From 2ab0cc0142e471ac624911b89bb054c060d43f8f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 00:19:24 +0000 Subject: [PATCH] generated content from 2025-01-30 --- mapping.csv | 71 +++++++++++++++++++ ...-010eb10e-881f-46c6-a6ac-f71b936364c8.json | 22 ++++++ ...-03d0be12-d661-46e9-84f2-22b2b3511cef.json | 22 ++++++ ...-0f945940-fd9c-4250-b92e-dbdef99d0949.json | 22 ++++++ ...-112fb592-e91f-41a8-b43c-847d8840e58a.json | 22 ++++++ ...-144d90c4-5e11-4b15-ad39-47b41d498bb5.json | 22 ++++++ ...-146dfdc2-48fa-4a3f-95ab-6a437ba953b8.json | 22 ++++++ ...-14cf20bd-f6a6-4d78-a967-db0497ff21d6.json | 22 ++++++ ...-15dc676b-3654-41e2-8dc8-b697a8a74ed3.json | 22 ++++++ ...-18b18c7b-9f1f-4cc7-80e7-9591d258d1a4.json | 22 ++++++ ...-19c32296-0354-4f17-88f9-fc62f9508eb3.json | 22 ++++++ ...-22f99bda-88e9-400c-adee-6e4d2e230ab0.json | 22 ++++++ ...-2303f30d-c9c0-4ccc-a71f-81dcbbf90af1.json | 22 ++++++ ...-293e9954-316b-4986-9160-d5a67ed003c6.json | 22 ++++++ ...-29ef3689-ddc6-43c5-b713-bff830ab0c87.json | 22 ++++++ ...-2e1ba8c5-986a-41be-856e-38469e5ee692.json | 22 ++++++ ...-36e1e4b8-f6e4-4349-a4d9-65fbd644c469.json | 22 ++++++ ...-39f10dc5-2918-44dd-a109-8fafbed8dc26.json | 22 ++++++ ...-3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693.json | 22 ++++++ ...-3e4efaf9-2073-441a-a360-a3dbc04cf453.json | 22 ++++++ ...-3e827318-0e2b-4d99-8aac-1730763b016f.json | 22 ++++++ ...-424951a8-70a3-4666-814d-2e9a6481c8b2.json | 22 ++++++ ...-42b1654e-3a85-4193-9c03-ea8b2f1c9c67.json | 22 ++++++ ...-43137e27-7c4a-41a3-889b-c3613af15307.json | 22 ++++++ ...-44d4c44a-d83c-48f7-8415-81c6ccc2b3e8.json | 22 ++++++ ...-47ad921c-9308-436f-bc0b-47ce3bf1c151.json | 22 ++++++ ...-489fa6cb-110e-4df2-9a11-f2311c4e6043.json | 22 ++++++ ...-4c4fe1f7-886d-4bda-87f8-65da89da9287.json | 22 ++++++ ...-4e138669-5eed-4dbf-82c2-c9d31246a991.json | 22 ++++++ ...-51f7f7a6-4e9c-423b-9dab-f069091d768b.json | 22 ++++++ ...-5acd634d-9e87-4c37-b2e8-437404c472fb.json | 22 ++++++ ...-5d9c2980-a492-44d3-ba3b-f8675287abcf.json | 22 ++++++ ...-6831a6bc-df78-4845-8ff8-b408d9c0efae.json | 22 ++++++ ...-6938acf1-bddc-415a-982e-8c91a49fc9fa.json | 22 ++++++ ...-699f374d-9d3d-4999-98c9-32c079f93183.json | 22 ++++++ ...-6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c.json | 22 ++++++ ...-7123c975-5828-4206-b8a3-ea85b51d1f20.json | 22 ++++++ ...-7329cdfe-9a4f-42b6-8a45-4651a20bf7b1.json | 22 ++++++ ...-74723deb-8b58-4107-862b-28075a776359.json | 22 ++++++ ...-78b530c1-b8ab-43c3-9f9f-1603f504da3b.json | 22 ++++++ ...-825fc663-2fce-4f06-bfab-b48e02546ea5.json | 22 ++++++ ...-854c1d57-2573-4c95-82fe-b9dd2d452470.json | 22 ++++++ ...-867f08b4-2e86-4390-a31e-abb9b0f4b308.json | 22 ++++++ ...-87717ed5-271e-41b8-8dfc-a8bd2f54bb75.json | 22 ++++++ ...-8b926aa0-ef43-474e-8aee-cc3a54b90852.json | 22 ++++++ ...-8f077954-cb1b-4621-a519-04b64e49b944.json | 22 ++++++ ...-926919bd-42b9-4983-8cd1-12f391ae91dd.json | 22 ++++++ ...-96af1df9-f53f-4451-ba74-ac29adde11ac.json | 22 ++++++ ...-96c7bbce-92a4-4dd1-b806-79e1c6b0bff6.json | 22 ++++++ ...-990fc8c5-1354-4a3d-90ad-f84ce21e3ec7.json | 22 ++++++ ...-a0de6edb-776f-4525-ba46-0075cbf712a0.json | 22 ++++++ ...-a1b23a7f-7bd3-4f11-8aef-12c1668b13ea.json | 22 ++++++ ...-a5581176-0b13-40d4-9048-6af2655c9fa2.json | 22 ++++++ ...-ae72d079-5688-47c3-a10f-f0d0b9a857f4.json | 22 ++++++ ...-aecd7a2e-2095-49fe-a1c7-08c0aacd8442.json | 22 ++++++ ...-b2b61e84-bff5-4041-86f5-1f6f3d1e9095.json | 22 ++++++ ...-b6352885-d4ef-45ec-9db4-92c81c704b95.json | 22 ++++++ ...-bbf028f4-153a-4c56-91a4-7b6c4d3311a0.json | 22 ++++++ ...-c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1.json | 22 ++++++ ...-c9c64ecf-f33a-44bc-9ecc-100d44176ef9.json | 22 ++++++ ...-cdd54ffb-6412-4e38-b21d-170b0e707f44.json | 22 ++++++ ...-cf2314c2-5b43-4c54-b513-2183fee1c622.json | 22 ++++++ ...-cfe6c8c4-0084-40c6-81b1-c2460789c094.json | 22 ++++++ ...-d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6.json | 22 ++++++ ...-d45cad06-dd79-4f99-8489-6027d5411b0c.json | 22 ++++++ ...-d5cd6951-d054-411c-9033-5c008def7d4a.json | 22 ++++++ ...-d8076c5f-0901-45ac-be78-5a09cd1a1e24.json | 22 ++++++ ...-d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55.json | 22 ++++++ ...-daa13730-9e74-4cfa-8a75-22332c18553d.json | 22 ++++++ ...-e1473664-1729-4468-8efc-d00e67bfca77.json | 22 ++++++ ...-e1b4419b-aec4-4dcb-a986-509c257fd116.json | 22 ++++++ ...