diff --git a/mapping.csv b/mapping.csv index 9b542f99eac..e41f9f4cd09 100644 --- a/mapping.csv +++ b/mapping.csv @@ -211421,3 +211421,107 @@ vulnerability,CVE-2023-4571,vulnerability--c298dcac-5f4c-43d4-a17c-c3541f6b7e37 vulnerability,CVE-2023-27426,vulnerability--f8d17965-3f7c-4769-bda4-3044cb691662 vulnerability,CVE-2023-27621,vulnerability--dbe99232-9b37-4091-8ee6-2dd092155b6b vulnerability,CVE-2022-1601,vulnerability--c7b4bea1-a722-4f1e-98bd-417df328910c +vulnerability,CVE-2023-40567,vulnerability--533ab502-9980-46ab-bffe-5b8823df15bf +vulnerability,CVE-2023-40181,vulnerability--36000a7d-545c-44b4-ad0f-c21d24ecf6d5 +vulnerability,CVE-2023-40569,vulnerability--03327fc2-a208-4971-8460-79b3384e1a03 +vulnerability,CVE-2023-40589,vulnerability--3337abc4-429b-43d8-9643-4ba1c6615932 +vulnerability,CVE-2023-40188,vulnerability--acb9fefb-a96b-4737-ac6e-cc618108371d +vulnerability,CVE-2023-40576,vulnerability--217a2889-3671-4e53-ae49-dac6ff033ad9 +vulnerability,CVE-2023-40574,vulnerability--e8e2d32d-92df-4113-a785-51730b725122 +vulnerability,CVE-2023-40186,vulnerability--4ccf4d4b-2ca9-49c5-971d-d06f24e7631f +vulnerability,CVE-2023-40575,vulnerability--7f86b87b-4b74-4e81-9ddf-fc43202f544f +vulnerability,CVE-2023-40187,vulnerability--bf1523bf-48b0-4c14-bdf3-29c938158a2e +vulnerability,CVE-2023-20900,vulnerability--383aacbd-1b41-4743-9622-e7ab38583ff6 +vulnerability,CVE-2023-28801,vulnerability--f61e395a-54ca-4ce0-ba2a-dde9f035df6e +vulnerability,CVE-2023-3162,vulnerability--c6670cfc-5c31-4e6f-872f-3155a2529304 +vulnerability,CVE-2023-3404,vulnerability--8ace6245-48a8-48e4-99d5-925ec0cd7dd9 +vulnerability,CVE-2023-3636,vulnerability--d55fea01-89bf-4197-b0ec-ebb192dce5e3 +vulnerability,CVE-2023-3764,vulnerability--998ed80a-94fc-4438-bc41-b2aa5c192c6a +vulnerability,CVE-2023-3677,vulnerability--f4b04b0b-f913-4f3d-ba19-0e09575ffdc3 +vulnerability,CVE-2023-3999,vulnerability--e7426e44-5fe1-4c08-bdbd-109f03fa6947 +vulnerability,CVE-2023-39351,vulnerability--3677e3dd-b5da-40f9-8960-74761b79f70c +vulnerability,CVE-2023-39352,vulnerability--7a1df363-caa6-4111-95b0-b9956b539264 +vulnerability,CVE-2023-39354,vulnerability--09f6f4a9-4253-41ad-9856-a474577f4893 +vulnerability,CVE-2023-39355,vulnerability--7f9e36df-9ae8-4139-9823-ed0ab9068d6b +vulnerability,CVE-2023-39353,vulnerability--2cbbeca9-b62f-4687-b37d-f71695584f06 +vulnerability,CVE-2023-39912,vulnerability--edea5971-3a89-4bf3-be95-b7e13457c254 +vulnerability,CVE-2023-39356,vulnerability--2483af85-124c-4ba7-b828-348c7bfc8f69 +vulnerability,CVE-2023-39350,vulnerability--6defd8bd-d2b3-4861-8a05-ed77694c064d +vulnerability,CVE-2023-31169,vulnerability--17aca638-78a6-48b8-855e-cc01096f96fa +vulnerability,CVE-2023-31171,vulnerability--8d39bdb5-01fd-4025-a5c5-baed80a8e9f8 +vulnerability,CVE-2023-31168,vulnerability--6a276aaa-b134-478e-994e-540293f1b392 +vulnerability,CVE-2023-31170,vulnerability--5bb3d8ff-8186-4535-8053-99ad6c641ae2 +vulnerability,CVE-2023-31423,vulnerability--d3df720b-f616-44a9-a7eb-272f9f70c562 +vulnerability,CVE-2023-31175,vulnerability--acb55096-d37f-44c6-a13f-33461f9e3d34 +vulnerability,CVE-2023-31172,vulnerability--0d537834-4212-439a-846d-0dfbedc9c621 +vulnerability,CVE-2023-31925,vulnerability--ea2318b0-1fba-4584-b9f6-46a4577da8e4 +vulnerability,CVE-2023-31424,vulnerability--80688361-c3f0-4524-bb1e-1b9033d44697 +vulnerability,CVE-2023-31167,vulnerability--ac168bbc-3ebf-41c1-9649-e675ac32ef86 +vulnerability,CVE-2023-31174,vulnerability--7fdf6a8c-86e4-4b7f-b35c-040e23882244 +vulnerability,CVE-2023-31173,vulnerability--7222081a-145d-4f33-b320-59e6c0d24633 +vulnerability,CVE-2023-34391,vulnerability--3f317325-ffc3-4c0e-b4f8-c41430c49e8b +vulnerability,CVE-2023-34392,vulnerability--0b42eee0-a26b-4834-bb6d-165106491534 +vulnerability,CVE-2023-33835,vulnerability--7e802732-3aa8-4440-9f91-ea7194ab7c72 +vulnerability,CVE-2023-33834,vulnerability--412e097a-c2bf-4ffc-be9e-f22b78bbb145 +vulnerability,CVE-2023-33833,vulnerability--38e04746-7157-4d72-a2de-a95ff3e483f6 +vulnerability,CVE-2023-41744,vulnerability--b823baf5-f2ad-4217-9260-0c99832892bf +vulnerability,CVE-2023-41717,vulnerability--4e848cae-b6c0-4a7e-8b6e-2022ec899372 +vulnerability,CVE-2023-41034,vulnerability--5814349d-9ac6-4a50-bf16-7e25ea0ce60c +vulnerability,CVE-2023-41742,vulnerability--efd70bfb-d98b-4dbb-8b36-b820e2decc22 +vulnerability,CVE-2023-41642,vulnerability--9f7415ee-a7be-4d12-929b-4c9f97138332 +vulnerability,CVE-2023-41743,vulnerability--63aa3986-83a3-4b04-881f-10b8326adeb1 +vulnerability,CVE-2023-41739,vulnerability--625af38a-d1e7-4697-b93d-19b5cc1f792d +vulnerability,CVE-2023-41640,vulnerability--b40be35f-a299-498b-b7a2-beaa3f5666f8 +vulnerability,CVE-2023-41635,vulnerability--0989840a-94a8-45ff-908e-0bcd8fd89727 +vulnerability,CVE-2023-41746,vulnerability--b00391ca-7fa1-4b24-a297-6a67cf9e18e0 +vulnerability,CVE-2023-41749,vulnerability--41513308-0dbb-4af1-9b11-57025baf812a +vulnerability,CVE-2023-41740,vulnerability--c9e5a306-32d3-475d-b446-d15124f6f0c6 +vulnerability,CVE-2023-41751,vulnerability--444c85d3-3226-42a9-8431-452b513def83 +vulnerability,CVE-2023-41045,vulnerability--12ef1c9a-6c90-4b1c-8a92-0e45130d93db +vulnerability,CVE-2023-41747,vulnerability--8bc672d3-1340-4cee-9d8b-2bc2d136b505 +vulnerability,CVE-2023-41044,vulnerability--d040ef45-d9c4-4d54-8f79-2c798c6b5eeb +vulnerability,CVE-2023-41750,vulnerability--4c933414-92fd-4e27-becf-ac809de4420f +vulnerability,CVE-2023-41636,vulnerability--3ed8afda-516a-4107-9499-d3c934229130 +vulnerability,CVE-2023-41748,vulnerability--b8f65582-ddf6-4727-aed6-7ebde464e328 +vulnerability,CVE-2023-41738,vulnerability--a1875085-1333-4fc8-8594-79af20b49d78 +vulnerability,CVE-2023-41637,vulnerability--79708717-d748-427c-8b91-6d74fd634e1a +vulnerability,CVE-2023-41638,vulnerability--b73cbbfa-8c44-4e04-9a62-2fdeefd1005d +vulnerability,CVE-2023-41745,vulnerability--d26b13d0-9dd8-469e-a625-a0b726e98bcf +vulnerability,CVE-2023-41741,vulnerability--86bf190d-d380-47ef-a267-308667bac971 +vulnerability,CVE-2023-0689,vulnerability--5ae3ab3e-433e-4929-87bd-e7f182f000fe +vulnerability,CVE-2023-4163,vulnerability--c566513e-2066-4c62-98d1-cc1a20c90ba3 +vulnerability,CVE-2023-4500,vulnerability--22d4be6b-afda-437e-8cc0-eb0f4f44f153 +vulnerability,CVE-2023-4654,vulnerability--d602c0ad-195d-4a61-96bd-64f4247ce210 +vulnerability,CVE-2023-4683,vulnerability--81c18390-e9de-459e-8a70-896ea631f8ae +vulnerability,CVE-2023-4652,vulnerability--48e15a57-6921-4a24-a082-eee3728048ee +vulnerability,CVE-2023-4245,vulnerability--5587cf09-e8e3-4e3e-b7dc-66fadaf79ff0 +vulnerability,CVE-2023-4471,vulnerability--dd2bda62-fde6-4d83-8bee-e7ca4570fb57 +vulnerability,CVE-2023-4000,vulnerability--55919d18-aed0-4fa4-9d89-81107a22f220 +vulnerability,CVE-2023-4681,vulnerability--f2119d7a-cc1f-43f5-9e6a-27c1c5ac5f0a +vulnerability,CVE-2023-4655,vulnerability--6d336adc-58f2-47d4-986c-2bc52ddaa267 +vulnerability,CVE-2023-4653,vulnerability--0c82ba98-730e-48d0-9245-7671937d210f +vulnerability,CVE-2023-4682,vulnerability--15765ba0-597e-4f81-b456-f4822d8788d3 +vulnerability,CVE-2023-4162,vulnerability--169cdc6f-e282-4dc1-a457-592880948e55 +vulnerability,CVE-2023-4678,vulnerability--9ece557e-b251-43b2-a5f7-999f27b0d591 +vulnerability,CVE-2023-4160,vulnerability--087cd241-919b-4f0e-9e1f-0d3163931430 +vulnerability,CVE-2023-4299,vulnerability--a2c24546-20c2-4a0f-a064-2becd356228a +vulnerability,CVE-2023-4650,vulnerability--35b7ad05-85c2-4b36-9ba1-8f06b3f6d14d +vulnerability,CVE-2023-4688,vulnerability--8ec1027d-3a84-4524-87cc-70b5c0c62530 +vulnerability,CVE-2023-4651,vulnerability--32c52657-6156-44d7-b1da-00e3daaccbaf +vulnerability,CVE-2023-4161,vulnerability--aa39e2e3-9484-4240-93cc-d79c72facb3a +vulnerability,CVE-2023-4649,vulnerability--f19f4c51-c509-4aa7-a5c8-ece0d34e0ae1 +vulnerability,CVE-2023-4481,vulnerability--66d2b40f-4084-4bdc-b162-63325860d65f +vulnerability,CVE-2023-4315,vulnerability--880b0b8d-5827-444e-8c2e-5d853c027c01 +vulnerability,CVE-2023-2352,vulnerability--74675ced-7a83-476f-b6a0-0cf1175ab3a1 +vulnerability,CVE-2023-2279,vulnerability--a14998a5-44e0-4f26-acf7-7cd18454f75b +vulnerability,CVE-2023-2354,vulnerability--f0cfc2e5-285d-4234-9c8f-2df9041ca221 +vulnerability,CVE-2023-2353,vulnerability--24b55966-24bf-4cc0-8e49-583ba91f851f +vulnerability,CVE-2023-2188,vulnerability--842b5584-d3ba-460d-a265-634e6117ff6b +vulnerability,CVE-2023-2174,vulnerability--748201ce-d3fb-4507-b76a-ee03ba17cd81 +vulnerability,CVE-2023-2172,vulnerability--752f4fa7-1967-4b0a-ad2d-37e7ef8e47f4 +vulnerability,CVE-2023-2229,vulnerability--563ab5d9-b814-47db-86c8-e8d1ceb2c889 +vulnerability,CVE-2023-2171,vulnerability--f20be235-9447-4110-97a5-0176e99484d0 +vulnerability,CVE-2023-2173,vulnerability--1f8d764a-55ff-4dd4-b2f4-35816f26075f +vulnerability,CVE-2022-45451,vulnerability--56ffacc8-62e0-4819-94d2-47560eb52f82 +vulnerability,CVE-2022-46868,vulnerability--3dae4ab2-cf9b-44d2-a1ff-eb72a9a2e70c +vulnerability,CVE-2022-46869,vulnerability--98fd7fbe-77b3-4d42-be9b-ee12b68416e1 diff --git a/objects/vulnerability/vulnerability--03327fc2-a208-4971-8460-79b3384e1a03.json b/objects/vulnerability/vulnerability--03327fc2-a208-4971-8460-79b3384e1a03.json new file mode 100644 index 00000000000..0bea0032eab --- /dev/null +++ b/objects/vulnerability/vulnerability--03327fc2-a208-4971-8460-79b3384e1a03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--561925b3-758d-4bbb-9c45-742a165954c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03327fc2-a208-4971-8460-79b3384e1a03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.393834Z", + "modified": "2023-09-01T00:05:13.393834Z", + "name": "CVE-2023-40569", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--087cd241-919b-4f0e-9e1f-0d3163931430.json b/objects/vulnerability/vulnerability--087cd241-919b-4f0e-9e1f-0d3163931430.json new file mode 100644 index 00000000000..60c46c034c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--087cd241-919b-4f0e-9e1f-0d3163931430.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--258fe917-4121-4bec-916f-352e0fe5cb0c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--087cd241-919b-4f0e-9e1f-0d3163931430", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.699947Z", + "modified": "2023-09-01T00:05:14.699947Z", + "name": "CVE-2023-4160", + "description": "The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0989840a-94a8-45ff-908e-0bcd8fd89727.json b/objects/vulnerability/vulnerability--0989840a-94a8-45ff-908e-0bcd8fd89727.json new file mode 100644 index 00000000000..469b223a7e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--0989840a-94a8-45ff-908e-0bcd8fd89727.