diff --git a/mapping.csv b/mapping.csv index 56a50a795c8..469e718b9ae 100644 --- a/mapping.csv +++ b/mapping.csv @@ -254821,3 +254821,96 @@ vulnerability,CVE-2023-29126,vulnerability--3b10a066-1ead-4320-a18a-7fb9f6879544 vulnerability,CVE-2023-29121,vulnerability--3f18c915-abd7-44a2-a3e6-7372fc872c73 vulnerability,CVE-2023-29120,vulnerability--da2fae09-94c6-4ed4-b7bf-1dbd70acfa66 vulnerability,CVE-2023-29122,vulnerability--05b8ce9f-1a67-43ab-aa4b-855c8b3bb03a +vulnerability,CVE-2024-51736,vulnerability--8cd32c82-44e1-4605-ba25-29befbf033ff +vulnerability,CVE-2024-51754,vulnerability--40c77d56-ec39-4098-a76d-08be6bc2d0dc +vulnerability,CVE-2024-51751,vulnerability--ba5087f5-76dd-48bc-80da-ca27136202d9 +vulnerability,CVE-2024-51757,vulnerability--a6a1bea3-6eee-4b94-8b53-ea4a859f88f0 +vulnerability,CVE-2024-51409,vulnerability--5b81d36c-7bb7-4150-a6da-d99dcf9bad1e +vulnerability,CVE-2024-51755,vulnerability--07ac24bd-0964-45fc-8512-1716d47d0e08 +vulnerability,CVE-2024-51988,vulnerability--bee639b1-c3dd-4057-bccc-87d0412c3677 +vulnerability,CVE-2024-48325,vulnerability--4529a67e-6dc2-4b0c-b04f-3776788b3170 +vulnerability,CVE-2024-52043,vulnerability--fa616f24-94c0-4770-a56b-f079d4fdf921 +vulnerability,CVE-2024-10647,vulnerability--9c04e5b3-e12b-40d8-b0b7-89372802406a +vulnerability,CVE-2024-10941,vulnerability--6d3eb789-9667-40c5-b2cc-821374337afb +vulnerability,CVE-2024-10826,vulnerability--62bab8e9-d32c-4675-8fde-7d6c513a1285 +vulnerability,CVE-2024-10081,vulnerability--91ca0e00-73bc-4e51-99ba-35ed96228d6c +vulnerability,CVE-2024-10927,vulnerability--075c633a-043b-488b-bb71-35e6f271fe09 +vulnerability,CVE-2024-10916,vulnerability--65096b4a-4aaa-4f6d-84ee-ef5287140be1 +vulnerability,CVE-2024-10535,vulnerability--10b74d86-8839-4c42-a375-aa521b5e85e1 +vulnerability,CVE-2024-10926,vulnerability--59e1c0b1-b3f5-4f12-a258-7fc3a04bdfae +vulnerability,CVE-2024-10920,vulnerability--135fda2c-5790-4062-bacc-e05beb1cd630 +vulnerability,CVE-2024-10915,vulnerability--47e02afc-f05e-4c98-9b08-4e8be7b25afa +vulnerability,CVE-2024-10827,vulnerability--0014f351-7011-4c1f-804a-5ced5c3c3083 +vulnerability,CVE-2024-10168,vulnerability--5d19d7bd-df54-4761-b121-56f3d78aeaea +vulnerability,CVE-2024-10186,vulnerability--70a91a47-5fde-4ea1-8c3a-f0d96c73a301 +vulnerability,CVE-2024-10919,vulnerability--5b87af33-e6ed-4161-a98a-fbc4776a09e4 +vulnerability,CVE-2024-10082,vulnerability--be9b9af8-0e34-4e30-bbf4-9cea7641be12 +vulnerability,CVE-2024-10020,vulnerability--90c3b2b8-3bb0-4039-9cac-16ae1bc4687a +vulnerability,CVE-2024-10543,vulnerability--debb1069-4797-4c76-b25e-57760927bcad +vulnerability,CVE-2024-10928,vulnerability--f59a0177-ac6d-481b-b20e-205f8a39951f +vulnerability,CVE-2024-10318,vulnerability--fd0aa05e-f61d-41b1-adcd-57d8254735a7 +vulnerability,CVE-2024-10715,vulnerability--660ed3f3-aad9-438a-ab72-a95c8458f3f1 +vulnerability,CVE-2024-10914,vulnerability--c4fe89b7-3b1f-402b-997a-bef4f8dac5ba +vulnerability,CVE-2024-9902,vulnerability--2e1bf55b-ad8d-430d-b097-b976d4ab111a +vulnerability,CVE-2024-9681,vulnerability--b27358ee-71d7-47dd-8dd6-16f1fee23750 +vulnerability,CVE-2024-9946,vulnerability--4dafeeb1-55f1-417b-a30e-4f56d0dea880 +vulnerability,CVE-2024-9307,vulnerability--06f1d913-72ed-4fac-98ad-79b23f6eb538 +vulnerability,CVE-2024-9934,vulnerability--6eb35cd3-a6ef-4b29-bc8f-63f7542e22cd +vulnerability,CVE-2024-50340,vulnerability--308255c2-579c-4765-8529-bd6c5604b302 +vulnerability,CVE-2024-50342,vulnerability--9429923f-0d8b-4f0a-acfa-25ec7d86d4ad +vulnerability,CVE-2024-50637,vulnerability--42a15f99-79fb-464b-90d5-365ebd250a8b +vulnerability,CVE-2024-50345,vulnerability--c842a2ef-af52-4df1-b2ec-4b606cbe114a +vulnerability,CVE-2024-50341,vulnerability--d840a690-9455-4622-8961-dee2d4d45f6c +vulnerability,CVE-2024-50343,vulnerability--0b15daa1-14c8-4315-921d-1ec1ea374270 +vulnerability,CVE-2024-7879,vulnerability--7ec90821-a328-41a2-b211-7bda756481de +vulnerability,CVE-2024-34677,vulnerability--acb271ad-7cfd-4639-9a23-16a20dfd7cf2 +vulnerability,CVE-2024-34674,vulnerability--c4fd5073-9b3d-4567-9ecc-719978ca759f +vulnerability,CVE-2024-34673,vulnerability--a139f5e9-11ad-4954-93c4-9021d504e54f +vulnerability,CVE-2024-34679,vulnerability--04d6d7d1-e04a-44ac-b0c7-3f242331ed94 +vulnerability,CVE-2024-34676,vulnerability--e28f365c-391b-4aa8-83a2-135b78fd6b8a +vulnerability,CVE-2024-34675,vulnerability--f10fa7bf-02dd-4343-8c57-6fe5c79b65a3 +vulnerability,CVE-2024-34682,vulnerability--0fe2cfa6-01c3-48d6-9f04-38dc0c563dd8 +vulnerability,CVE-2024-34678,vulnerability--afd1c1ce-9d95-4a20-862b-63c7385a677f +vulnerability,CVE-2024-34680,vulnerability--56405309-f4de-4b91-8530-5343278d0e70 +vulnerability,CVE-2024-34681,vulnerability--187876ab-341e-4cc2-a60a-0df78c52b7ad +vulnerability,CVE-2024-8614,vulnerability--22d705e0-3622-411a-94ea-d702b2f44754 +vulnerability,CVE-2024-8615,vulnerability--9ded84c7-cab0-4bc9-b84a-49fd86672e8d +vulnerability,CVE-2024-8323,vulnerability--6bf6d5a6-ec31-404c-821b-e4bb4fc84188 +vulnerability,CVE-2024-20538,vulnerability--4703924c-287b-497c-a24e-423a59a7df65 +vulnerability,CVE-2024-20507,vulnerability--60740c0a-1894-4b66-9596-751fac29b052 +vulnerability,CVE-2024-20540,vulnerability--88d1679d-eea0-43d2-87ef-5c7f51461a55 +vulnerability,CVE-2024-20445,vulnerability--692dd6df-ee9b-443b-a6b4-4b33f5eb7512 +vulnerability,CVE-2024-20527,vulnerability--8de05dd7-bc8c-4703-ada9-8616022ad16c +vulnerability,CVE-2024-20476,vulnerability--6ea6924e-8c54-4c81-a874-313feecf5287 +vulnerability,CVE-2024-20533,vulnerability--4c6bad6e-fe4e-4fbd-bbe6-20cbed3620a2 +vulnerability,CVE-2024-20484,vulnerability--e8adcc07-d52e-4be5-8e0f-d5c9678a2183 +vulnerability,CVE-2024-20529,vulnerability--949d8b0a-a004-44a1-b424-5da7f3f5a5fc +vulnerability,CVE-2024-20457,vulnerability--a8145cd2-06f2-4f3e-bf82-269fd52fecf7 +vulnerability,CVE-2024-20514,vulnerability--647b35da-6be0-4877-be46-fee9e90cdf65 +vulnerability,CVE-2024-20530,vulnerability--3b222caf-2bd7-490e-891e-af65e4b2e518 +vulnerability,CVE-2024-20487,vulnerability--42573c2e-7f10-44f8-ac99-3bb5aa83835b +vulnerability,CVE-2024-20504,vulnerability--90c83120-64ea-4e0d-9b12-d142770fc162 +vulnerability,CVE-2024-20532,vulnerability--c74e6c7e-65b4-4c37-a248-03f151be41bc +vulnerability,CVE-2024-20536,vulnerability--175b877c-0f44-4071-81a8-e83da000d80a +vulnerability,CVE-2024-20418,vulnerability--cdfb9295-30d2-4e8a-b692-201fd53b4b05 +vulnerability,CVE-2024-20525,vulnerability--0a60fa6b-c5c9-4252-90e1-5fc7577147d9 +vulnerability,CVE-2024-20539,vulnerability--2feb2d41-e0ba-4f92-85b8-f819b0b27bd1 +vulnerability,CVE-2024-20534,vulnerability--d1b483ba-39b2-4250-a0a0-af3c28c17270 +vulnerability,CVE-2024-20511,vulnerability--1389d873-6264-4bde-9fc7-8a9292fa3263 +vulnerability,CVE-2024-20371,vulnerability--4ed0cc9b-f7c1-4418-95c2-154ce31db0c6 +vulnerability,CVE-2024-20531,vulnerability--fa682ff0-6c0e-4a6a-8679-64143239da5f +vulnerability,CVE-2024-20528,vulnerability--84deac0b-c31a-4d98-b90e-f9c2235831f5 +vulnerability,CVE-2024-20537,vulnerability--5b40b8a6-d586-48e9-a9c1-b74b05964b09 +vulnerability,CVE-2024-35146,vulnerability--42316dd0-2918-4099-b8b6-cd289f490000 +vulnerability,CVE-2024-49401,vulnerability--716de274-c69f-4845-9810-ab6fe6a7b1ec +vulnerability,CVE-2024-49409,vulnerability--3125c498-5b9b-4639-9f68-abeb82637d4d +vulnerability,CVE-2024-49402,vulnerability--852eddd9-7a29-4742-9243-8b03faa4ab52 +vulnerability,CVE-2024-49404,vulnerability--6d2b409d-9619-4dff-a7c2-6a9b8eb5846a +vulnerability,CVE-2024-49406,vulnerability--c36a2a35-d8aa-44c7-be55-87b5680fc719 +vulnerability,CVE-2024-49403,vulnerability--5df6730a-5019-4b96-ae77-7c0638b86482 +vulnerability,CVE-2024-49408,vulnerability--50cc5c26-6db0-49dd-9b2f-f0a5863c7f49 +vulnerability,CVE-2024-49407,vulnerability--0b05b672-a264-4124-8951-6cb1e6800966 +vulnerability,CVE-2024-49405,vulnerability--81de0fb2-67a5-467f-904d-1bef81736efc +vulnerability,CVE-2024-6626,vulnerability--a1531ac0-df86-4866-8734-11445920ee5a +vulnerability,CVE-2024-6861,vulnerability--c5fdfade-83f8-48b9-b4a0-afecbef30d23 +vulnerability,CVE-2020-11859,vulnerability--98a13d4f-cb92-40eb-a2ff-ee2143190b6d diff --git a/objects/vulnerability/vulnerability--0014f351-7011-4c1f-804a-5ced5c3c3083.json b/objects/vulnerability/vulnerability--0014f351-7011-4c1f-804a-5ced5c3c3083.json new file mode 100644 index 00000000000..cef8d734db7 --- /dev/null +++ b/objects/vulnerability/vulnerability--0014f351-7011-4c1f-804a-5ced5c3c3083.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f937225-b4e4-45f4-a72a-b41a888bb586", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0014f351-7011-4c1f-804a-5ced5c3c3083", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.719147Z", + "modified": "2024-11-07T00:20:28.719147Z", + "name": "CVE-2024-10827", + "description": "Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10827" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04d6d7d1-e04a-44ac-b0c7-3f242331ed94.json b/objects/vulnerability/vulnerability--04d6d7d1-e04a-44ac-b0c7-3f242331ed94.json new file mode 100644 index 00000000000..ed92424920d --- /dev/null +++ b/objects/vulnerability/vulnerability--04d6d7d1-e04a-44ac-b0c7-3f242331ed94.