-e8a92744-69b7-414f-bb7c-37c5c3f13d5e.json | 22 ++++++ 72 files changed, 1633 insertions(+) create mode 100644 objects/vulnerability/vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8.json create mode 100644 objects/vulnerability/vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef.json create mode 100644 objects/vulnerability/vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949.json create mode 100644 objects/vulnerability/vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a.json create mode 100644 objects/vulnerability/vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5.json create mode 100644 objects/vulnerability/vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8.json create mode 100644 objects/vulnerability/vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6.json create mode 100644 objects/vulnerability/vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3.json create mode 100644 objects/vulnerability/vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4.json create mode 100644 objects/vulnerability/vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3.json create mode 100644 objects/vulnerability/vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0.json create mode 100644 objects/vulnerability/vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1.json create mode 100644 objects/vulnerability/vulnerability--293e9954-316b-4986-9160-d5a67ed003c6.json create mode 100644 objects/vulnerability/vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87.json create mode 100644 objects/vulnerability/vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692.json create mode 100644 objects/vulnerability/vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469.json create mode 100644 objects/vulnerability/vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26.json create mode 100644 objects/vulnerability/vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693.json create mode 100644 objects/vulnerability/vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453.json create mode 100644 objects/vulnerability/vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f.json create mode 100644 objects/vulnerability/vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2.json create mode 100644 objects/vulnerability/vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67.json create mode 100644 objects/vulnerability/vulnerability--43137e27-7c4a-41a3-889b-c3613af15307.json create mode 100644 objects/vulnerability/vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8.json create mode 100644 objects/vulnerability/vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151.json create mode 100644 objects/vulnerability/vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043.json create mode 100644 objects/vulnerability/vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287.json create mode 100644 objects/vulnerability/vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991.json create mode 100644 objects/vulnerability/vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b.json create mode 100644 objects/vulnerability/vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb.json create mode 100644 objects/vulnerability/vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf.json create mode 100644 objects/vulnerability/vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae.json create mode 100644 objects/vulnerability/vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa.json create mode 100644 objects/vulnerability/vulnerability--699f374d-9d3d-4999-98c9-32c079f93183.json create mode 100644 objects/vulnerability/vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c.json create mode 100644 objects/vulnerability/vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20.json create mode 100644 objects/vulnerability/vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1.json create mode 100644 objects/vulnerability/vulnerability--74723deb-8b58-4107-862b-28075a776359.json create mode 100644 objects/vulnerability/vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b.json create mode 100644 objects/vulnerability/vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5.json create mode 100644 objects/vulnerability/vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470.json create mode 100644 objects/vulnerability/vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308.json create mode 100644 objects/vulnerability/vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75.json create mode 100644 objects/vulnerability/vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852.json create mode 100644 objects/vulnerability/vulnerability--8f077954-cb1b-4621-a519-04b64e49b944.json create mode 100644 objects/vulnerability/vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd.json create mode 100644 objects/vulnerability/vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac.json create mode 100644 objects/vulnerability/vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6.json create mode 100644 objects/vulnerability/vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7.json create mode 100644 objects/vulnerability/vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0.json create mode 100644 objects/vulnerability/vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea.json create mode 100644 objects/vulnerability/vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2.json create mode 100644 objects/vulnerability/vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4.json