9aa8-54ceece9341b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a91a43e-b69b-4350-93de-6a2a25fe5b9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff2e5cfe-f775-4d8b-9aa8-54ceece9341b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:12.644384Z", + "modified": "2024-12-20T00:21:12.644384Z", + "name": "CVE-2023-30443", + "description": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-30443" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff5a2f7f-559c-411c-99ac-1514e8c7dd12.json b/objects/vulnerability/vulnerability--ff5a2f7f-559c-411c-99ac-1514e8c7dd12.json new file mode 100644 index 00000000000..c08adbc2123 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff5a2f7f-559c-411c-99ac-1514e8c7dd12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e1ad53f-3062-4b1f-8368-a9f79a6084d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff5a2f7f-559c-411c-99ac-1514e8c7dd12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-20T00:21:04.465405Z", + "modified": "2024-12-20T00:21:04.465405Z", + "name": "CVE-2024-56159", + "description": "Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the server code** are moved to a publicly-accessible folder. Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in `src/pages`) are predictably named. For example. the sourcemap file for `src/pages/index.astro` gets named `dist/client/pages/index.astro.mjs.map`. This vulnerability is the root cause of issue #12703, which links to a simple stackblitz project demonstrating the vulnerability. Upon build, notice the contents of the `dist/client` (referred to as `config.build.client` in astro code) folder. All astro servers make the folder in question accessible to the public internet without any authentication. It contains `.map` files corresponding to the code that runs on the server. All **server-output** projects on Astro 5 versions **v5.0.3** through **v5.0.7**, that have **sourcemaps enabled**, either directly or through an add-on such as `sentry`, are affected. The fix for **server-output** projects was released in **astro@5.0.8**. Additionally, all **static-output** projects built using Astro 4 versions **4.16.17 or older**, or Astro 5 versions **5.0.8 or older**, that have **sourcemaps enabled** are also affected. The fix for **static-output** projects was released in **astro@5.0.9**, and backported to Astro v4 in **astro@4.16.18**. The immediate impact is limited to source code. Any secrets or environment variables are not exposed unless they are present verbatim in the source code. There is no immediate loss of integrity within the the vulnerable server. However, it is possible to subsequently discover another vulnerability via the revealed source code . There is no immediate impact to availability of the vulnerable server. However, the presence of an unsafe regular expression, for example, can quickly be exploited to subsequently compromise the availability. The fix for **server-output** projects was released in **astro@5.0.8**, and the fix for **static-output** projects was released in **astro@5.0.9** and backported to Astro v4 in **astro@4.16.18**. Users are advised to update immediately if they are using sourcemaps or an integration that enables sourcemaps.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56159" + } + ] + } + ] +} \ No newline at end of file