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96d34597-b526-4dae-9044-8964c7739b67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04d6d7d1-e04a-44ac-b0c7-3f242331ed94", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.168009Z", + "modified": "2024-11-07T00:20:29.168009Z", + "name": "CVE-2024-34679", + "description": "Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34679" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06f1d913-72ed-4fac-98ad-79b23f6eb538.json b/objects/vulnerability/vulnerability--06f1d913-72ed-4fac-98ad-79b23f6eb538.json new file mode 100644 index 00000000000..e22690fe3be --- /dev/null +++ b/objects/vulnerability/vulnerability--06f1d913-72ed-4fac-98ad-79b23f6eb538.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--894ee2ab-b669-4f73-b5d0-b2305c5e60f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06f1d913-72ed-4fac-98ad-79b23f6eb538", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.793953Z", + "modified": "2024-11-07T00:20:28.793953Z", + "name": "CVE-2024-9307", + "description": "The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9307" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--075c633a-043b-488b-bb71-35e6f271fe09.json b/objects/vulnerability/vulnerability--075c633a-043b-488b-bb71-35e6f271fe09.json new file mode 100644 index 00000000000..6ce6d2bf8f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--075c633a-043b-488b-bb71-35e6f271fe09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbed6c89-1db9-42f8-a693-aa039b1ef08d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--075c633a-043b-488b-bb71-35e6f271fe09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.698221Z", + "modified": "2024-11-07T00:20:28.698221Z", + "name": "CVE-2024-10927", + "description": "A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10927" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07ac24bd-0964-45fc-8512-1716d47d0e08.json b/objects/vulnerability/vulnerability--07ac24bd-0964-45fc-8512-1716d47d0e08.json new file mode 100644 index 00000000000..836810cb320 --- /dev/null +++ b/objects/vulnerability/vulnerability--07ac24bd-0964-45fc-8512-1716d47d0e08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--018a4424-de22-4e79-9248-6275db2beebf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07ac24bd-0964-45fc-8512-1716d47d0e08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.493885Z", + "modified": "2024-11-07T00:20:28.493885Z", + "name": "CVE-2024-51755", + "description": "Twig is a template language for PHP. In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51755" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a60fa6b-c5c9-4252-90e1-5fc7577147d9.json b/objects/vulnerability/vulnerability--0a60fa6b-c5c9-4252-90e1-5fc7577147d9.json new file mode 100644 index 00000000000..29ea2434201 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a60fa6b-c5c9-4252-90e1-5fc7577147d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d28ff59f-4151-4d5b-8a31-59794ac9dded", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a60fa6b-c5c9-4252-90e1-5fc7577147d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.864236Z", + "modified": "2024-11-07T00:20:29.864236Z", + "name": "CVE-2024-20525", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20525" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b05b672-a264-4124-8951-6cb1e6800966.json b/objects/vulnerability/vulnerability--0b05b672-a264-4124-8951-6cb1e6800966.json new file mode 100644 index 00000000000..7d16bf1b7f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b05b672-a264-4124-8951-6cb1e6800966.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9335a0e-6933-4847-b82f-9c1101cf7b58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b05b672-a264-4124-8951-6cb1e6800966", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.039659Z", + "modified": "2024-11-07T00:20:30.039659Z", + "name": "CVE-2024-49407", + "description": "Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49407" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b15daa1-14c8-4315-921d-1ec1ea374270.json b/objects/vulnerability/vulnerability--0b15daa1-14c8-4315-921d-1ec1ea374270.json new file mode 100644 index 00000000000..70cb1f91f82 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b15daa1-14c8-4315-921d-1ec1ea374270.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed1145c5-9c3c-4518-a4b1-17d20813ccf0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b15daa1-14c8-4315-921d-1ec1ea374270", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.981118Z", + "modified": "2024-11-07T00:20:28.981118Z", + "name": "CVE-2024-50343", + "description": "symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50343" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fe2cfa6-01c3-48d6-9f04-38dc0c563dd8.json b/objects/vulnerability/vulnerability--0fe2cfa6-01c3-48d6-9f04-38dc0c563dd8.json new file mode 100644 index 00000000000..f38b6d933ac --- /dev/null +++ b/objects/vulnerability/vulnerability--0fe2cfa6-01c3-48d6-9f04-38dc0c563dd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22746641-44d4-49cf-a7d4-fd3040e354eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fe2cfa6-01c3-48d6-9f04-38dc0c563dd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.188392Z", + "modified": "2024-11-07T00:20:29.188392Z", + "name": "CVE-2024-34682", + "description": "Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10b74d86-8839-4c42-a375-aa521b5e85e1.json b/objects/vulnerability/vulnerability--10b74d86-8839-4c42-a375-aa521b5e85e1.json new file mode 100644 index 00000000000..f3309840a63 --- /dev/null +++ b/objects/vulnerability/vulnerability--10b74d86-8839-4c42-a375-aa521b5e85e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b16fef12-081e-47d4-9143-da937e55fd26", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10b74d86-8839-4c42-a375-aa521b5e85e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.701832Z", + "modified": "2024-11-07T00:20:28.701832Z", + "name": "CVE-2024-10535", + "description": "The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10535" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--135fda2c-5790-4062-bacc-e05beb1cd630.json b/objects/vulnerability/vulnerability--135fda2c-5790-4062-bacc-e05beb1cd630.json new file mode 100644 index 00000000000..1114c3a6a96 --- /dev/null +++ b/objects/vulnerability/vulnerability--135fda2c-5790-4062-bacc-e05beb1cd630.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--07e67f92-73b9-4823-8511-c666f71450ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--135fda2c-5790-4062-bacc-e05beb1cd630", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.711873Z", + "modified": "2024-11-07T00:20:28.711873Z", + "name": "CVE-2024-10920", + "description": "A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\\src\\main\\java\\io\\github\\mariazevedo88\\travelsjavaapi\\filters\\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key\r . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1389d873-6264-4bde-9fc7-8a9292fa3263.json b/objects/vulnerability/vulnerability--1389d873-6264-4bde-9fc7-8a9292fa3263.json new file mode 100644 index 00000000000..66224e604f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1389d873-6264-4bde-9fc7-8a9292fa3263.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bbffb487-79aa-47c0-8eaa-a1a2411619ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1389d873-6264-4bde-9fc7-8a9292fa3263", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.869084Z", + "modified": "2024-11-07T00:20:29.869084Z", + "name": "CVE-2024-20511", + "description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--175b877c-0f44-4071-81a8-e83da000d80a.json b/objects/vulnerability/vulnerability--175b877c-0f44-4071-81a8-e83da000d80a.json new file mode 100644 index 00000000000..a15c79f37af --- /dev/null +++ b/objects/vulnerability/vulnerability--175b877c-0f44-4071-81a8-e83da000d80a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67f055c5-c7e1-4810-934e-5a155028821a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--175b877c-0f44-4071-81a8-e83da000d80a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.857669Z", + "modified": "2024-11-07T00:20:29.857669Z", + "name": "CVE-2024-20536", + "description": "A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--187876ab-341e-4cc2-a60a-0df78c52b7ad.json b/objects/vulnerability/vulnerability--187876ab-341e-4cc2-a60a-0df78c52b7ad.json new file mode 100644 index 00000000000..ca941149630 --- /dev/null +++ b/objects/vulnerability/vulnerability--187876ab-341e-4cc2-a60a-0df78c52b7ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3373718-a6cf-4150-b0a3-f123545cf2cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--187876ab-341e-4cc2-a60a-0df78c52b7ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.205533Z", + "modified": "2024-11-07T00:20:29.205533Z", + "name": "CVE-2024-34681", + "description": "Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22d705e0-3622-411a-94ea-d702b2f44754.json b/objects/vulnerability/vulnerability--22d705e0-3622-411a-94ea-d702b2f44754.json new file mode 100644 index 00000000000..fb283099b22 --- /dev/null +++ b/objects/vulnerability/vulnerability--22d705e0-3622-411a-94ea-d702b2f44754.