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1400f35-b127-42f2-a0b8-0df6e5b5c7d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0989840a-94a8-45ff-908e-0bcd8fd89727", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.278281Z", + "modified": "2023-09-01T00:05:14.278281Z", + "name": "CVE-2023-41635", + "description": "A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09f6f4a9-4253-41ad-9856-a474577f4893.json b/objects/vulnerability/vulnerability--09f6f4a9-4253-41ad-9856-a474577f4893.json new file mode 100644 index 00000000000..3e1a2f7bc9a --- /dev/null +++ b/objects/vulnerability/vulnerability--09f6f4a9-4253-41ad-9856-a474577f4893.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d73947-2413-498f-a055-81f7695084b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09f6f4a9-4253-41ad-9856-a474577f4893", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.677908Z", + "modified": "2023-09-01T00:05:13.677908Z", + "name": "CVE-2023-39354", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39354" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b42eee0-a26b-4834-bb6d-165106491534.json b/objects/vulnerability/vulnerability--0b42eee0-a26b-4834-bb6d-165106491534.json new file mode 100644 index 00000000000..5dc9c880dc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--0b42eee0-a26b-4834-bb6d-165106491534.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--631e6f3e-b660-4743-a090-934c403c38fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b42eee0-a26b-4834-bb6d-165106491534", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.204998Z", + "modified": "2023-09-01T00:05:14.204998Z", + "name": "CVE-2023-34392", + "description": "\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34392" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c82ba98-730e-48d0-9245-7671937d210f.json b/objects/vulnerability/vulnerability--0c82ba98-730e-48d0-9245-7671937d210f.json new file mode 100644 index 00000000000..14463f73d7c --- /dev/null +++ b/objects/vulnerability/vulnerability--0c82ba98-730e-48d0-9245-7671937d210f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e798c213-dedc-4240-95c8-9a7c35d2496a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c82ba98-730e-48d0-9245-7671937d210f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.692573Z", + "modified": "2023-09-01T00:05:14.692573Z", + "name": "CVE-2023-4653", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d537834-4212-439a-846d-0dfbedc9c621.json b/objects/vulnerability/vulnerability--0d537834-4212-439a-846d-0dfbedc9c621.json new file mode 100644 index 00000000000..3fcde06aba8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d537834-4212-439a-846d-0dfbedc9c621.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52677633-ef3d-4b9d-a1e2-24625982342a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d537834-4212-439a-846d-0dfbedc9c621", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.755127Z", + "modified": "2023-09-01T00:05:13.755127Z", + "name": "CVE-2023-31172", + "description": "\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12ef1c9a-6c90-4b1c-8a92-0e45130d93db.json b/objects/vulnerability/vulnerability--12ef1c9a-6c90-4b1c-8a92-0e45130d93db.json new file mode 100644 index 00000000000..e11bd78cd34 --- /dev/null +++ b/objects/vulnerability/vulnerability--12ef1c9a-6c90-4b1c-8a92-0e45130d93db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5fba2c1-fa7e-4154-ae4e-3a2d6d7eb2b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12ef1c9a-6c90-4b1c-8a92-0e45130d93db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.290081Z", + "modified": "2023-09-01T00:05:14.290081Z", + "name": "CVE-2023-41045", + "description": "Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query. Although unlikely in many setups, an external attacker could inject forged DNS responses into a Graylog's lookup table cache. In order to prevent this, it is at least recommendable to distribute the DNS queries through a pool of distinct sockets, each of them with a random source port and renew them periodically. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41045" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15765ba0-597e-4f81-b456-f4822d8788d3.json b/objects/vulnerability/vulnerability--15765ba0-597e-4f81-b456-f4822d8788d3.json new file mode 100644 index 00000000000..2762d26ecb2 --- /dev/null +++ b/objects/vulnerability/vulnerability--15765ba0-597e-4f81-b456-f4822d8788d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--653efd15-5375-4510-8dec-3ce9cf7e4996", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15765ba0-597e-4f81-b456-f4822d8788d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.694957Z", + "modified": "2023-09-01T00:05:14.694957Z", + "name": "CVE-2023-4682", + "description": "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--169cdc6f-e282-4dc1-a457-592880948e55.json b/objects/vulnerability/vulnerability--169cdc6f-e282-4dc1-a457-592880948e55.json new file mode 100644 index 00000000000..e2df5c09b18 --- /dev/null +++ b/objects/vulnerability/vulnerability--169cdc6f-e282-4dc1-a457-592880948e55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03266a5c-547e-4656-86cb-e6b2b0c32391", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--169cdc6f-e282-4dc1-a457-592880948e55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.696404Z", + "modified": "2023-09-01T00:05:14.696404Z", + "name": "CVE-2023-4162", + "description": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli “passwdcfg --set -expire \n-minDiff“.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17aca638-78a6-48b8-855e-cc01096f96fa.json b/objects/vulnerability/vulnerability--17aca638-78a6-48b8-855e-cc01096f96fa.json new file mode 100644 index 00000000000..f9492782c98 --- /dev/null +++ b/objects/vulnerability/vulnerability--17aca638-78a6-48b8-855e-cc01096f96fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9ea7743-8345-4e11-9f3a-c8b19fbe7176", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17aca638-78a6-48b8-855e-cc01096f96fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.725787Z", + "modified": "2023-09-01T00:05:13.725787Z", + "name": "CVE-2023-31169", + "description": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f8d764a-55ff-4dd4-b2f4-35816f26075f.json b/objects/vulnerability/vulnerability--1f8d764a-55ff-4dd4-b2f4-35816f26075f.json new file mode 100644 index 00000000000..c9362755aa6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1f8d764a-55ff-4dd4-b2f4-35816f26075f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29c33752-2ccc-490c-844d-e9836046539d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f8d764a-55ff-4dd4-b2f4-35816f26075f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.833599Z", + "modified": "2023-09-01T00:05:14.833599Z", + "name": "CVE-2023-2173", + "description": "The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--217a2889-3671-4e53-ae49-dac6ff033ad9.json b/objects/vulnerability/vulnerability--217a2889-3671-4e53-ae49-dac6ff033ad9.json new file mode 100644 index 00000000000..95a783efc1a --- /dev/null +++ b/objects/vulnerability/vulnerability--217a2889-3671-4e53-ae49-dac6ff033ad9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--069426d2-4d37-4ac3-b39a-877f64cd7794", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--217a2889-3671-4e53-ae49-dac6ff033ad9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.407527Z", + "modified": "2023-09-01T00:05:13.407527Z", + "name": "CVE-2023-40576", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22d4be6b-afda-437e-8cc0-eb0f4f44f153.json b/objects/vulnerability/vulnerability--22d4be6b-afda-437e-8cc0-eb0f4f44f153.json new file mode 100644 index 00000000000..34ae805924e --- /dev/null +++ b/objects/vulnerability/vulnerability--22d4be6b-afda-437e-8cc0-eb0f4f44f153.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b786ce0-afdc-4dcf-9b57-6b610a25ab2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22d4be6b-afda-437e-8cc0-eb0f4f44f153", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.658655Z", + "modified": "2023-09-01T00:05:14.658655Z", + "name": "CVE-2023-4500", + "description": "The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2483af85-124c-4ba7-b828-348c7bfc8f69.json b/objects/vulnerability/vulnerability--2483af85-124c-4ba7-b828-348c7bfc8f69.json new file mode 100644 index 00000000000..4758e8654e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--2483af85-124c-4ba7-b828-348c7bfc8f69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d54b55d-08b9-48e6-a5e8-b6fcdeaad475", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2483af85-124c-4ba7-b828-348c7bfc8f69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.717721Z", + "modified": "2023-09-01T00:05:13.717721Z", + "name": "CVE-2023-39356", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24b55966-24bf-4cc0-8e49-583ba91f851f.json b/objects/vulnerability/vulnerability--24b55966-24bf-4cc0-8e49-583ba91f851f.json new file mode 100644 index 00000000000..945a2480844 --- /dev/null +++ b/objects/vulnerability/vulnerability--24b55966-24bf-4cc0-8e49-583ba91f851f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--858499f2-3978-4246-8261-7ea51019c0c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24b55966-24bf-4cc0-8e49-583ba91f851f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.792274Z", + "modified": "2023-09-01T00:05:14.792274Z", + "name": "CVE-2023-2353", + "description": "The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2353" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2cbbeca9-b62f-4687-b37d-f71695584f06.json b/objects/vulnerability/vulnerability--2cbbeca9-b62f-4687-b37d-f71695584f06.json new file mode 100644 index 00000000000..c16618e5460 --- /dev/null +++ b/objects/vulnerability/vulnerability--2cbbeca9-b62f-4687-b37d-f71695584f06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c36e05c8-6816-443b-a6d1-435ce056a8ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2cbbeca9-b62f-4687-b37d-f71695584f06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.704428Z", + "modified": "2023-09-01T00:05:13.704428Z", + "name": "CVE-2023-39353", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39353" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32c52657-6156-44d7-b1da-00e3daaccbaf.json b/objects/vulnerability/vulnerability--32c52657-6156-44d7-b1da-00e3daaccbaf.json new file mode 100644 index 00000000000..5bd458199ee --- /dev/null +++ b/objects/vulnerability/vulnerability--32c52657-6156-44d7-b1da-00e3daaccbaf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--671bf161-ac50-46bc-a077-4043c1aa546a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32c52657-6156-44d7-b1da-00e3daaccbaf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.710325Z", + "modified": "2023-09-01T00:05:14.710325Z", + "name": "CVE-2023-4651", + "description": "Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3337abc4-429b-43d8-9643-4ba1c6615932.json b/objects/vulnerability/vulnerability--3337abc4-429b-43d8-9643-4ba1c6615932.json new file mode 100644 index 00000000000..06251318de5 --- /dev/null +++ b/objects/vulnerability/vulnerability--3337abc4-429b-43d8-9643-4ba1c6615932.