diff --git a/mapping.csv b/mapping.csv index fbbce78d34..4ed5eb54b6 100644 --- a/mapping.csv +++ b/mapping.csv @@ -257716,3 +257716,19 @@ vulnerability,CVE-2024-11632,vulnerability--b6488871-884d-45bf-85ad-6bc82c244449 vulnerability,CVE-2024-41761,vulnerability--622b7f15-930f-48ab-939a-c8c2c9c429ee vulnerability,CVE-2024-35160,vulnerability--647b2dbf-0720-497d-bfab-097ae6abaffc vulnerability,CVE-2023-7299,vulnerability--24bd3d51-5c62-450d-84ed-ce298c1f2e84 +vulnerability,CVE-2024-11646,vulnerability--4791e489-a2dc-4aba-b548-dbdce46e3df3 +vulnerability,CVE-2024-11666,vulnerability--9f50918e-9c58-4c26-a809-66a705e1fb63 +vulnerability,CVE-2024-11233,vulnerability--8c07b78b-ae3e-421f-9949-ba1bb5c145f5 +vulnerability,CVE-2024-11665,vulnerability--0091e9bc-ca6f-4664-ac61-42b8736c4117 +vulnerability,CVE-2024-11234,vulnerability--e8e3c7cf-6c17-4d80-9c99-abc652e98ea9 +vulnerability,CVE-2024-11236,vulnerability--7f5734aa-26c0-4479-98d9-3ce11a11a161 +vulnerability,CVE-2024-53901,vulnerability--27d5b14a-2ad9-4acc-bf4c-b15122607a5c +vulnerability,CVE-2024-53910,vulnerability--d07c7adf-d61f-4fa4-a977-8a5128f8edcf +vulnerability,CVE-2024-53912,vulnerability--7a03f6c5-fa8a-4a24-9549-e751b968795b +vulnerability,CVE-2024-53909,vulnerability--7a526400-1ad7-4391-9e62-99e2bf697b64 +vulnerability,CVE-2024-53916,vulnerability--55aae21f-b270-4826-9886-b6e9f95ac9c9 +vulnerability,CVE-2024-53913,vulnerability--a71edf13-88bb-4969-92fc-8a65b9113d21 +vulnerability,CVE-2024-53914,vulnerability--194a23bd-a96a-4dbe-a529-f86eb59f0e65 +vulnerability,CVE-2024-53911,vulnerability--a6388eeb-cafa-4457-bcdd-6048d12691fe +vulnerability,CVE-2024-53915,vulnerability--6c5ea399-bbe7-46d7-839c-49da552c067d +vulnerability,CVE-2024-53899,vulnerability--80ffad9c-8c85-40ee-a525-acfc49eceacd diff --git a/objects/vulnerability/vulnerability--0091e9bc-ca6f-4664-ac61-42b8736c4117.json b/objects/vulnerability/vulnerability--0091e9bc-ca6f-4664-ac61-42b8736c4117.json new file mode 100644 index 0000000000..de44ed555a --- /dev/null +++ b/objects/vulnerability/vulnerability--0091e9bc-ca6f-4664-ac61-42b8736c4117.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e894988b-74eb-4e03-989c-355d77e037f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0091e9bc-ca6f-4664-ac61-42b8736c4117", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.195839Z", + "modified": "2024-11-25T00:22:41.195839Z", + "name": "CVE-2024-11665", + "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--194a23bd-a96a-4dbe-a529-f86eb59f0e65.json b/objects/vulnerability/vulnerability--194a23bd-a96a-4dbe-a529-f86eb59f0e65.json new file mode 100644 index 0000000000..e264198a61 --- /dev/null +++ b/objects/vulnerability/vulnerability--194a23bd-a96a-4dbe-a529-f86eb59f0e65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21ef07c0-3dc6-4945-a635-eab705baa56c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--194a23bd-a96a-4dbe-a529-f86eb59f0e65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.478749Z", + "modified": "2024-11-25T00:22:41.478749Z", + "name": "CVE-2024-53914", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53914" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27d5b14a-2ad9-4acc-bf4c-b15122607a5c.json b/objects/vulnerability/vulnerability--27d5b14a-2ad9-4acc-bf4c-b15122607a5c.json new file mode 100644 index 0000000000..cad2c259c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--27d5b14a-2ad9-4acc-bf4c-b15122607a5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a46ecd1-bc86-4a72-a879-3d3f184aad90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27d5b14a-2ad9-4acc-bf4c-b15122607a5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.449448Z", + "modified": "2024-11-25T00:22:41.449448Z", + "name": "CVE-2024-53901", + "description": "The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4791e489-a2dc-4aba-b548-dbdce46e3df3.json b/objects/vulnerability/vulnerability--4791e489-a2dc-4aba-b548-dbdce46e3df3.json new file mode 100644 index 0000000000..ff24e5fc7c --- /dev/null +++ b/objects/vulnerability/vulnerability--4791e489-a2dc-4aba-b548-dbdce46e3df3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ebc4e6a-4aed-4267-8ccc-24f2f1205547", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4791e489-a2dc-4aba-b548-dbdce46e3df3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.171674Z", + "modified": "2024-11-25T00:22:41.171674Z", + "name": "CVE-2024-11646", + "description": "A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55aae21f-b270-4826-9886-b6e9f95ac9c9.json