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--841df917-8a1e-467d-b59b-c2fd49246d48", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22d705e0-3622-411a-94ea-d702b2f44754", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.386221Z", + "modified": "2024-11-07T00:20:29.386221Z", + "name": "CVE-2024-8614", + "description": "The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e1bf55b-ad8d-430d-b097-b976d4ab111a.json b/objects/vulnerability/vulnerability--2e1bf55b-ad8d-430d-b097-b976d4ab111a.json new file mode 100644 index 00000000000..48c24b69317 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e1bf55b-ad8d-430d-b097-b976d4ab111a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d8fdd3c-3698-4c1f-9be1-ab3336915ac1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e1bf55b-ad8d-430d-b097-b976d4ab111a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.765461Z", + "modified": "2024-11-07T00:20:28.765461Z", + "name": "CVE-2024-9902", + "description": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2feb2d41-e0ba-4f92-85b8-f819b0b27bd1.json b/objects/vulnerability/vulnerability--2feb2d41-e0ba-4f92-85b8-f819b0b27bd1.json new file mode 100644 index 00000000000..e8c670b063c --- /dev/null +++ b/objects/vulnerability/vulnerability--2feb2d41-e0ba-4f92-85b8-f819b0b27bd1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e154f87b-7c69-4ae8-960b-185ed4dad26e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2feb2d41-e0ba-4f92-85b8-f819b0b27bd1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.865759Z", + "modified": "2024-11-07T00:20:29.865759Z", + "name": "CVE-2024-20539", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--308255c2-579c-4765-8529-bd6c5604b302.json b/objects/vulnerability/vulnerability--308255c2-579c-4765-8529-bd6c5604b302.json new file mode 100644 index 00000000000..751289041c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--308255c2-579c-4765-8529-bd6c5604b302.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a3578d2-421e-4834-b42a-3d7c10c0e10b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--308255c2-579c-4765-8529-bd6c5604b302", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.953861Z", + "modified": "2024-11-07T00:20:28.953861Z", + "name": "CVE-2024-50340", + "description": "symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50340" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3125c498-5b9b-4639-9f68-abeb82637d4d.json b/objects/vulnerability/vulnerability--3125c498-5b9b-4639-9f68-abeb82637d4d.json new file mode 100644 index 00000000000..3c7eb830c84 --- /dev/null +++ b/objects/vulnerability/vulnerability--3125c498-5b9b-4639-9f68-abeb82637d4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06524406-e434-4159-bd49-8180e776928a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3125c498-5b9b-4639-9f68-abeb82637d4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.005126Z", + "modified": "2024-11-07T00:20:30.005126Z", + "name": "CVE-2024-49409", + "description": "Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49409" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b222caf-2bd7-490e-891e-af65e4b2e518.json b/objects/vulnerability/vulnerability--3b222caf-2bd7-490e-891e-af65e4b2e518.json new file mode 100644 index 00000000000..c357b4292b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b222caf-2bd7-490e-891e-af65e4b2e518.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbef8bf5-db47-4dbf-ba61-3bd66cef20b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b222caf-2bd7-490e-891e-af65e4b2e518", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.82378Z", + "modified": "2024-11-07T00:20:29.82378Z", + "name": "CVE-2024-20530", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40c77d56-ec39-4098-a76d-08be6bc2d0dc.json b/objects/vulnerability/vulnerability--40c77d56-ec39-4098-a76d-08be6bc2d0dc.json new file mode 100644 index 00000000000..69c8d066fef --- /dev/null +++ b/objects/vulnerability/vulnerability--40c77d56-ec39-4098-a76d-08be6bc2d0dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea78a5ad-0d7a-4b67-a53a-934ea4939206", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40c77d56-ec39-4098-a76d-08be6bc2d0dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.470212Z", + "modified": "2024-11-07T00:20:28.470212Z", + "name": "CVE-2024-51754", + "description": "Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42316dd0-2918-4099-b8b6-cd289f490000.json b/objects/vulnerability/vulnerability--42316dd0-2918-4099-b8b6-cd289f490000.json new file mode 100644 index 00000000000..b55031df5cd --- /dev/null +++ b/objects/vulnerability/vulnerability--42316dd0-2918-4099-b8b6-cd289f490000.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12fd214c-b4ee-4a31-9231-fc253993b3ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42316dd0-2918-4099-b8b6-cd289f490000", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.970151Z", + "modified": "2024-11-07T00:20:29.970151Z", + "name": "CVE-2024-35146", + "description": "IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42573c2e-7f10-44f8-ac99-3bb5aa83835b.json b/objects/vulnerability/vulnerability--42573c2e-7f10-44f8-ac99-3bb5aa83835b.json new file mode 100644 index 00000000000..dcab86532f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--42573c2e-7f10-44f8-ac99-3bb5aa83835b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb7047f2-e659-467e-8937-feacb73e11b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42573c2e-7f10-44f8-ac99-3bb5aa83835b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.82828Z", + "modified": "2024-11-07T00:20:29.82828Z", + "name": "CVE-2024-20487", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42a15f99-79fb-464b-90d5-365ebd250a8b.json b/objects/vulnerability/vulnerability--42a15f99-79fb-464b-90d5-365ebd250a8b.json new file mode 100644 index 00000000000..ab6e6b554bf --- /dev/null +++ b/objects/vulnerability/vulnerability--42a15f99-79fb-464b-90d5-365ebd250a8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e78f6bc-2baf-413a-9eef-ddf945d4f467", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42a15f99-79fb-464b-90d5-365ebd250a8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.973409Z", + "modified": "2024-11-07T00:20:28.973409Z", + "name": "CVE-2024-50637", + "description": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. ¶¶ The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4529a67e-6dc2-4b0c-b04f-3776788b3170.json b/objects/vulnerability/vulnerability--4529a67e-6dc2-4b0c-b04f-3776788b3170.json new file mode 100644 index 00000000000..1dceb8bc058 --- /dev/null +++ b/objects/vulnerability/vulnerability--4529a67e-6dc2-4b0c-b04f-3776788b3170.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23abd11a-2041-4151-9ccb-67ed46ed7f6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4529a67e-6dc2-4b0c-b04f-3776788b3170", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.562677Z", + "modified": "2024-11-07T00:20:28.562677Z", + "name": "CVE-2024-48325", + "description": "Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the \"getDocuments\" function of the \"InstituicaoDocumentacaoController\" class. The \"instituicao_id\" parameter in \"/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id\" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4703924c-287b-497c-a24e-423a59a7df65.json b/objects/vulnerability/vulnerability--4703924c-287b-497c-a24e-423a59a7df65.json new file mode 100644 index 00000000000..42c3de286f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--4703924c-287b-497c-a24e-423a59a7df65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a27501c-91be-4298-b3dd-4b9c5a66983a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4703924c-287b-497c-a24e-423a59a7df65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.779412Z", + "modified": "2024-11-07T00:20:29.779412Z", + "name": "CVE-2024-20538", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47e02afc-f05e-4c98-9b08-4e8be7b25afa.json b/objects/vulnerability/vulnerability--47e02afc-f05e-4c98-9b08-4e8be7b25afa.json new file mode 100644 index 00000000000..595a402283a --- /dev/null +++ b/objects/vulnerability/vulnerability--47e02afc-f05e-4c98-9b08-4e8be7b25afa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dd86eb7-6bd7-48be-9746-be17fe3ff307", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47e02afc-f05e-4c98-9b08-4e8be7b25afa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.716836Z", + "modified": "2024-11-07T00:20:28.716836Z", + "name": "CVE-2024-10915", + "description": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c6bad6e-fe4e-4fbd-bbe6-20cbed3620a2.json b/objects/vulnerability/vulnerability--4c6bad6e-fe4e-4fbd-bbe6-20cbed3620a2.json new file mode 100644 index 00000000000..9e87e5c72c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c6bad6e-fe4e-4fbd-bbe6-20cbed3620a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9c0ace3-9065-425a-ae54-d23c0b238fc5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c6bad6e-fe4e-4fbd-bbe6-20cbed3620a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.804915Z", + "modified": "2024-11-07T00:20:29.804915Z", + "name": "CVE-2024-20533", + "description": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4dafeeb1-55f1-417b-a30e-4f56d0dea880.json b/objects/vulnerability/vulnerability--4dafeeb1-55f1-417b-a30e-4f56d0dea880.json new file mode 100644 index 00000000000..6a03ad5e665 --- /dev/null +++ b/objects/vulnerability/vulnerability--4dafeeb1-55f1-417b-a30e-4f56d0dea880.