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d6b7cf0-6567-4448-aedc-8db625f0d10a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3337abc4-429b-43d8-9643-4ba1c6615932", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.399049Z", + "modified": "2023-09-01T00:05:13.399049Z", + "name": "CVE-2023-40589", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40589" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35b7ad05-85c2-4b36-9ba1-8f06b3f6d14d.json b/objects/vulnerability/vulnerability--35b7ad05-85c2-4b36-9ba1-8f06b3f6d14d.json new file mode 100644 index 00000000000..a4c3682a556 --- /dev/null +++ b/objects/vulnerability/vulnerability--35b7ad05-85c2-4b36-9ba1-8f06b3f6d14d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24ca7f49-2af0-4235-8dc3-5dcfbc67e374", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35b7ad05-85c2-4b36-9ba1-8f06b3f6d14d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.70661Z", + "modified": "2023-09-01T00:05:14.70661Z", + "name": "CVE-2023-4650", + "description": "Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36000a7d-545c-44b4-ad0f-c21d24ecf6d5.json b/objects/vulnerability/vulnerability--36000a7d-545c-44b4-ad0f-c21d24ecf6d5.json new file mode 100644 index 00000000000..232b5c4750c --- /dev/null +++ b/objects/vulnerability/vulnerability--36000a7d-545c-44b4-ad0f-c21d24ecf6d5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6614dc6e-1e6f-4a29-87dd-f40cbbafaecf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36000a7d-545c-44b4-ad0f-c21d24ecf6d5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.387597Z", + "modified": "2023-09-01T00:05:13.387597Z", + "name": "CVE-2023-40181", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3677e3dd-b5da-40f9-8960-74761b79f70c.json b/objects/vulnerability/vulnerability--3677e3dd-b5da-40f9-8960-74761b79f70c.json new file mode 100644 index 00000000000..d0e7c729704 --- /dev/null +++ b/objects/vulnerability/vulnerability--3677e3dd-b5da-40f9-8960-74761b79f70c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afb1a693-3bb1-44ec-a1b5-049f335e83c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3677e3dd-b5da-40f9-8960-74761b79f70c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.674155Z", + "modified": "2023-09-01T00:05:13.674155Z", + "name": "CVE-2023-39351", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--383aacbd-1b41-4743-9622-e7ab38583ff6.json b/objects/vulnerability/vulnerability--383aacbd-1b41-4743-9622-e7ab38583ff6.json new file mode 100644 index 00000000000..d6dbd12dbb9 --- /dev/null +++ b/objects/vulnerability/vulnerability--383aacbd-1b41-4743-9622-e7ab38583ff6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0629e3d-7980-4f32-ae50-cfcc079a1282", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--383aacbd-1b41-4743-9622-e7ab38583ff6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.442666Z", + "modified": "2023-09-01T00:05:13.442666Z", + "name": "CVE-2023-20900", + "description": "VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.\n\n\n\n\n\n\n\n\n\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-20900" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38e04746-7157-4d72-a2de-a95ff3e483f6.json b/objects/vulnerability/vulnerability--38e04746-7157-4d72-a2de-a95ff3e483f6.json new file mode 100644 index 00000000000..e45c06eb035 --- /dev/null +++ b/objects/vulnerability/vulnerability--38e04746-7157-4d72-a2de-a95ff3e483f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1bee6a53-3c5e-46f5-bf24-ef30aee6b2ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38e04746-7157-4d72-a2de-a95ff3e483f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.244106Z", + "modified": "2023-09-01T00:05:14.244106Z", + "name": "CVE-2023-33833", + "description": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33833" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dae4ab2-cf9b-44d2-a1ff-eb72a9a2e70c.json b/objects/vulnerability/vulnerability--3dae4ab2-cf9b-44d2-a1ff-eb72a9a2e70c.json new file mode 100644 index 00000000000..6cadc1e79f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--3dae4ab2-cf9b-44d2-a1ff-eb72a9a2e70c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55113fb9-7642-4eaa-822e-bf3f97e754fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dae4ab2-cf9b-44d2-a1ff-eb72a9a2e70c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:21.889856Z", + "modified": "2023-09-01T00:05:21.889856Z", + "name": "CVE-2022-46868", + "description": "Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-46868" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ed8afda-516a-4107-9499-d3c934229130.json b/objects/vulnerability/vulnerability--3ed8afda-516a-4107-9499-d3c934229130.json new file mode 100644 index 00000000000..192c68e2b92 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ed8afda-516a-4107-9499-d3c934229130.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c80deab-2bb9-46fa-a834-9e50ab615218", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ed8afda-516a-4107-9499-d3c934229130", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.300306Z", + "modified": "2023-09-01T00:05:14.300306Z", + "name": "CVE-2023-41636", + "description": "A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f317325-ffc3-4c0e-b4f8-c41430c49e8b.json b/objects/vulnerability/vulnerability--3f317325-ffc3-4c0e-b4f8-c41430c49e8b.json new file mode 100644 index 00000000000..30c264e79d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f317325-ffc3-4c0e-b4f8-c41430c49e8b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e28d9116-16f7-4bb2-a36d-03d5b5f61445", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f317325-ffc3-4c0e-b4f8-c41430c49e8b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.172478Z", + "modified": "2023-09-01T00:05:14.172478Z", + "name": "CVE-2023-34391", + "description": "Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.\n\nSee Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details.\n \nThis issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34391" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--412e097a-c2bf-4ffc-be9e-f22b78bbb145.json b/objects/vulnerability/vulnerability--412e097a-c2bf-4ffc-be9e-f22b78bbb145.json new file mode 100644 index 00000000000..2be9bc5b73b --- /dev/null +++ b/objects/vulnerability/vulnerability--412e097a-c2bf-4ffc-be9e-f22b78bbb145.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27005a94-30c9-45fe-8f89-e90e6d9f4174", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--412e097a-c2bf-4ffc-be9e-f22b78bbb145", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.241482Z", + "modified": "2023-09-01T00:05:14.241482Z", + "name": "CVE-2023-33834", + "description": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33834" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41513308-0dbb-4af1-9b11-57025baf812a.json b/objects/vulnerability/vulnerability--41513308-0dbb-4af1-9b11-57025baf812a.json new file mode 100644 index 00000000000..c6010dba97b --- /dev/null +++ b/objects/vulnerability/vulnerability--41513308-0dbb-4af1-9b11-57025baf812a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7f2e3db-3f2b-41de-9f36-f3d0b024ebc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41513308-0dbb-4af1-9b11-57025baf812a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.284409Z", + "modified": "2023-09-01T00:05:14.284409Z", + "name": "CVE-2023-41749", + "description": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--444c85d3-3226-42a9-8431-452b513def83.json b/objects/vulnerability/vulnerability--444c85d3-3226-42a9-8431-452b513def83.json new file mode 100644 index 00000000000..33bbc1d8d88 --- /dev/null +++ b/objects/vulnerability/vulnerability--444c85d3-3226-42a9-8431-452b513def83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12631aeb-b4db-4d60-92aa-76b372e01f11", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--444c85d3-3226-42a9-8431-452b513def83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.288868Z", + "modified": "2023-09-01T00:05:14.288868Z", + "name": "CVE-2023-41751", + "description": "Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48e15a57-6921-4a24-a082-eee3728048ee.json b/objects/vulnerability/vulnerability--48e15a57-6921-4a24-a082-eee3728048ee.json new file mode 100644 index 00000000000..b921f98208f --- /dev/null +++ b/objects/vulnerability/vulnerability--48e15a57-6921-4a24-a082-eee3728048ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee3bbb66-3c3a-4f75-8b45-3a9f465a1022", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48e15a57-6921-4a24-a082-eee3728048ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.664719Z", + "modified": "2023-09-01T00:05:14.664719Z", + "name": "CVE-2023-4652", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c933414-92fd-4e27-becf-ac809de4420f.json b/objects/vulnerability/vulnerability--4c933414-92fd-4e27-becf-ac809de4420f.json new file mode 100644 index 00000000000..76a36fa45a5 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c933414-92fd-4e27-becf-ac809de4420f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--282c3c1e-63bf-4edb-8348-ff413a8b8c2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c933414-92fd-4e27-becf-ac809de4420f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.298814Z", + "modified": "2023-09-01T00:05:14.298814Z", + "name": "CVE-2023-41750", + "description": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ccf4d4b-2ca9-49c5-971d-d06f24e7631f.json b/objects/vulnerability/vulnerability--4ccf4d4b-2ca9-49c5-971d-d06f24e7631f.json new file mode 100644 index 00000000000..9ee2970476a --- /dev/null +++ b/objects/vulnerability/vulnerability--4ccf4d4b-2ca9-49c5-971d-d06f24e7631f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8867f10b-7f34-4f64-a70c-95ad68491390", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ccf4d4b-2ca9-49c5-971d-d06f24e7631f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.4244Z", + "modified": "2023-09-01T00:05:13.4244Z", + "name": "CVE-2023-40186", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e848cae-b6c0-4a7e-8b6e-2022ec899372.json b/objects/vulnerability/vulnerability--4e848cae-b6c0-4a7e-8b6e-2022ec899372.json new file mode 100644 index 00000000000..30e624e2fdb --- /dev/null +++ b/objects/vulnerability/vulnerability--4e848cae-b6c0-4a7e-8b6e-2022ec899372.