b/objects/vulnerability/vulnerability--55aae21f-b270-4826-9886-b6e9f95ac9c9.json new file mode 100644 index 0000000000..d48448e449 --- /dev/null +++ b/objects/vulnerability/vulnerability--55aae21f-b270-4826-9886-b6e9f95ac9c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90bbeff6-0360-41d1-91ab-55d4e67d7f5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55aae21f-b270-4826-9886-b6e9f95ac9c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.468167Z", + "modified": "2024-11-25T00:22:41.468167Z", + "name": "CVE-2024-53916", + "description": "In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the \"Work in Progress\" status as of 2024-11-24.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53916" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c5ea399-bbe7-46d7-839c-49da552c067d.json b/objects/vulnerability/vulnerability--6c5ea399-bbe7-46d7-839c-49da552c067d.json new file mode 100644 index 0000000000..280af35abf --- /dev/null +++ b/objects/vulnerability/vulnerability--6c5ea399-bbe7-46d7-839c-49da552c067d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b186f3df-b639-4530-aaa0-04e031e150a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c5ea399-bbe7-46d7-839c-49da552c067d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.481645Z", + "modified": "2024-11-25T00:22:41.481645Z", + "name": "CVE-2024-53915", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53915" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a03f6c5-fa8a-4a24-9549-e751b968795b.json b/objects/vulnerability/vulnerability--7a03f6c5-fa8a-4a24-9549-e751b968795b.json new file mode 100644 index 0000000000..69015b2ee1 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a03f6c5-fa8a-4a24-9549-e751b968795b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--278998c5-cda9-4197-a33a-9199896dc0f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a03f6c5-fa8a-4a24-9549-e751b968795b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.452371Z", + "modified": "2024-11-25T00:22:41.452371Z", + "name": "CVE-2024-53912", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53912" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a526400-1ad7-4391-9e62-99e2bf697b64.json b/objects/vulnerability/vulnerability--7a526400-1ad7-4391-9e62-99e2bf697b64.json new file mode 100644 index 0000000000..2a6d9b1002 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a526400-1ad7-4391-9e62-99e2bf697b64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b72acc45-636c-4a07-b198-1b44654a9bfd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a526400-1ad7-4391-9e62-99e2bf697b64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.461777Z", + "modified": "2024-11-25T00:22:41.461777Z", + "name": "CVE-2024-53909", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53909" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f5734aa-26c0-4479-98d9-3ce11a11a161.json b/objects/vulnerability/vulnerability--7f5734aa-26c0-4479-98d9-3ce11a11a161.json new file mode 100644 index 0000000000..0d2fabc123 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f5734aa-26c0-4479-98d9-3ce11a11a161.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08013391-db22-4bc4-94bb-2c2ac6f8660a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f5734aa-26c0-4479-98d9-3ce11a11a161", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.205237Z", + "modified": "2024-11-25T00:22:41.205237Z", + "name": "CVE-2024-11236", + "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80ffad9c-8c85-40ee-a525-acfc49eceacd.json b/objects/vulnerability/vulnerability--80ffad9c-8c85-40ee-a525-acfc49eceacd.json new file mode 100644 index 0000000000..706920fbca --- /dev/null +++ b/objects/vulnerability/vulnerability--80ffad9c-8c85-40ee-a525-acfc49eceacd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c9184a80-3109-42b8-9ce6-068d2863ddd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80ffad9c-8c85-40ee-a525-acfc49eceacd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.482856Z", + "modified": "2024-11-25T00:22:41.482856Z", + "name": "CVE-2024-53899", + "description": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c07b78b-ae3e-421f-9949-ba1bb5c145f5.json