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b4fdbcb-d73e-4e9f-8168-1da8c9e424cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4dafeeb1-55f1-417b-a30e-4f56d0dea880", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.785628Z", + "modified": "2024-11-07T00:20:28.785628Z", + "name": "CVE-2024-9946", + "description": "The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9946" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ed0cc9b-f7c1-4418-95c2-154ce31db0c6.json b/objects/vulnerability/vulnerability--4ed0cc9b-f7c1-4418-95c2-154ce31db0c6.json new file mode 100644 index 00000000000..0290f1f7a5a --- /dev/null +++ b/objects/vulnerability/vulnerability--4ed0cc9b-f7c1-4418-95c2-154ce31db0c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a045b876-7342-42ca-9bb4-0a7684de6b2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ed0cc9b-f7c1-4418-95c2-154ce31db0c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.870888Z", + "modified": "2024-11-07T00:20:29.870888Z", + "name": "CVE-2024-20371", + "description": "A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. \r\n\r\nThis vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50cc5c26-6db0-49dd-9b2f-f0a5863c7f49.json b/objects/vulnerability/vulnerability--50cc5c26-6db0-49dd-9b2f-f0a5863c7f49.json new file mode 100644 index 00000000000..41d3534f956 --- /dev/null +++ b/objects/vulnerability/vulnerability--50cc5c26-6db0-49dd-9b2f-f0a5863c7f49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1aa03eb0-718a-4dd4-93c6-c07e2c480e9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50cc5c26-6db0-49dd-9b2f-f0a5863c7f49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.03517Z", + "modified": "2024-11-07T00:20:30.03517Z", + "name": "CVE-2024-49408", + "description": "Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49408" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56405309-f4de-4b91-8530-5343278d0e70.json b/objects/vulnerability/vulnerability--56405309-f4de-4b91-8530-5343278d0e70.json new file mode 100644 index 00000000000..2057710bc7d --- /dev/null +++ b/objects/vulnerability/vulnerability--56405309-f4de-4b91-8530-5343278d0e70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e9a11c3-ebd1-46f7-8b45-61aef783a727", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56405309-f4de-4b91-8530-5343278d0e70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.199311Z", + "modified": "2024-11-07T00:20:29.199311Z", + "name": "CVE-2024-34680", + "description": "Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59e1c0b1-b3f5-4f12-a258-7fc3a04bdfae.json b/objects/vulnerability/vulnerability--59e1c0b1-b3f5-4f12-a258-7fc3a04bdfae.json new file mode 100644 index 00000000000..0fedc8815ab --- /dev/null +++ b/objects/vulnerability/vulnerability--59e1c0b1-b3f5-4f12-a258-7fc3a04bdfae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75dd6fad-b5de-4c06-b30f-09443eb5f4f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59e1c0b1-b3f5-4f12-a258-7fc3a04bdfae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.708216Z", + "modified": "2024-11-07T00:20:28.708216Z", + "name": "CVE-2024-10926", + "description": "A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10926" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b40b8a6-d586-48e9-a9c1-b74b05964b09.json b/objects/vulnerability/vulnerability--5b40b8a6-d586-48e9-a9c1-b74b05964b09.json new file mode 100644 index 00000000000..c4076fad2a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b40b8a6-d586-48e9-a9c1-b74b05964b09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22dc421e-0660-427a-a538-e66812480414", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b40b8a6-d586-48e9-a9c1-b74b05964b09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.878006Z", + "modified": "2024-11-07T00:20:29.878006Z", + "name": "CVE-2024-20537", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b81d36c-7bb7-4150-a6da-d99dcf9bad1e.json b/objects/vulnerability/vulnerability--5b81d36c-7bb7-4150-a6da-d99dcf9bad1e.json new file mode 100644 index 00000000000..feb5009e866 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b81d36c-7bb7-4150-a6da-d99dcf9bad1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ab0ebf1-7e64-46e3-81e2-e33f175ac8fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b81d36c-7bb7-4150-a6da-d99dcf9bad1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.491022Z", + "modified": "2024-11-07T00:20:28.491022Z", + "name": "CVE-2024-51409", + "description": "Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51409" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b87af33-e6ed-4161-a98a-fbc4776a09e4.json b/objects/vulnerability/vulnerability--5b87af33-e6ed-4161-a98a-fbc4776a09e4.json new file mode 100644 index 00000000000..48d35f8e6e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b87af33-e6ed-4161-a98a-fbc4776a09e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dc68b4f-d3d9-44af-8c7a-1422d61b38c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b87af33-e6ed-4161-a98a-fbc4776a09e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.730599Z", + "modified": "2024-11-07T00:20:28.730599Z", + "name": "CVE-2024-10919", + "description": "A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10919" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d19d7bd-df54-4761-b121-56f3d78aeaea.json b/objects/vulnerability/vulnerability--5d19d7bd-df54-4761-b121-56f3d78aeaea.json new file mode 100644 index 00000000000..250b3b019d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d19d7bd-df54-4761-b121-56f3d78aeaea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0d185b6-0fcd-4fdd-aec2-71480d4c713d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d19d7bd-df54-4761-b121-56f3d78aeaea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.727923Z", + "modified": "2024-11-07T00:20:28.727923Z", + "name": "CVE-2024-10168", + "description": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10168" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5df6730a-5019-4b96-ae77-7c0638b86482.json b/objects/vulnerability/vulnerability--5df6730a-5019-4b96-ae77-7c0638b86482.json new file mode 100644 index 00000000000..879ba917b50 --- /dev/null +++ b/objects/vulnerability/vulnerability--5df6730a-5019-4b96-ae77-7c0638b86482.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44452550-7334-46d7-86ec-72d67dd49b0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5df6730a-5019-4b96-ae77-7c0638b86482", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.031804Z", + "modified": "2024-11-07T00:20:30.031804Z", + "name": "CVE-2024-49403", + "description": "Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49403" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60740c0a-1894-4b66-9596-751fac29b052.json b/objects/vulnerability/vulnerability--60740c0a-1894-4b66-9596-751fac29b052.json new file mode 100644 index 00000000000..b4b74c2cef9 --- /dev/null +++ b/objects/vulnerability/vulnerability--60740c0a-1894-4b66-9596-751fac29b052.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fba3ff9a-f352-48ec-bc2a-422a497f8387", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60740c0a-1894-4b66-9596-751fac29b052", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.790621Z", + "modified": "2024-11-07T00:20:29.790621Z", + "name": "CVE-2024-20507", + "description": "A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62bab8e9-d32c-4675-8fde-7d6c513a1285.json b/objects/vulnerability/vulnerability--62bab8e9-d32c-4675-8fde-7d6c513a1285.json new file mode 100644 index 00000000000..7b62a011820 --- /dev/null +++ b/objects/vulnerability/vulnerability--62bab8e9-d32c-4675-8fde-7d6c513a1285.