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d1d3bc6-4dfc-40e7-8363-b55b82fda335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e848cae-b6c0-4a7e-8b6e-2022ec899372", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.264879Z", + "modified": "2023-09-01T00:05:14.264879Z", + "name": "CVE-2023-41717", + "description": "Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41717" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--533ab502-9980-46ab-bffe-5b8823df15bf.json b/objects/vulnerability/vulnerability--533ab502-9980-46ab-bffe-5b8823df15bf.json new file mode 100644 index 00000000000..cfa873d46d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--533ab502-9980-46ab-bffe-5b8823df15bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4af9c25c-a0ee-40ac-b1e3-e82b1796872e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--533ab502-9980-46ab-bffe-5b8823df15bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.371494Z", + "modified": "2023-09-01T00:05:13.371494Z", + "name": "CVE-2023-40567", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40567" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5587cf09-e8e3-4e3e-b7dc-66fadaf79ff0.json b/objects/vulnerability/vulnerability--5587cf09-e8e3-4e3e-b7dc-66fadaf79ff0.json new file mode 100644 index 00000000000..65cda548e8c --- /dev/null +++ b/objects/vulnerability/vulnerability--5587cf09-e8e3-4e3e-b7dc-66fadaf79ff0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b1a7534-d44d-48c1-b000-bb47bc330673", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5587cf09-e8e3-4e3e-b7dc-66fadaf79ff0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.665993Z", + "modified": "2023-09-01T00:05:14.665993Z", + "name": "CVE-2023-4245", + "description": "The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4245" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55919d18-aed0-4fa4-9d89-81107a22f220.json b/objects/vulnerability/vulnerability--55919d18-aed0-4fa4-9d89-81107a22f220.json new file mode 100644 index 00000000000..8cf637a831e --- /dev/null +++ b/objects/vulnerability/vulnerability--55919d18-aed0-4fa4-9d89-81107a22f220.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bca8c0d9-6516-4102-8dc5-d846bceef9e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55919d18-aed0-4fa4-9d89-81107a22f220", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.670262Z", + "modified": "2023-09-01T00:05:14.670262Z", + "name": "CVE-2023-4000", + "description": "The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdowns, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4000" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--563ab5d9-b814-47db-86c8-e8d1ceb2c889.json b/objects/vulnerability/vulnerability--563ab5d9-b814-47db-86c8-e8d1ceb2c889.json new file mode 100644 index 00000000000..bd60ad482e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--563ab5d9-b814-47db-86c8-e8d1ceb2c889.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cf17709-4d50-43d9-93ab-3d57d1018fac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--563ab5d9-b814-47db-86c8-e8d1ceb2c889", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.829187Z", + "modified": "2023-09-01T00:05:14.829187Z", + "name": "CVE-2023-2229", + "description": "The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56ffacc8-62e0-4819-94d2-47560eb52f82.json b/objects/vulnerability/vulnerability--56ffacc8-62e0-4819-94d2-47560eb52f82.json new file mode 100644 index 00000000000..58dc3758ffd --- /dev/null +++ b/objects/vulnerability/vulnerability--56ffacc8-62e0-4819-94d2-47560eb52f82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--462cf395-00ec-40d6-83c7-00ae57c0d4b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56ffacc8-62e0-4819-94d2-47560eb52f82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:21.588054Z", + "modified": "2023-09-01T00:05:21.588054Z", + "name": "CVE-2022-45451", + "description": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5814349d-9ac6-4a50-bf16-7e25ea0ce60c.json b/objects/vulnerability/vulnerability--5814349d-9ac6-4a50-bf16-7e25ea0ce60c.json new file mode 100644 index 00000000000..91c5876fcb6 --- /dev/null +++ b/objects/vulnerability/vulnerability--5814349d-9ac6-4a50-bf16-7e25ea0ce60c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cafebd6-af9c-4e5a-97bd-4f1bc3d86504", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5814349d-9ac6-4a50-bf16-7e25ea0ce60c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.266067Z", + "modified": "2023-09-01T00:05:14.266067Z", + "name": "CVE-2023-41034", + "description": "Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ae3ab3e-433e-4929-87bd-e7f182f000fe.json b/objects/vulnerability/vulnerability--5ae3ab3e-433e-4929-87bd-e7f182f000fe.json new file mode 100644 index 00000000000..c05c1bd73cb --- /dev/null +++ b/objects/vulnerability/vulnerability--5ae3ab3e-433e-4929-87bd-e7f182f000fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2470680c-bf31-4629-bafb-8fc3035767a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ae3ab3e-433e-4929-87bd-e7f182f000fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.519129Z", + "modified": "2023-09-01T00:05:14.519129Z", + "name": "CVE-2023-0689", + "description": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-0689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bb3d8ff-8186-4535-8053-99ad6c641ae2.json b/objects/vulnerability/vulnerability--5bb3d8ff-8186-4535-8053-99ad6c641ae2.json new file mode 100644 index 00000000000..c4c75e88b07 --- /dev/null +++ b/objects/vulnerability/vulnerability--5bb3d8ff-8186-4535-8053-99ad6c641ae2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61ee4837-235e-4954-97db-ce27c0af6be6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bb3d8ff-8186-4535-8053-99ad6c641ae2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.736927Z", + "modified": "2023-09-01T00:05:13.736927Z", + "name": "CVE-2023-31170", + "description": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--625af38a-d1e7-4697-b93d-19b5cc1f792d.json b/objects/vulnerability/vulnerability--625af38a-d1e7-4697-b93d-19b5cc1f792d.json new file mode 100644 index 00000000000..e334347dcea --- /dev/null +++ b/objects/vulnerability/vulnerability--625af38a-d1e7-4697-b93d-19b5cc1f792d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99d645f6-dc0a-45f1-af40-4188a8f8862c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--625af38a-d1e7-4697-b93d-19b5cc1f792d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.273583Z", + "modified": "2023-09-01T00:05:14.273583Z", + "name": "CVE-2023-41739", + "description": "Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41739" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63aa3986-83a3-4b04-881f-10b8326adeb1.json b/objects/vulnerability/vulnerability--63aa3986-83a3-4b04-881f-10b8326adeb1.json new file mode 100644 index 00000000000..7d31cab0e2a --- /dev/null +++ b/objects/vulnerability/vulnerability--63aa3986-83a3-4b04-881f-10b8326adeb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--345fbb48-984f-464b-9175-257c394d3d3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63aa3986-83a3-4b04-881f-10b8326adeb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.272598Z", + "modified": "2023-09-01T00:05:14.272598Z", + "name": "CVE-2023-41743", + "description": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41743" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66d2b40f-4084-4bdc-b162-63325860d65f.json b/objects/vulnerability/vulnerability--66d2b40f-4084-4bdc-b162-63325860d65f.json new file mode 100644 index 00000000000..820e3f1a7e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--66d2b40f-4084-4bdc-b162-63325860d65f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e32a0bb9-1ff8-4e39-b4fe-a5974aa777df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66d2b40f-4084-4bdc-b162-63325860d65f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.715311Z", + "modified": "2023-09-01T00:05:14.715311Z", + "name": "CVE-2023-4481", + "description": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.\nContinuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a276aaa-b134-478e-994e-540293f1b392.json b/objects/vulnerability/vulnerability--6a276aaa-b134-478e-994e-540293f1b392.json new file mode 100644 index 00000000000..e367855f61e --- /dev/null +++ b/objects/vulnerability/vulnerability--6a276aaa-b134-478e-994e-540293f1b392.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--73400975-5b04-4838-878b-568ac3152f6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a276aaa-b134-478e-994e-540293f1b392", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.734668Z", + "modified": "2023-09-01T00:05:13.734668Z", + "name": "CVE-2023-31168", + "description": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31168" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d336adc-58f2-47d4-986c-2bc52ddaa267.json b/objects/vulnerability/vulnerability--6d336adc-58f2-47d4-986c-2bc52ddaa267.json new file mode 100644 index 00000000000..d901de9ff32 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d336adc-58f2-47d4-986c-2bc52ddaa267.