b/objects/vulnerability/vulnerability--8c07b78b-ae3e-421f-9949-ba1bb5c145f5.json new file mode 100644 index 0000000000..1dfd8ec4bf --- /dev/null +++ b/objects/vulnerability/vulnerability--8c07b78b-ae3e-421f-9949-ba1bb5c145f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86fda007-1c39-4112-a6a8-85719972c5bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c07b78b-ae3e-421f-9949-ba1bb5c145f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.186704Z", + "modified": "2024-11-25T00:22:41.186704Z", + "name": "CVE-2024-11233", + "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f50918e-9c58-4c26-a809-66a705e1fb63.json b/objects/vulnerability/vulnerability--9f50918e-9c58-4c26-a809-66a705e1fb63.json new file mode 100644 index 0000000000..a362593e30 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f50918e-9c58-4c26-a809-66a705e1fb63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8eef6fb8-a84f-4bb9-880c-78e01ab79fdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f50918e-9c58-4c26-a809-66a705e1fb63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.180886Z", + "modified": "2024-11-25T00:22:41.180886Z", + "name": "CVE-2024-11666", + "description": "Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users  suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.\n\nThis issue affects cph2_echarge_firmware: through 2.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11666" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6388eeb-cafa-4457-bcdd-6048d12691fe.json b/objects/vulnerability/vulnerability--a6388eeb-cafa-4457-bcdd-6048d12691fe.json new file mode 100644 index 0000000000..3234fea97c --- /dev/null +++ b/objects/vulnerability/vulnerability--a6388eeb-cafa-4457-bcdd-6048d12691fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3b3a9e1-135e-4984-8b51-155471d125d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6388eeb-cafa-4457-bcdd-6048d12691fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.479973Z", + "modified": "2024-11-25T00:22:41.479973Z", + "name": "CVE-2024-53911", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53911" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a71edf13-88bb-4969-92fc-8a65b9113d21.json b/objects/vulnerability/vulnerability--a71edf13-88bb-4969-92fc-8a65b9113d21.json new file mode 100644 index 0000000000..b8fbe0268f --- /dev/null +++ b/objects/vulnerability/vulnerability--a71edf13-88bb-4969-92fc-8a65b9113d21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd68288f-537f-4335-b6c7-036eb3186665", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a71edf13-88bb-4969-92fc-8a65b9113d21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.475423Z", + "modified": "2024-11-25T00:22:41.475423Z", + "name": "CVE-2024-53913", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53913" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d07c7adf-d61f-4fa4-a977-8a5128f8edcf.json b/objects/vulnerability/vulnerability--d07c7adf-d61f-4fa4-a977-8a5128f8edcf.json new file mode 100644 index 0000000000..a6f2d22c04 --- /dev/null +++ b/objects/vulnerability/vulnerability--d07c7adf-d61f-4fa4-a977-8a5128f8edcf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5109c5c-3f54-44ad-b01c-2f1d3421aa49", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d07c7adf-d61f-4fa4-a977-8a5128f8edcf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.450825Z", + "modified": "2024-11-25T00:22:41.450825Z", + "name": "CVE-2024-53910", + "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8e3c7cf-6c17-4d80-9c99-abc652e98ea9.json b/objects/vulnerability/vulnerability--e8e3c7cf-6c17-4d80-9c99-abc652e98ea9.json new file mode 100644 index 0000000000..ef3f19e6d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8e3c7cf-6c17-4d80-9c99-abc652e98ea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7faa5645-b463-4712-9a62-166f8155c491", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8e3c7cf-6c17-4d80-9c99-abc652e98ea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-25T00:22:41.203633Z", + "modified": "2024-11-25T00:22:41.203633Z", + "name": "CVE-2024-11234", + "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11234" + } + ] + } + ] +} \ No newline at end of file