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--080c71ae-ba92-4a4c-adb4-a236979b2ae2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62bab8e9-d32c-4675-8fde-7d6c513a1285", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.693329Z", + "modified": "2024-11-07T00:20:28.693329Z", + "name": "CVE-2024-10826", + "description": "Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10826" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--647b35da-6be0-4877-be46-fee9e90cdf65.json b/objects/vulnerability/vulnerability--647b35da-6be0-4877-be46-fee9e90cdf65.json new file mode 100644 index 00000000000..8e7eb5fe54b --- /dev/null +++ b/objects/vulnerability/vulnerability--647b35da-6be0-4877-be46-fee9e90cdf65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06dbffac-5d6a-4776-8026-83ba67cb951b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--647b35da-6be0-4877-be46-fee9e90cdf65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.822365Z", + "modified": "2024-11-07T00:20:29.822365Z", + "name": "CVE-2024-20514", + "description": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65096b4a-4aaa-4f6d-84ee-ef5287140be1.json b/objects/vulnerability/vulnerability--65096b4a-4aaa-4f6d-84ee-ef5287140be1.json new file mode 100644 index 00000000000..0c7c7172e13 --- /dev/null +++ b/objects/vulnerability/vulnerability--65096b4a-4aaa-4f6d-84ee-ef5287140be1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--191f2357-1a90-4c33-ad8e-aaa0986dbbc1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65096b4a-4aaa-4f6d-84ee-ef5287140be1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.699815Z", + "modified": "2024-11-07T00:20:28.699815Z", + "name": "CVE-2024-10916", + "description": "A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10916" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--660ed3f3-aad9-438a-ab72-a95c8458f3f1.json b/objects/vulnerability/vulnerability--660ed3f3-aad9-438a-ab72-a95c8458f3f1.json new file mode 100644 index 00000000000..ff3986471ae --- /dev/null +++ b/objects/vulnerability/vulnerability--660ed3f3-aad9-438a-ab72-a95c8458f3f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e497dcc-ce92-419e-a888-862b60a65b6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--660ed3f3-aad9-438a-ab72-a95c8458f3f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.751996Z", + "modified": "2024-11-07T00:20:28.751996Z", + "name": "CVE-2024-10715", + "description": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--692dd6df-ee9b-443b-a6b4-4b33f5eb7512.json b/objects/vulnerability/vulnerability--692dd6df-ee9b-443b-a6b4-4b33f5eb7512.json new file mode 100644 index 00000000000..02964216f85 --- /dev/null +++ b/objects/vulnerability/vulnerability--692dd6df-ee9b-443b-a6b4-4b33f5eb7512.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1b04672-ef31-42f5-9da7-d040de789ebb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--692dd6df-ee9b-443b-a6b4-4b33f5eb7512", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.797594Z", + "modified": "2024-11-07T00:20:29.797594Z", + "name": "CVE-2024-20445", + "description": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bf6d5a6-ec31-404c-821b-e4bb4fc84188.json b/objects/vulnerability/vulnerability--6bf6d5a6-ec31-404c-821b-e4bb4fc84188.json new file mode 100644 index 00000000000..24a9e7995fc --- /dev/null +++ b/objects/vulnerability/vulnerability--6bf6d5a6-ec31-404c-821b-e4bb4fc84188.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3245f07e-313a-4838-888f-d607a91d465f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bf6d5a6-ec31-404c-821b-e4bb4fc84188", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.423244Z", + "modified": "2024-11-07T00:20:29.423244Z", + "name": "CVE-2024-8323", + "description": "The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d2b409d-9619-4dff-a7c2-6a9b8eb5846a.json b/objects/vulnerability/vulnerability--6d2b409d-9619-4dff-a7c2-6a9b8eb5846a.json new file mode 100644 index 00000000000..d0d5213e4e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d2b409d-9619-4dff-a7c2-6a9b8eb5846a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51235538-6e9d-4d05-9622-fe813dca96e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d2b409d-9619-4dff-a7c2-6a9b8eb5846a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.020524Z", + "modified": "2024-11-07T00:20:30.020524Z", + "name": "CVE-2024-49404", + "description": "Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d3eb789-9667-40c5-b2cc-821374337afb.json b/objects/vulnerability/vulnerability--6d3eb789-9667-40c5-b2cc-821374337afb.json new file mode 100644 index 00000000000..12ae899f5a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d3eb789-9667-40c5-b2cc-821374337afb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aecf499d-a66e-4a6c-afa5-d431190a047a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d3eb789-9667-40c5-b2cc-821374337afb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.692086Z", + "modified": "2024-11-07T00:20:28.692086Z", + "name": "CVE-2024-10941", + "description": "A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10941" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ea6924e-8c54-4c81-a874-313feecf5287.json b/objects/vulnerability/vulnerability--6ea6924e-8c54-4c81-a874-313feecf5287.json new file mode 100644 index 00000000000..fdfc4ab07e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ea6924e-8c54-4c81-a874-313feecf5287.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5aa6a1c-2a4f-4fb9-a91a-7da2b4f000d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ea6924e-8c54-4c81-a874-313feecf5287", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.800801Z", + "modified": "2024-11-07T00:20:29.800801Z", + "name": "CVE-2024-20476", + "description": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.\r\n\r\nThis vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6eb35cd3-a6ef-4b29-bc8f-63f7542e22cd.json b/objects/vulnerability/vulnerability--6eb35cd3-a6ef-4b29-bc8f-63f7542e22cd.json new file mode 100644 index 00000000000..95a45960b87 --- /dev/null +++ b/objects/vulnerability/vulnerability--6eb35cd3-a6ef-4b29-bc8f-63f7542e22cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd8c7108-9d2a-413e-9def-ee41480e612e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6eb35cd3-a6ef-4b29-bc8f-63f7542e22cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.819119Z", + "modified": "2024-11-07T00:20:28.819119Z", + "name": "CVE-2024-9934", + "description": "The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9934" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70a91a47-5fde-4ea1-8c3a-f0d96c73a301.json b/objects/vulnerability/vulnerability--70a91a47-5fde-4ea1-8c3a-f0d96c73a301.json new file mode 100644 index 00000000000..83ca08726c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--70a91a47-5fde-4ea1-8c3a-f0d96c73a301.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d5a6bef-1cf0-4d4f-86d5-b0c80d10ddda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70a91a47-5fde-4ea1-8c3a-f0d96c73a301", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.729377Z", + "modified": "2024-11-07T00:20:28.729377Z", + "name": "CVE-2024-10186", + "description": "The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--716de274-c69f-4845-9810-ab6fe6a7b1ec.json b/objects/vulnerability/vulnerability--716de274-c69f-4845-9810-ab6fe6a7b1ec.json new file mode 100644 index 00000000000..b90e8278433 --- /dev/null +++ b/objects/vulnerability/vulnerability--716de274-c69f-4845-9810-ab6fe6a7b1ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afeba6e1-e451-4492-8b67-1078848c604d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--716de274-c69f-4845-9810-ab6fe6a7b1ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.99653Z", + "modified": "2024-11-07T00:20:29.99653Z", + "name": "CVE-2024-49401", + "description": "Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ec90821-a328-41a2-b211-7bda756481de.json b/objects/vulnerability/vulnerability--7ec90821-a328-41a2-b211-7bda756481de.json new file mode 100644 index 00000000000..0152b3b4d63 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ec90821-a328-41a2-b211-7bda756481de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a60f8a69-7658-423f-939e-51a032cf8c90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ec90821-a328-41a2-b211-7bda756481de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.069093Z", + "modified": "2024-11-07T00:20:29.069093Z", + "name": "CVE-2024-7879", + "description": "The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7879" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81de0fb2-67a5-467f-904d-1bef81736efc.json b/objects/vulnerability/vulnerability--81de0fb2-67a5-467f-904d-1bef81736efc.json new file mode 100644 index 00000000000..688814e4466 --- /dev/null +++ b/objects/vulnerability/vulnerability--81de0fb2-67a5-467f-904d-1bef81736efc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--409b9023-a4f5-4867-8e14-41c96a57c14b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81de0fb2-67a5-467f-904d-1bef81736efc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.048743Z", + "modified": "2024-11-07T00:20:30.048743Z", + "name": "CVE-2024-49405", + "description": "Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49405" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84deac0b-c31a-4d98-b90e-f9c2235831f5.json b/objects/vulnerability/vulnerability--84deac0b-c31a-4d98-b90e-f9c2235831f5.json new file