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc9aeede-3cf7-4d4f-bd0e-6e3f190c37e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d336adc-58f2-47d4-986c-2bc52ddaa267", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.690436Z", + "modified": "2023-09-01T00:05:14.690436Z", + "name": "CVE-2023-4655", + "description": "Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6defd8bd-d2b3-4861-8a05-ed77694c064d.json b/objects/vulnerability/vulnerability--6defd8bd-d2b3-4861-8a05-ed77694c064d.json new file mode 100644 index 00000000000..349a79c8b3b --- /dev/null +++ b/objects/vulnerability/vulnerability--6defd8bd-d2b3-4861-8a05-ed77694c064d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46fee94b-1f13-425e-b9d4-c53c72289f21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6defd8bd-d2b3-4861-8a05-ed77694c064d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.721206Z", + "modified": "2023-09-01T00:05:13.721206Z", + "name": "CVE-2023-39350", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39350" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7222081a-145d-4f33-b320-59e6c0d24633.json b/objects/vulnerability/vulnerability--7222081a-145d-4f33-b320-59e6c0d24633.json new file mode 100644 index 00000000000..797260d6aab --- /dev/null +++ b/objects/vulnerability/vulnerability--7222081a-145d-4f33-b320-59e6c0d24633.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b6dfbf6-c503-47f1-b8e8-bafe42924092", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7222081a-145d-4f33-b320-59e6c0d24633", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.781181Z", + "modified": "2023-09-01T00:05:13.781181Z", + "name": "CVE-2023-31173", + "description": "Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74675ced-7a83-476f-b6a0-0cf1175ab3a1.json b/objects/vulnerability/vulnerability--74675ced-7a83-476f-b6a0-0cf1175ab3a1.json new file mode 100644 index 00000000000..3a531c8b6f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--74675ced-7a83-476f-b6a0-0cf1175ab3a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44ad19e6-2820-439c-af3a-911fbdaf0a76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74675ced-7a83-476f-b6a0-0cf1175ab3a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.775352Z", + "modified": "2023-09-01T00:05:14.775352Z", + "name": "CVE-2023-2352", + "description": "The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenticated attackers to update or reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2352" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--748201ce-d3fb-4507-b76a-ee03ba17cd81.json b/objects/vulnerability/vulnerability--748201ce-d3fb-4507-b76a-ee03ba17cd81.json new file mode 100644 index 00000000000..9d9a54637c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--748201ce-d3fb-4507-b76a-ee03ba17cd81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--302d2163-e6a3-471c-bae8-887e9ff13194", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--748201ce-d3fb-4507-b76a-ee03ba17cd81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.800026Z", + "modified": "2023-09-01T00:05:14.800026Z", + "name": "CVE-2023-2174", + "description": "The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--752f4fa7-1967-4b0a-ad2d-37e7ef8e47f4.json b/objects/vulnerability/vulnerability--752f4fa7-1967-4b0a-ad2d-37e7ef8e47f4.json new file mode 100644 index 00000000000..ab67c0d89db --- /dev/null +++ b/objects/vulnerability/vulnerability--752f4fa7-1967-4b0a-ad2d-37e7ef8e47f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b2129b0-a498-4c19-bdba-b191653cf3b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--752f4fa7-1967-4b0a-ad2d-37e7ef8e47f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.81533Z", + "modified": "2023-09-01T00:05:14.81533Z", + "name": "CVE-2023-2172", + "description": "The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79708717-d748-427c-8b91-6d74fd634e1a.json b/objects/vulnerability/vulnerability--79708717-d748-427c-8b91-6d74fd634e1a.json new file mode 100644 index 00000000000..237e448ae04 --- /dev/null +++ b/objects/vulnerability/vulnerability--79708717-d748-427c-8b91-6d74fd634e1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b0af37d-7e05-4fff-bccd-0bdbb73b89fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79708717-d748-427c-8b91-6d74fd634e1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.306043Z", + "modified": "2023-09-01T00:05:14.306043Z", + "name": "CVE-2023-41637", + "description": "An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a1df363-caa6-4111-95b0-b9956b539264.json b/objects/vulnerability/vulnerability--7a1df363-caa6-4111-95b0-b9956b539264.json new file mode 100644 index 00000000000..1231b45a9e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a1df363-caa6-4111-95b0-b9956b539264.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d3cd65e-9132-43a4-a5a4-fb020c13d117", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a1df363-caa6-4111-95b0-b9956b539264", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.676346Z", + "modified": "2023-09-01T00:05:13.676346Z", + "name": "CVE-2023-39352", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39352" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e802732-3aa8-4440-9f91-ea7194ab7c72.json b/objects/vulnerability/vulnerability--7e802732-3aa8-4440-9f91-ea7194ab7c72.json new file mode 100644 index 00000000000..bccd8c5462f --- /dev/null +++ b/objects/vulnerability/vulnerability--7e802732-3aa8-4440-9f91-ea7194ab7c72.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de20e132-6682-4b2c-ae0c-e8e08fe9d80e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e802732-3aa8-4440-9f91-ea7194ab7c72", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.240285Z", + "modified": "2023-09-01T00:05:14.240285Z", + "name": "CVE-2023-33835", + "description": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33835" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f86b87b-4b74-4e81-9ddf-fc43202f544f.json b/objects/vulnerability/vulnerability--7f86b87b-4b74-4e81-9ddf-fc43202f544f.json new file mode 100644 index 00000000000..c55a8783015 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f86b87b-4b74-4e81-9ddf-fc43202f544f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--62fcd987-b569-4a3a-b669-78bd7c5594ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f86b87b-4b74-4e81-9ddf-fc43202f544f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.42707Z", + "modified": "2023-09-01T00:05:13.42707Z", + "name": "CVE-2023-40575", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40575" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f9e36df-9ae8-4139-9823-ed0ab9068d6b.json b/objects/vulnerability/vulnerability--7f9e36df-9ae8-4139-9823-ed0ab9068d6b.json new file mode 100644 index 00000000000..f652c9fc71c --- /dev/null +++ b/objects/vulnerability/vulnerability--7f9e36df-9ae8-4139-9823-ed0ab9068d6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd2c9376-7a78-4558-ab27-f988d4cc0ea1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f9e36df-9ae8-4139-9823-ed0ab9068d6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.702255Z", + "modified": "2023-09-01T00:05:13.702255Z", + "name": "CVE-2023-39355", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39355" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7fdf6a8c-86e4-4b7f-b35c-040e23882244.json b/objects/vulnerability/vulnerability--7fdf6a8c-86e4-4b7f-b35c-040e23882244.json new file mode 100644 index 00000000000..51ed028ee70 --- /dev/null +++ b/objects/vulnerability/vulnerability--7fdf6a8c-86e4-4b7f-b35c-040e23882244.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5eeec227-739c-488c-972a-38aeb56c3985", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7fdf6a8c-86e4-4b7f-b35c-040e23882244", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.778764Z", + "modified": "2023-09-01T00:05:13.778764Z", + "name": "CVE-2023-31174", + "description": "\nA Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80688361-c3f0-4524-bb1e-1b9033d44697.json b/objects/vulnerability/vulnerability--80688361-c3f0-4524-bb1e-1b9033d44697.json new file mode 100644 index 00000000000..cddefff6a7f --- /dev/null +++ b/objects/vulnerability/vulnerability--80688361-c3f0-4524-bb1e-1b9033d44697.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13845adf-9e71-42c5-ba71-4a3cdb5d06d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80688361-c3f0-4524-bb1e-1b9033d44697", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.767593Z", + "modified": "2023-09-01T00:05:13.767593Z", + "name": "CVE-2023-31424", + "description": "Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a\n allows remote unauthenticated users to bypass web authentication and \nauthorization.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31424" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81c18390-e9de-459e-8a70-896ea631f8ae.json b/objects/vulnerability/vulnerability--81c18390-e9de-459e-8a70-896ea631f8ae.json new file mode 100644 index 00000000000..50f29252f72 --- /dev/null +++ b/objects/vulnerability/vulnerability--81c18390-e9de-459e-8a70-896ea631f8ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b73619db-2adb-4aba-a31c-8fad33b74813", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81c18390-e9de-459e-8a70-896ea631f8ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.662986Z", + "modified": "2023-09-01T00:05:14.662986Z", + "name": "CVE-2023-4683", + "description": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--842b5584-d3ba-460d-a265-634e6117ff6b.json b/objects/vulnerability/vulnerability--842b5584-d3ba-460d-a265-634e6117ff6b.json new file mode 100644 index 00000000000..4271fbc3251 --- /dev/null +++ b/objects/vulnerability/vulnerability--842b5584-d3ba-460d-a265-634e6117ff6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7d813a4-d5f8-4221-827b-37ecae2afb56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--842b5584-d3ba-460d-a265-634e6117ff6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.793362Z", + "modified": "2023-09-01T00:05:14.793362Z", + "name": "CVE-2023-2188", + "description": "The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86bf190d-d380-47ef-a267-308667bac971.json b/objects/vulnerability/vulnerability--86bf190d-d380-47ef-a267-308667bac971.json new file mode 100644 index 00000000000..c2fd7429ad7 --- /dev/null +++ b/objects/vulnerability/vulnerability--86bf190d-d380-47ef-a267-308667bac971.