mode 100644 index 00000000000..e6213919e3f --- /dev/null +++ b/objects/vulnerability/vulnerability--84deac0b-c31a-4d98-b90e-f9c2235831f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c815e18d-273b-45a7-b53b-0e2bdf299a09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84deac0b-c31a-4d98-b90e-f9c2235831f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.875206Z", + "modified": "2024-11-07T00:20:29.875206Z", + "name": "CVE-2024-20528", + "description": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20528" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--852eddd9-7a29-4742-9243-8b03faa4ab52.json b/objects/vulnerability/vulnerability--852eddd9-7a29-4742-9243-8b03faa4ab52.json new file mode 100644 index 00000000000..8e2da0da3b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--852eddd9-7a29-4742-9243-8b03faa4ab52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e99e0232-d789-468d-8014-7e5f01aabb7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--852eddd9-7a29-4742-9243-8b03faa4ab52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.015361Z", + "modified": "2024-11-07T00:20:30.015361Z", + "name": "CVE-2024-49402", + "description": "Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49402" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--88d1679d-eea0-43d2-87ef-5c7f51461a55.json b/objects/vulnerability/vulnerability--88d1679d-eea0-43d2-87ef-5c7f51461a55.json new file mode 100644 index 00000000000..1b9da235d71 --- /dev/null +++ b/objects/vulnerability/vulnerability--88d1679d-eea0-43d2-87ef-5c7f51461a55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ab9b66c-0363-42fd-8c5a-362308ff9a63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--88d1679d-eea0-43d2-87ef-5c7f51461a55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.794788Z", + "modified": "2024-11-07T00:20:29.794788Z", + "name": "CVE-2024-20540", + "description": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cd32c82-44e1-4605-ba25-29befbf033ff.json b/objects/vulnerability/vulnerability--8cd32c82-44e1-4605-ba25-29befbf033ff.json new file mode 100644 index 00000000000..83ee229361d --- /dev/null +++ b/objects/vulnerability/vulnerability--8cd32c82-44e1-4605-ba25-29befbf033ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba2b0263-0434-4062-9a64-c5c8ac1474df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cd32c82-44e1-4605-ba25-29befbf033ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.449519Z", + "modified": "2024-11-07T00:20:28.449519Z", + "name": "CVE-2024-51736", + "description": "Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51736" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8de05dd7-bc8c-4703-ada9-8616022ad16c.json b/objects/vulnerability/vulnerability--8de05dd7-bc8c-4703-ada9-8616022ad16c.json new file mode 100644 index 00000000000..6df7af97be4 --- /dev/null +++ b/objects/vulnerability/vulnerability--8de05dd7-bc8c-4703-ada9-8616022ad16c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--971785bb-dda5-45ae-90a6-b191e7902fba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8de05dd7-bc8c-4703-ada9-8616022ad16c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.799546Z", + "modified": "2024-11-07T00:20:29.799546Z", + "name": "CVE-2024-20527", + "description": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90c3b2b8-3bb0-4039-9cac-16ae1bc4687a.json b/objects/vulnerability/vulnerability--90c3b2b8-3bb0-4039-9cac-16ae1bc4687a.json new file mode 100644 index 00000000000..08c68fba908 --- /dev/null +++ b/objects/vulnerability/vulnerability--90c3b2b8-3bb0-4039-9cac-16ae1bc4687a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7ac1c42-692f-4676-aa29-75a7bad04035", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90c3b2b8-3bb0-4039-9cac-16ae1bc4687a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.736082Z", + "modified": "2024-11-07T00:20:28.736082Z", + "name": "CVE-2024-10020", + "description": "The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90c83120-64ea-4e0d-9b12-d142770fc162.json b/objects/vulnerability/vulnerability--90c83120-64ea-4e0d-9b12-d142770fc162.json new file mode 100644 index 00000000000..16308df496d --- /dev/null +++ b/objects/vulnerability/vulnerability--90c83120-64ea-4e0d-9b12-d142770fc162.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ebfc16e-5439-4b8c-ad34-d7585bdd779b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90c83120-64ea-4e0d-9b12-d142770fc162", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.835422Z", + "modified": "2024-11-07T00:20:29.835422Z", + "name": "CVE-2024-20504", + "description": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91ca0e00-73bc-4e51-99ba-35ed96228d6c.json b/objects/vulnerability/vulnerability--91ca0e00-73bc-4e51-99ba-35ed96228d6c.json new file mode 100644 index 00000000000..beb09901837 --- /dev/null +++ b/objects/vulnerability/vulnerability--91ca0e00-73bc-4e51-99ba-35ed96228d6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35e13973-b602-41aa-bee6-b945651445ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91ca0e00-73bc-4e51-99ba-35ed96228d6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.6952Z", + "modified": "2024-11-07T00:20:28.6952Z", + "name": "CVE-2024-10081", + "description": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThis issue affects CodeChecker: through 6.24.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10081" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9429923f-0d8b-4f0a-acfa-25ec7d86d4ad.json b/objects/vulnerability/vulnerability--9429923f-0d8b-4f0a-acfa-25ec7d86d4ad.json new file mode 100644 index 00000000000..b4b1c1cc010 --- /dev/null +++ b/objects/vulnerability/vulnerability--9429923f-0d8b-4f0a-acfa-25ec7d86d4ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9c23862-1957-48f9-8c56-68603ee8a1b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9429923f-0d8b-4f0a-acfa-25ec7d86d4ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.963023Z", + "modified": "2024-11-07T00:20:28.963023Z", + "name": "CVE-2024-50342", + "description": "symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--949d8b0a-a004-44a1-b424-5da7f3f5a5fc.json b/objects/vulnerability/vulnerability--949d8b0a-a004-44a1-b424-5da7f3f5a5fc.json new file mode 100644 index 00000000000..b8fc017d50e --- /dev/null +++ b/objects/vulnerability/vulnerability--949d8b0a-a004-44a1-b424-5da7f3f5a5fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e01b9dbc-eb3c-4df7-a51f-74e989c89682", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--949d8b0a-a004-44a1-b424-5da7f3f5a5fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.811979Z", + "modified": "2024-11-07T00:20:29.811979Z", + "name": "CVE-2024-20529", + "description": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98a13d4f-cb92-40eb-a2ff-ee2143190b6d.json b/objects/vulnerability/vulnerability--98a13d4f-cb92-40eb-a2ff-ee2143190b6d.json new file mode 100644 index 00000000000..cf60a0968a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--98a13d4f-cb92-40eb-a2ff-ee2143190b6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb5ec340-3065-4508-a2e5-6f84f1c3c682", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98a13d4f-cb92-40eb-a2ff-ee2143190b6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:43.828769Z", + "modified": "2024-11-07T00:20:43.828769Z", + "name": "CVE-2020-11859", + "description": "Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-11859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c04e5b3-e12b-40d8-b0b7-89372802406a.json b/objects/vulnerability/vulnerability--9c04e5b3-e12b-40d8-b0b7-89372802406a.json new file mode 100644 index 00000000000..5e655c55849 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c04e5b3-e12b-40d8-b0b7-89372802406a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--492b9cdd-9293-4498-b906-47d3f0fae19e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c04e5b3-e12b-40d8-b0b7-89372802406a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.69048Z", + "modified": "2024-11-07T00:20:28.69048Z", + "name": "CVE-2024-10647", + "description": "The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ded84c7-cab0-4bc9-b84a-49fd86672e8d.json b/objects/vulnerability/vulnerability--9ded84c7-cab0-4bc9-b84a-49fd86672e8d.json new file mode 100644 index 00000000000..77d7615141d --- /dev/null +++ b/objects/vulnerability/vulnerability--9ded84c7-cab0-4bc9-b84a-49fd86672e8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77dd0be7-6a84-4675-9150-e2e01c6137ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ded84c7-cab0-4bc9-b84a-49fd86672e8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.418492Z", + "modified": "2024-11-07T00:20:29.418492Z", + "name": "CVE-2024-8615", + "description": "The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a139f5e9-11ad-4954-93c4-9021d504e54f.json b/objects/vulnerability/vulnerability--a139f5e9-11ad-4954-93c4-9021d504e54f.json new file mode 100644 index 00000000000..5733f240ed9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a139f5e9-11ad-4954-93c4-9021d504e54f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97cf3e6f-a3ef-4461-8f6e-40d581ad1fc2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a139f5e9-11ad-4954-93c4-9021d504e54f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.166472Z", + "modified": "2024-11-07T00:20:29.166472Z", + "name": "CVE-2024-34673", + "description": "Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1531ac0-df86-4866-8734-11445920ee5a.json b/objects/vulnerability/vulnerability--a1531ac0-df86-4866-8734-11445920ee5a.json new file mode 100644 index 00000000000..26eba3a1a36 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1531ac0-df86-4866-8734-11445920ee5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e47784b-610a-4939-b580-f3c86ab6ae22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1531ac0-df86-4866-8734-11445920ee5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.97516Z", + "modified": "2024-11-07T00:20:30.97516Z", + "name": "CVE-2024-6626", + "description": "The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6a1bea3-6eee-4b94-8b53-ea4a859f88f0.json b/objects/vulnerability/vulnerability--a6a1bea3-6eee-4b94-8b53-ea4a859f88f0.json new file mode 100644 index 00000000000..b12ef3cdd37 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6a1bea3-6eee-4b94-8b53-ea4a859f88f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ffc9aedd-b41c-42e0-a69c-ae9ab3be4e99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6a1bea3-6eee-4b94-8b53-ea4a859f88f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.483371Z", + "modified": "2024-11-07T00:20:28.483371Z", + "name": "CVE-2024-51757", + "description": "happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51757" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8145cd2-06f2-4f3e-bf82-269fd52fecf7.json b/objects/vulnerability/vulnerability--a8145cd2-06f2-4f3e-bf82-269fd52fecf7.json new file mode 100644 index 00000000000..b3ba1877c10 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8145cd2-06f2-4f3e-bf82-269fd52fecf7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da3c06b5-dc0e-4a48-b73a-21b6811a3477", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8145cd2-06f2-4f3e-bf82-269fd52fecf7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.814585Z", + "modified": "2024-11-07T00:20:29.814585Z", + "name": "CVE-2024-20457", + "description": "A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acb271ad-7cfd-4639-9a23-16a20dfd7cf2.json b/objects/vulnerability/vulnerability--acb271ad-7cfd-4639-9a23-16a20dfd7cf2.json new file mode 100644 index 00000000000..e09d7f46992 --- /dev/null +++ b/objects/vulnerability/vulnerability--acb271ad-7cfd-4639-9a23-16a20dfd7cf2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5e75c5b-daf8-4166-901e-e37da4615ca9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acb271ad-7cfd-4639-9a23-16a20dfd7cf2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.156159Z", + "modified": "2024-11-07T00:20:29.156159Z", + "name": "CVE-2024-34677", + "description": "Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--afd1c1ce-9d95-4a20-862b-63c7385a677f.json b/objects/vulnerability/vulnerability--afd1c1ce-9d95-4a20-862b-63c7385a677f.json new file mode 100644 index 00000000000..d40019d09c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--afd1c1ce-9d95-4a20-862b-63c7385a677f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6623b2f-f55b-4d15-9647-107292ab1037", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--afd1c1ce-9d95-4a20-862b-63c7385a677f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.195088Z", + "modified": "2024-11-07T00:20:29.195088Z", + "name": "CVE-2024-34678", + "description": "Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b27358ee-71d7-47dd-8dd6-16f1fee23750.json b/objects/vulnerability/vulnerability--b27358ee-71d7-47dd-8dd6-16f1fee23750.json new file mode 100644 index 00000000000..85702218975 --- /dev/null +++ b/objects/vulnerability/vulnerability--b27358ee-71d7-47dd-8dd6-16f1fee23750.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed9385fb-f570-42de-9e07-68fc8a5d8764", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b27358ee-71d7-47dd-8dd6-16f1fee23750", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.772205Z", + "modified": "2024-11-07T00:20:28.772205Z", + "name": "CVE-2024-9681", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba5087f5-76dd-48bc-80da-ca27136202d9.json b/objects/vulnerability/vulnerability--ba5087f5-76dd-48bc-80da-ca27136202d9.json new file mode 100644 index 00000000000..d47a17e92bb --- /dev/null +++ b/objects/vulnerability/vulnerability--ba5087f5-76dd-48bc-80da-ca27136202d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03100469-1734-48f7-aa9e-52daab0a75b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba5087f5-76dd-48bc-80da-ca27136202d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.471866Z", + "modified": "2024-11-07T00:20:28.471866Z", + "name": "CVE-2024-51751", + "description": "Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be9b9af8-0e34-4e30-bbf4-9cea7641be12.json b/objects/vulnerability/vulnerability--be9b9af8-0e34-4e30-bbf4-9cea7641be12.json new file mode 100644 index 00000000000..b0837321bac --- /dev/null +++ b/objects/vulnerability/vulnerability--be9b9af8-0e34-4e30-bbf4-9cea7641be12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8779635-ce33-44b3-9841-2058964a2a95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be9b9af8-0e34-4e30-bbf4-9cea7641be12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.732053Z", + "modified": "2024-11-07T00:20:28.732053Z", + "name": "CVE-2024-10082", + "description": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful.\n\nThis issue affects CodeChecker: through 6.24.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bee639b1-c3dd-4057-bccc-87d0412c3677.json b/objects/vulnerability/vulnerability--bee639b1-c3dd-4057-bccc-87d0412c3677.json new file mode 100644 index 00000000000..91772010dda --- /dev/null +++ b/objects/vulnerability/vulnerability--bee639b1-c3dd-4057-bccc-87d0412c3677.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3f20f79-6620-4844-8734-5e6e6b3045d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bee639b1-c3dd-4057-bccc-87d0412c3677", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.505711Z", + "modified": "2024-11-07T00:20:28.505711Z", + "name": "CVE-2024-51988", + "description": "RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51988" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c36a2a35-d8aa-44c7-be55-87b5680fc719.json b/objects/vulnerability/vulnerability--c36a2a35-d8aa-44c7-be55-87b5680fc719.json new file mode 100644 index 00000000000..3303772f354 --- /dev/null +++ b/objects/vulnerability/vulnerability--c36a2a35-d8aa-44c7-be55-87b5680fc719.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a38101e-02a9-4c75-8c7d-63b77ffa89b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c36a2a35-d8aa-44c7-be55-87b5680fc719", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.027568Z", + "modified": "2024-11-07T00:20:30.027568Z", + "name": "CVE-2024-49406", + "description": "Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4fd5073-9b3d-4567-9ecc-719978ca759f.json b/objects/vulnerability/vulnerability--c4fd5073-9b3d-4567-9ecc-719978ca759f.json new file mode 100644 index 00000000000..45441447604 --- /dev/null +++ b/objects/vulnerability/vulnerability--c4fd5073-9b3d-4567-9ecc-719978ca759f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76545ca7-1fa8-465a-86aa-98b4a788c770", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4fd5073-9b3d-4567-9ecc-719978ca759f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.16202Z", + "modified": "2024-11-07T00:20:29.16202Z", + "name": "CVE-2024-34674", + "description": "Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4fe89b7-3b1f-402b-997a-bef4f8dac5ba.json b/objects/vulnerability/vulnerability--c4fe89b7-3b1f-402b-997a-bef4f8dac5ba.json new file mode 100644 index 00000000000..772b8d221da --- /dev/null +++ b/objects/vulnerability/vulnerability--c4fe89b7-3b1f-402b-997a-bef4f8dac5ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c2e952b-ad48-470f-85f5-ac11af9f91db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4fe89b7-3b1f-402b-997a-bef4f8dac5ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.754281Z", + "modified": "2024-11-07T00:20:28.754281Z", + "name": "CVE-2024-10914", + "description": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10914" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5fdfade-83f8-48b9-b4a0-afecbef30d23.json b/objects/vulnerability/vulnerability--c5fdfade-83f8-48b9-b4a0-afecbef30d23.json new file mode 100644 index 00000000000..9c5168a5d7a --- /dev/null +++ b/objects/vulnerability/vulnerability--c5fdfade-83f8-48b9-b4a0-afecbef30d23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfeb7047-090a-4c37-9911-716e73e8f6e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5fdfade-83f8-48b9-b4a0-afecbef30d23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:30.989802Z", + "modified": "2024-11-07T00:20:30.989802Z", + "name": "CVE-2024-6861", + "description": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6861" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c74e6c7e-65b4-4c37-a248-03f151be41bc.json b/objects/vulnerability/vulnerability--c74e6c7e-65b4-4c37-a248-03f151be41bc.json new file mode 100644 index 00000000000..96da9250924 --- /dev/null +++ b/objects/vulnerability/vulnerability--c74e6c7e-65b4-4c37-a248-03f151be41bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f19cb6e-73da-4829-8689-2cdc796514f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c74e6c7e-65b4-4c37-a248-03f151be41bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.84982Z", + "modified": "2024-11-07T00:20:29.84982Z", + "name": "CVE-2024-20532", + "description": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20532" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c842a2ef-af52-4df1-b2ec-4b606cbe114a.json b/objects/vulnerability/vulnerability--c842a2ef-af52-4df1-b2ec-4b606cbe114a.json new file mode 100644 index 00000000000..e3bc186218a --- /dev/null +++ b/objects/vulnerability/vulnerability--c842a2ef-af52-4df1-b2ec-4b606cbe114a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cf99d3c-7376-4f8d-b9eb-159bc230323f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c842a2ef-af52-4df1-b2ec-4b606cbe114a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.97491Z", + "modified": "2024-11-07T00:20:28.97491Z", + "name": "CVE-2024-50345", + "description": "symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cdfb9295-30d2-4e8a-b692-201fd53b4b05.json b/objects/vulnerability/vulnerability--cdfb9295-30d2-4e8a-b692-201fd53b4b05.json new file mode 100644 index 00000000000..50aee75fdf1 --- /dev/null +++ b/objects/vulnerability/vulnerability--cdfb9295-30d2-4e8a-b692-201fd53b4b05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41da4cfb-e181-4def-936b-937e7967ae90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cdfb9295-30d2-4e8a-b692-201fd53b4b05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.862334Z", + "modified": "2024-11-07T00:20:29.862334Z", + "name": "CVE-2024-20418", + "description": "A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1b483ba-39b2-4250-a0a0-af3c28c17270.json b/objects/vulnerability/vulnerability--d1b483ba-39b2-4250-a0a0-af3c28c17270.json new file mode 100644 index 00000000000..f852f10ca6c --- /dev/null +++ b/objects/vulnerability/vulnerability--d1b483ba-39b2-4250-a0a0-af3c28c17270.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41684d18-59bd-4f78-bcd3-6f820822ddf4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1b483ba-39b2-4250-a0a0-af3c28c17270", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.867133Z", + "modified": "2024-11-07T00:20:29.867133Z", + "name": "CVE-2024-20534", + "description": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d840a690-9455-4622-8961-dee2d4d45f6c.json b/objects/vulnerability/vulnerability--d840a690-9455-4622-8961-dee2d4d45f6c.json new file mode 100644 index 00000000000..d9678f6d23b --- /dev/null +++ b/objects/vulnerability/vulnerability--d840a690-9455-4622-8961-dee2d4d45f6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c44630c8-5418-4a34-8604-3e8b9e4c62b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d840a690-9455-4622-8961-dee2d4d45f6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.977043Z", + "modified": "2024-11-07T00:20:28.977043Z", + "name": "CVE-2024-50341", + "description": "symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--debb1069-4797-4c76-b25e-57760927bcad.json b/objects/vulnerability/vulnerability--debb1069-4797-4c76-b25e-57760927bcad.json new file mode 100644 index 00000000000..28834595b70 --- /dev/null +++ b/objects/vulnerability/vulnerability--debb1069-4797-4c76-b25e-57760927bcad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dca7eda-f7e4-4dd0-ab46-1b925ae36c3e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--debb1069-4797-4c76-b25e-57760927bcad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.738242Z", + "modified": "2024-11-07T00:20:28.738242Z", + "name": "CVE-2024-10543", + "description": "The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e28f365c-391b-4aa8-83a2-135b78fd6b8a.json b/objects/vulnerability/vulnerability--e28f365c-391b-4aa8-83a2-135b78fd6b8a.json new file mode 100644 index 00000000000..dddc9bd0067 --- /dev/null +++ b/objects/vulnerability/vulnerability--e28f365c-391b-4aa8-83a2-135b78fd6b8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf36a3de-2877-4926-86d4-0739c0415b3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e28f365c-391b-4aa8-83a2-135b78fd6b8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.174719Z", + "modified": "2024-11-07T00:20:29.174719Z", + "name": "CVE-2024-34676", + "description": "Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8adcc07-d52e-4be5-8e0f-d5c9678a2183.json b/objects/vulnerability/vulnerability--e8adcc07-d52e-4be5-8e0f-d5c9678a2183.json new file mode 100644 index 00000000000..4871e1699be --- /dev/null +++ b/objects/vulnerability/vulnerability--e8adcc07-d52e-4be5-8e0f-d5c9678a2183.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e12cd958-2e4a-4ccd-b543-7ea6859e0e42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8adcc07-d52e-4be5-8e0f-d5c9678a2183", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.810466Z", + "modified": "2024-11-07T00:20:29.810466Z", + "name": "CVE-2024-20484", + "description": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f10fa7bf-02dd-4343-8c57-6fe5c79b65a3.json b/objects/vulnerability/vulnerability--f10fa7bf-02dd-4343-8c57-6fe5c79b65a3.json new file mode 100644 index 00000000000..513da1a740f --- /dev/null +++ b/objects/vulnerability/vulnerability--f10fa7bf-02dd-4343-8c57-6fe5c79b65a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e3100e1-76c8-4243-bacd-07010aa8351f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f10fa7bf-02dd-4343-8c57-6fe5c79b65a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.18693Z", + "modified": "2024-11-07T00:20:29.18693Z", + "name": "CVE-2024-34675", + "description": "Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f59a0177-ac6d-481b-b20e-205f8a39951f.json b/objects/vulnerability/vulnerability--f59a0177-ac6d-481b-b20e-205f8a39951f.json new file mode 100644 index 00000000000..888413f9b30 --- /dev/null +++ b/objects/vulnerability/vulnerability--f59a0177-ac6d-481b-b20e-205f8a39951f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d004eb4-1729-4659-8977-4e0d9c8d1430", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f59a0177-ac6d-481b-b20e-205f8a39951f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.743677Z", + "modified": "2024-11-07T00:20:28.743677Z", + "name": "CVE-2024-10928", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10928" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa616f24-94c0-4770-a56b-f079d4fdf921.json b/objects/vulnerability/vulnerability--fa616f24-94c0-4770-a56b-f079d4fdf921.json new file mode 100644 index 00000000000..d452f326c0d --- /dev/null +++ b/objects/vulnerability/vulnerability--fa616f24-94c0-4770-a56b-f079d4fdf921.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cab6ac3-9237-483c-9960-47d2e28464b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa616f24-94c0-4770-a56b-f079d4fdf921", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.634151Z", + "modified": "2024-11-07T00:20:28.634151Z", + "name": "CVE-2024-52043", + "description": "Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52043" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa682ff0-6c0e-4a6a-8679-64143239da5f.json b/objects/vulnerability/vulnerability--fa682ff0-6c0e-4a6a-8679-64143239da5f.json new file mode 100644 index 00000000000..b4a0ab4f880 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa682ff0-6c0e-4a6a-8679-64143239da5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ac19ebf-833c-478f-ab6e-74e135af0df6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa682ff0-6c0e-4a6a-8679-64143239da5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:29.874183Z", + "modified": "2024-11-07T00:20:29.874183Z", + "name": "CVE-2024-20531", + "description": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd0aa05e-f61d-41b1-adcd-57d8254735a7.json b/objects/vulnerability/vulnerability--fd0aa05e-f61d-41b1-adcd-57d8254735a7.json new file mode 100644 index 00000000000..3a764ebb03b --- /dev/null +++ b/objects/vulnerability/vulnerability--fd0aa05e-f61d-41b1-adcd-57d8254735a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1849b16-c8ad-45dc-85d5-3b331d0515df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd0aa05e-f61d-41b1-adcd-57d8254735a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-07T00:20:28.750887Z", + "modified": "2024-11-07T00:20:28.750887Z", + "name": "CVE-2024-10318", + "description": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10318" + } + ] + } + ] +} \ No newline at end of file