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7333e777-a1b8-4401-9499-6fec230e39b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86bf190d-d380-47ef-a267-308667bac971", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.313029Z", + "modified": "2023-09-01T00:05:14.313029Z", + "name": "CVE-2023-41741", + "description": "Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41741" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--880b0b8d-5827-444e-8c2e-5d853c027c01.json b/objects/vulnerability/vulnerability--880b0b8d-5827-444e-8c2e-5d853c027c01.json new file mode 100644 index 00000000000..7c58982da80 --- /dev/null +++ b/objects/vulnerability/vulnerability--880b0b8d-5827-444e-8c2e-5d853c027c01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d787d47b-71cc-4d5c-9dc1-06bb5fffd652", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--880b0b8d-5827-444e-8c2e-5d853c027c01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.721716Z", + "modified": "2023-09-01T00:05:14.721716Z", + "name": "CVE-2023-4315", + "description": "The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4315" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ace6245-48a8-48e4-99d5-925ec0cd7dd9.json b/objects/vulnerability/vulnerability--8ace6245-48a8-48e4-99d5-925ec0cd7dd9.json new file mode 100644 index 00000000000..897372d2f62 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ace6245-48a8-48e4-99d5-925ec0cd7dd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfef563e-81cc-46bd-b03e-c67eb621ca46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ace6245-48a8-48e4-99d5-925ec0cd7dd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.62691Z", + "modified": "2023-09-01T00:05:13.62691Z", + "name": "CVE-2023-3404", + "description": "The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the plugin. This makes it possible for authenticated attackers, with administrator-level permissions or above to decrypt and view users' passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users' passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bc672d3-1340-4cee-9d8b-2bc2d136b505.json b/objects/vulnerability/vulnerability--8bc672d3-1340-4cee-9d8b-2bc2d136b505.json new file mode 100644 index 00000000000..5f419b5638d --- /dev/null +++ b/objects/vulnerability/vulnerability--8bc672d3-1340-4cee-9d8b-2bc2d136b505.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54c97cf0-6840-42a0-834a-b58ea4334bdd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bc672d3-1340-4cee-9d8b-2bc2d136b505", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.292788Z", + "modified": "2023-09-01T00:05:14.292788Z", + "name": "CVE-2023-41747", + "description": "Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d39bdb5-01fd-4025-a5c5-baed80a8e9f8.json b/objects/vulnerability/vulnerability--8d39bdb5-01fd-4025-a5c5-baed80a8e9f8.json new file mode 100644 index 00000000000..7d4ec273dbd --- /dev/null +++ b/objects/vulnerability/vulnerability--8d39bdb5-01fd-4025-a5c5-baed80a8e9f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f034d481-6037-4812-a87f-ee2805536d68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d39bdb5-01fd-4025-a5c5-baed80a8e9f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.727436Z", + "modified": "2023-09-01T00:05:13.727436Z", + "name": "CVE-2023-31171", + "description": "\nAn Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ec1027d-3a84-4524-87cc-70b5c0c62530.json b/objects/vulnerability/vulnerability--8ec1027d-3a84-4524-87cc-70b5c0c62530.json new file mode 100644 index 00000000000..1ffb8a9832a --- /dev/null +++ b/objects/vulnerability/vulnerability--8ec1027d-3a84-4524-87cc-70b5c0c62530.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f61fe51c-7f10-45a8-8f11-3532260d11aa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ec1027d-3a84-4524-87cc-70b5c0c62530", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.708045Z", + "modified": "2023-09-01T00:05:14.708045Z", + "name": "CVE-2023-4688", + "description": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98fd7fbe-77b3-4d42-be9b-ee12b68416e1.json b/objects/vulnerability/vulnerability--98fd7fbe-77b3-4d42-be9b-ee12b68416e1.json new file mode 100644 index 00000000000..8d3b0504e04 --- /dev/null +++ b/objects/vulnerability/vulnerability--98fd7fbe-77b3-4d42-be9b-ee12b68416e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8018ac5-15c6-4b97-a81a-912491dee43d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98fd7fbe-77b3-4d42-be9b-ee12b68416e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:21.925196Z", + "modified": "2023-09-01T00:05:21.925196Z", + "name": "CVE-2022-46869", + "description": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-46869" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--998ed80a-94fc-4438-bc41-b2aa5c192c6a.json b/objects/vulnerability/vulnerability--998ed80a-94fc-4438-bc41-b2aa5c192c6a.json new file mode 100644 index 00000000000..81bcd05b3a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--998ed80a-94fc-4438-bc41-b2aa5c192c6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da5aaf27-45c9-465a-823b-6ad0c8f808d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--998ed80a-94fc-4438-bc41-b2aa5c192c6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.631546Z", + "modified": "2023-09-01T00:05:13.631546Z", + "name": "CVE-2023-3764", + "description": "The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3764" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ece557e-b251-43b2-a5f7-999f27b0d591.json b/objects/vulnerability/vulnerability--9ece557e-b251-43b2-a5f7-999f27b0d591.json new file mode 100644 index 00000000000..b0daa60fce1 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ece557e-b251-43b2-a5f7-999f27b0d591.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2e69118-59e8-4960-a695-af1c1bb8da56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ece557e-b251-43b2-a5f7-999f27b0d591", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.698043Z", + "modified": "2023-09-01T00:05:14.698043Z", + "name": "CVE-2023-4678", + "description": "Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f7415ee-a7be-4d12-929b-4c9f97138332.json b/objects/vulnerability/vulnerability--9f7415ee-a7be-4d12-929b-4c9f97138332.json new file mode 100644 index 00000000000..806816bb5e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f7415ee-a7be-4d12-929b-4c9f97138332.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be79152e-f92d-4f92-a253-34ed70cd1f22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f7415ee-a7be-4d12-929b-4c9f97138332", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.271508Z", + "modified": "2023-09-01T00:05:14.271508Z", + "name": "CVE-2023-41642", + "description": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a14998a5-44e0-4f26-acf7-7cd18454f75b.json b/objects/vulnerability/vulnerability--a14998a5-44e0-4f26-acf7-7cd18454f75b.json new file mode 100644 index 00000000000..d7ee34d28c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a14998a5-44e0-4f26-acf7-7cd18454f75b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57a86d24-f261-4ff1-8570-49ca77e47c0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a14998a5-44e0-4f26-acf7-7cd18454f75b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.785482Z", + "modified": "2023-09-01T00:05:14.785482Z", + "name": "CVE-2023-2279", + "description": "The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, modify or delete Directory Kit related posts and terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Partial patches were made avilable in versions 1.2.0 and 1.2.1 but the issue was not fully patched until 1.2.2", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1875085-1333-4fc8-8594-79af20b49d78.json b/objects/vulnerability/vulnerability--a1875085-1333-4fc8-8594-79af20b49d78.json new file mode 100644 index 00000000000..5d8453a2ef1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1875085-1333-4fc8-8594-79af20b49d78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b75c756b-1361-454d-87cf-abbcac9c0e7c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1875085-1333-4fc8-8594-79af20b49d78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.304876Z", + "modified": "2023-09-01T00:05:14.304876Z", + "name": "CVE-2023-41738", + "description": "Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41738" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2c24546-20c2-4a0f-a064-2becd356228a.json b/objects/vulnerability/vulnerability--a2c24546-20c2-4a0f-a064-2becd356228a.json new file mode 100644 index 00000000000..7615a4b0941 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2c24546-20c2-4a0f-a064-2becd356228a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7328ea1a-87e5-47c7-b33f-11f89ffe8176", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2c24546-20c2-4a0f-a064-2becd356228a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.702825Z", + "modified": "2023-09-01T00:05:14.702825Z", + "name": "CVE-2023-4299", + "description": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa39e2e3-9484-4240-93cc-d79c72facb3a.json b/objects/vulnerability/vulnerability--aa39e2e3-9484-4240-93cc-d79c72facb3a.json new file mode 100644 index 00000000000..a84e24461d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--aa39e2e3-9484-4240-93cc-d79c72facb3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47454392-e426-45b2-bfcb-60048c97c121", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa39e2e3-9484-4240-93cc-d79c72facb3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.711549Z", + "modified": "2023-09-01T00:05:14.711549Z", + "name": "CVE-2023-4161", + "description": "The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can trick an admin into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac168bbc-3ebf-41c1-9649-e675ac32ef86.json b/objects/vulnerability/vulnerability--ac168bbc-3ebf-41c1-9649-e675ac32ef86.json new file mode 100644 index 00000000000..7bb578dbba1 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac168bbc-3ebf-41c1-9649-e675ac32ef86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c26420d-d5af-4800-92f9-b3f8ac1a59d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac168bbc-3ebf-41c1-9649-e675ac32ef86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.773672Z", + "modified": "2023-09-01T00:05:13.773672Z", + "name": "CVE-2023-31167", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.\n\n\n\nSEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.\n\n\nThis issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31167" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acb55096-d37f-44c6-a13f-33461f9e3d34.json b/objects/vulnerability/vulnerability--acb55096-d37f-44c6-a13f-33461f9e3d34.json new file mode 100644 index 00000000000..cd7f31d6f7a --- /dev/null +++ b/objects/vulnerability/vulnerability--acb55096-d37f-44c6-a13f-33461f9e3d34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0547900e-132a-4858-89cd-e1935bfc2873", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acb55096-d37f-44c6-a13f-33461f9e3d34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.750935Z", + "modified": "2023-09-01T00:05:13.750935Z", + "name": "CVE-2023-31175", + "description": "\nAn Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--acb9fefb-a96b-4737-ac6e-cc618108371d.json b/objects/vulnerability/vulnerability--acb9fefb-a96b-4737-ac6e-cc618108371d.json new file mode 100644 index 00000000000..2fe3f68e2f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--acb9fefb-a96b-4737-ac6e-cc618108371d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce9ff796-c7a5-45dd-9ef4-fc588663fa69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--acb9fefb-a96b-4737-ac6e-cc618108371d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.404446Z", + "modified": "2023-09-01T00:05:13.404446Z", + "name": "CVE-2023-40188", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b00391ca-7fa1-4b24-a297-6a67cf9e18e0.json b/objects/vulnerability/vulnerability--b00391ca-7fa1-4b24-a297-6a67cf9e18e0.json new file mode 100644 index 00000000000..57c462012f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--b00391ca-7fa1-4b24-a297-6a67cf9e18e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74aab846-7a4d-41c8-af41-b06ec1d7a5a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b00391ca-7fa1-4b24-a297-6a67cf9e18e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.280262Z", + "modified": "2023-09-01T00:05:14.280262Z", + "name": "CVE-2023-41746", + "description": "Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41746" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b40be35f-a299-498b-b7a2-beaa3f5666f8.json b/objects/vulnerability/vulnerability--b40be35f-a299-498b-b7a2-beaa3f5666f8.json new file mode 100644 index 00000000000..b8169668d0d --- /dev/null +++ b/objects/vulnerability/vulnerability--b40be35f-a299-498b-b7a2-beaa3f5666f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5dff14fe-9ddd-4963-869d-955d4a10f0ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b40be35f-a299-498b-b7a2-beaa3f5666f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.276229Z", + "modified": "2023-09-01T00:05:14.276229Z", + "name": "CVE-2023-41640", + "description": "An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b73cbbfa-8c44-4e04-9a62-2fdeefd1005d.json b/objects/vulnerability/vulnerability--b73cbbfa-8c44-4e04-9a62-2fdeefd1005d.json new file mode 100644 index 00000000000..89440f3c1c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--b73cbbfa-8c44-4e04-9a62-2fdeefd1005d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6e1d004-a943-4d33-a6ce-a1aa9a5ae997", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b73cbbfa-8c44-4e04-9a62-2fdeefd1005d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.307215Z", + "modified": "2023-09-01T00:05:14.307215Z", + "name": "CVE-2023-41638", + "description": "An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b823baf5-f2ad-4217-9260-0c99832892bf.json b/objects/vulnerability/vulnerability--b823baf5-f2ad-4217-9260-0c99832892bf.json new file mode 100644 index 00000000000..14722d849be --- /dev/null +++ b/objects/vulnerability/vulnerability--b823baf5-f2ad-4217-9260-0c99832892bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be9f8a29-6c54-4bcd-abfd-dac8aae47016", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b823baf5-f2ad-4217-9260-0c99832892bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.261962Z", + "modified": "2023-09-01T00:05:14.261962Z", + "name": "CVE-2023-41744", + "description": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41744" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8f65582-ddf6-4727-aed6-7ebde464e328.json b/objects/vulnerability/vulnerability--b8f65582-ddf6-4727-aed6-7ebde464e328.json new file mode 100644 index 00000000000..f74c2e82abc --- /dev/null +++ b/objects/vulnerability/vulnerability--b8f65582-ddf6-4727-aed6-7ebde464e328.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9aae087c-893d-4a27-a140-451ba232f323", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8f65582-ddf6-4727-aed6-7ebde464e328", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.303731Z", + "modified": "2023-09-01T00:05:14.303731Z", + "name": "CVE-2023-41748", + "description": "Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41748" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf1523bf-48b0-4c14-bdf3-29c938158a2e.json b/objects/vulnerability/vulnerability--bf1523bf-48b0-4c14-bdf3-29c938158a2e.json new file mode 100644 index 00000000000..718990cc4ba --- /dev/null +++ b/objects/vulnerability/vulnerability--bf1523bf-48b0-4c14-bdf3-29c938158a2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7bd19a57-708b-491e-ab5a-a4c65bbddd95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf1523bf-48b0-4c14-bdf3-29c938158a2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.431483Z", + "modified": "2023-09-01T00:05:13.431483Z", + "name": "CVE-2023-40187", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c566513e-2066-4c62-98d1-cc1a20c90ba3.json b/objects/vulnerability/vulnerability--c566513e-2066-4c62-98d1-cc1a20c90ba3.json new file mode 100644 index 00000000000..b25a333e9f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c566513e-2066-4c62-98d1-cc1a20c90ba3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20054940-1457-4683-8d90-232595a42ecd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c566513e-2066-4c62-98d1-cc1a20c90ba3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.656571Z", + "modified": "2023-09-01T00:05:14.656571Z", + "name": "CVE-2023-4163", + "description": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6670cfc-5c31-4e6f-872f-3155a2529304.json b/objects/vulnerability/vulnerability--c6670cfc-5c31-4e6f-872f-3155a2529304.json new file mode 100644 index 00000000000..8352bafa7c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--c6670cfc-5c31-4e6f-872f-3155a2529304.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--105c8867-edaa-4daf-8237-e1a0badabd2b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6670cfc-5c31-4e6f-872f-3155a2529304", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.623779Z", + "modified": "2023-09-01T00:05:13.623779Z", + "name": "CVE-2023-3162", + "description": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9e5a306-32d3-475d-b446-d15124f6f0c6.json b/objects/vulnerability/vulnerability--c9e5a306-32d3-475d-b446-d15124f6f0c6.json new file mode 100644 index 00000000000..72d94f1a9f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9e5a306-32d3-475d-b446-d15124f6f0c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61941a5c-7e7a-4f02-9efb-6851f5cd64b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9e5a306-32d3-475d-b446-d15124f6f0c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.287159Z", + "modified": "2023-09-01T00:05:14.287159Z", + "name": "CVE-2023-41740", + "description": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d040ef45-d9c4-4d54-8f79-2c798c6b5eeb.json b/objects/vulnerability/vulnerability--d040ef45-d9c4-4d54-8f79-2c798c6b5eeb.json new file mode 100644 index 00000000000..b31c05dc540 --- /dev/null +++ b/objects/vulnerability/vulnerability--d040ef45-d9c4-4d54-8f79-2c798c6b5eeb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e5da22b-8fc2-4ebe-99f0-8375a8c25b7f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d040ef45-d9c4-4d54-8f79-2c798c6b5eeb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.294554Z", + "modified": "2023-09-01T00:05:14.294554Z", + "name": "CVE-2023-41044", + "description": "Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. The data directory for the Support Bundle feature is always `/support-bundle`. Due to the partial path traversal vulnerability, an attacker with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. This vulnerability is fixed in Graylog version 5.1.3 and later. Users are advised to upgrade. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`.\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41044" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d26b13d0-9dd8-469e-a625-a0b726e98bcf.json b/objects/vulnerability/vulnerability--d26b13d0-9dd8-469e-a625-a0b726e98bcf.json new file mode 100644 index 00000000000..45be9c4773a --- /dev/null +++ b/objects/vulnerability/vulnerability--d26b13d0-9dd8-469e-a625-a0b726e98bcf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aae0b8b7-d70e-40c6-8847-c92d4bb72d1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d26b13d0-9dd8-469e-a625-a0b726e98bcf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.30998Z", + "modified": "2023-09-01T00:05:14.30998Z", + "name": "CVE-2023-41745", + "description": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41745" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3df720b-f616-44a9-a7eb-272f9f70c562.json b/objects/vulnerability/vulnerability--d3df720b-f616-44a9-a7eb-272f9f70c562.json new file mode 100644 index 00000000000..792487108f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--d3df720b-f616-44a9-a7eb-272f9f70c562.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0af32933-a6c5-4eb1-a813-c4f33d79ffc5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3df720b-f616-44a9-a7eb-272f9f70c562", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.7416Z", + "modified": "2023-09-01T00:05:13.7416Z", + "name": "CVE-2023-31423", + "description": "Possible\n information exposure through log file vulnerability where sensitive \nfields are recorded in the configuration log without masking on Brocade \nSANnav before v2.3.0 and 2.2.2a. Notes:\n To access the logs, the local attacker must have access to an already collected Brocade SANnav \"supportsave\" \noutputs.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31423" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d55fea01-89bf-4197-b0ec-ebb192dce5e3.json b/objects/vulnerability/vulnerability--d55fea01-89bf-4197-b0ec-ebb192dce5e3.json new file mode 100644 index 00000000000..6f8b961f99c --- /dev/null +++ b/objects/vulnerability/vulnerability--d55fea01-89bf-4197-b0ec-ebb192dce5e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77568ffa-7a63-468e-bb4b-6a43335d2360", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d55fea01-89bf-4197-b0ec-ebb192dce5e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.628636Z", + "modified": "2023-09-01T00:05:13.628636Z", + "name": "CVE-2023-3636", + "description": "The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d602c0ad-195d-4a61-96bd-64f4247ce210.json b/objects/vulnerability/vulnerability--d602c0ad-195d-4a61-96bd-64f4247ce210.json new file mode 100644 index 00000000000..c526a77b696 --- /dev/null +++ b/objects/vulnerability/vulnerability--d602c0ad-195d-4a61-96bd-64f4247ce210.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--959330cf-dff2-4ae6-92fc-70a77b402973", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d602c0ad-195d-4a61-96bd-64f4247ce210", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.660274Z", + "modified": "2023-09-01T00:05:14.660274Z", + "name": "CVE-2023-4654", + "description": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd2bda62-fde6-4d83-8bee-e7ca4570fb57.json b/objects/vulnerability/vulnerability--dd2bda62-fde6-4d83-8bee-e7ca4570fb57.json new file mode 100644 index 00000000000..2af66db5339 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd2bda62-fde6-4d83-8bee-e7ca4570fb57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0491bb42-6331-40e0-8543-093bcf1b1001", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd2bda62-fde6-4d83-8bee-e7ca4570fb57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.668845Z", + "modified": "2023-09-01T00:05:14.668845Z", + "name": "CVE-2023-4471", + "description": "The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4471" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7426e44-5fe1-4c08-bdbd-109f03fa6947.json b/objects/vulnerability/vulnerability--e7426e44-5fe1-4c08-bdbd-109f03fa6947.json new file mode 100644 index 00000000000..e418bc6dfa4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e7426e44-5fe1-4c08-bdbd-109f03fa6947.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad5ceedd-3f6d-4a7d-a3fc-b3bb323a4f00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7426e44-5fe1-4c08-bdbd-109f03fa6947", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.66308Z", + "modified": "2023-09-01T00:05:13.66308Z", + "name": "CVE-2023-3999", + "description": "The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3999" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8e2d32d-92df-4113-a785-51730b725122.json b/objects/vulnerability/vulnerability--e8e2d32d-92df-4113-a785-51730b725122.json new file mode 100644 index 00000000000..fefdc5034a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8e2d32d-92df-4113-a785-51730b725122.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3e0b0afe-c3b0-49bb-8488-01405cefc89b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8e2d32d-92df-4113-a785-51730b725122", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.422431Z", + "modified": "2023-09-01T00:05:13.422431Z", + "name": "CVE-2023-40574", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea2318b0-1fba-4584-b9f6-46a4577da8e4.json b/objects/vulnerability/vulnerability--ea2318b0-1fba-4584-b9f6-46a4577da8e4.json new file mode 100644 index 00000000000..0b1f03393e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea2318b0-1fba-4584-b9f6-46a4577da8e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e673c89a-dbaf-4917-a3d7-97f76bd859db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea2318b0-1fba-4584-b9f6-46a4577da8e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.758795Z", + "modified": "2023-09-01T00:05:13.758795Z", + "name": "CVE-2023-31925", + "description": "Brocade\n SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords\n in plaintext. A privileged user could retrieve these credentials with \nknowledge and access to these log files. SNMP \ncredentials could be seen in SANnav SupportSave if the capture is \nperformed after an SNMP configuration failure causes an SNMP \ncommunication log dump.\n\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-31925" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edea5971-3a89-4bf3-be95-b7e13457c254.json b/objects/vulnerability/vulnerability--edea5971-3a89-4bf3-be95-b7e13457c254.json new file mode 100644 index 00000000000..493bf07bc09 --- /dev/null +++ b/objects/vulnerability/vulnerability--edea5971-3a89-4bf3-be95-b7e13457c254.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b09503a-5fc5-4468-b747-d51bcecf398c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edea5971-3a89-4bf3-be95-b7e13457c254", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.710786Z", + "modified": "2023-09-01T00:05:13.710786Z", + "name": "CVE-2023-39912", + "description": "Zoho ManageEngine ADManager Plus through 7202 allows admin users to download any file from the server machine via directory traversal.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39912" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efd70bfb-d98b-4dbb-8b36-b820e2decc22.json b/objects/vulnerability/vulnerability--efd70bfb-d98b-4dbb-8b36-b820e2decc22.json new file mode 100644 index 00000000000..2349751c3c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--efd70bfb-d98b-4dbb-8b36-b820e2decc22.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3bef559-07c9-4ae7-9a5e-475c3a5c715f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efd70bfb-d98b-4dbb-8b36-b820e2decc22", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.269801Z", + "modified": "2023-09-01T00:05:14.269801Z", + "name": "CVE-2023-41742", + "description": "Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41742" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0cfc2e5-285d-4234-9c8f-2df9041ca221.json b/objects/vulnerability/vulnerability--f0cfc2e5-285d-4234-9c8f-2df9041ca221.json new file mode 100644 index 00000000000..3e5ad156cf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0cfc2e5-285d-4234-9c8f-2df9041ca221.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e956d3a0-b7cd-4615-979d-2ae7af0957af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0cfc2e5-285d-4234-9c8f-2df9041ca221", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.79023Z", + "modified": "2023-09-01T00:05:14.79023Z", + "name": "CVE-2023-2354", + "description": "The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2354" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f19f4c51-c509-4aa7-a5c8-ece0d34e0ae1.json b/objects/vulnerability/vulnerability--f19f4c51-c509-4aa7-a5c8-ece0d34e0ae1.json new file mode 100644 index 00000000000..7b625c92d27 --- /dev/null +++ b/objects/vulnerability/vulnerability--f19f4c51-c509-4aa7-a5c8-ece0d34e0ae1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--30c3f2bc-a909-46f3-9052-ac5a6da0fb24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f19f4c51-c509-4aa7-a5c8-ece0d34e0ae1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.713251Z", + "modified": "2023-09-01T00:05:14.713251Z", + "name": "CVE-2023-4649", + "description": "Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f20be235-9447-4110-97a5-0176e99484d0.json b/objects/vulnerability/vulnerability--f20be235-9447-4110-97a5-0176e99484d0.json new file mode 100644 index 00000000000..3de67a655f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--f20be235-9447-4110-97a5-0176e99484d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15121231-d3a8-4c6e-9c20-1a47ff50bf89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f20be235-9447-4110-97a5-0176e99484d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.831868Z", + "modified": "2023-09-01T00:05:14.831868Z", + "name": "CVE-2023-2171", + "description": "The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-2171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2119d7a-cc1f-43f5-9e6a-27c1c5ac5f0a.json b/objects/vulnerability/vulnerability--f2119d7a-cc1f-43f5-9e6a-27c1c5ac5f0a.json new file mode 100644 index 00000000000..214a36b9727 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2119d7a-cc1f-43f5-9e6a-27c1c5ac5f0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cd9602d-3740-4532-bdef-ecf3dee281b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2119d7a-cc1f-43f5-9e6a-27c1c5ac5f0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:14.672658Z", + "modified": "2023-09-01T00:05:14.672658Z", + "name": "CVE-2023-4681", + "description": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-4681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4b04b0b-f913-4f3d-ba19-0e09575ffdc3.json b/objects/vulnerability/vulnerability--f4b04b0b-f913-4f3d-ba19-0e09575ffdc3.json new file mode 100644 index 00000000000..25c1b1fff27 --- /dev/null +++ b/objects/vulnerability/vulnerability--f4b04b0b-f913-4f3d-ba19-0e09575ffdc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52efcd90-c04f-4baa-8fa1-7a33cdd3edfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4b04b0b-f913-4f3d-ba19-0e09575ffdc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.639014Z", + "modified": "2023-09-01T00:05:13.639014Z", + "name": "CVE-2023-3677", + "description": "The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-3677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f61e395a-54ca-4ce0-ba2a-dde9f035df6e.json b/objects/vulnerability/vulnerability--f61e395a-54ca-4ce0-ba2a-dde9f035df6e.json new file mode 100644 index 00000000000..351f0f3cae5 --- /dev/null +++ b/objects/vulnerability/vulnerability--f61e395a-54ca-4ce0-ba2a-dde9f035df6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4ffc9ff-ce51-494c-9d54-4d7398e085a5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f61e395a-54ca-4ce0-ba2a-dde9f035df6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2023-09-01T00:05:13.59689Z", + "modified": "2023-09-01T00:05:13.59689Z", + "name": "CVE-2023-28801", + "description": "An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r.\n\n", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-28801" + } + ] + } + ] +} \ No newline at end of file