create mode 100644 objects/vulnerability/vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442.json create mode 100644 objects/vulnerability/vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095.json create mode 100644 objects/vulnerability/vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95.json create mode 100644 objects/vulnerability/vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0.json create mode 100644 objects/vulnerability/vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1.json create mode 100644 objects/vulnerability/vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9.json create mode 100644 objects/vulnerability/vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44.json create mode 100644 objects/vulnerability/vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622.json create mode 100644 objects/vulnerability/vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094.json create mode 100644 objects/vulnerability/vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6.json create mode 100644 objects/vulnerability/vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c.json create mode 100644 objects/vulnerability/vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a.json create mode 100644 objects/vulnerability/vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24.json create mode 100644 objects/vulnerability/vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55.json create mode 100644 objects/vulnerability/vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d.json create mode 100644 objects/vulnerability/vulnerability--e1473664-1729-4468-8efc-d00e67bfca77.json create mode 100644 objects/vulnerability/vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116.json create mode 100644 objects/vulnerability/vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e.json diff --git a/mapping.csv b/mapping.csv index 37287f0e780..876e3e1cd8f 100644 --- a/mapping.csv +++ b/mapping.csv @@ -265519,3 +265519,74 @@ vulnerability,CVE-2025-0783,vulnerability--bb77c8e8-19a5-4bb9-8dd2-6ad27dc0a9b9 vulnerability,CVE-2025-0786,vulnerability--154f53f0-1669-4b78-ba08-5d1c5b0fca3d vulnerability,CVE-2017-13318,vulnerability--5fca670a-5d8c-47a7-b35d-f464513c0bb5 vulnerability,CVE-2017-13317,vulnerability--3bca6861-fd37-4dea-93c4-109e74dac8c0 +vulnerability,CVE-2024-12705,vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095 +vulnerability,CVE-2024-12749,vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991 +vulnerability,CVE-2024-54851,vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7 +vulnerability,CVE-2024-54852,vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116 +vulnerability,CVE-2024-54461,vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094 +vulnerability,CVE-2024-54462,vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c +vulnerability,CVE-2024-10001,vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4 +vulnerability,CVE-2024-57510,vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3 +vulnerability,CVE-2024-57395,vulnerability--8f077954-cb1b-4621-a519-04b64e49b944 +vulnerability,CVE-2024-57437,vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1 +vulnerability,CVE-2024-57438,vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622 +vulnerability,CVE-2024-57439,vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44 +vulnerability,CVE-2024-57513,vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b +vulnerability,CVE-2024-57509,vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef +vulnerability,CVE-2024-57665,vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e +vulnerability,CVE-2024-57965,vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0 +vulnerability,CVE-2024-57436,vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8 +vulnerability,CVE-2024-13696,vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693 +vulnerability,CVE-2024-13561,vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c +vulnerability,CVE-2024-51182,vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0 +vulnerability,CVE-2024-23733,vulnerability--43137e27-7c4a-41a3-889b-c3613af15307 +vulnerability,CVE-2024-7695,vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5 +vulnerability,CVE-2024-48849,vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a +vulnerability,CVE-2024-48852,vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75 +vulnerability,CVE-2024-48761,vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24 +vulnerability,CVE-2024-41140,vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf +vulnerability,CVE-2024-11187,vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b +vulnerability,CVE-2023-33838,vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac +vulnerability,CVE-2023-35017,vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949 +vulnerability,CVE-2023-35907,vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8 +vulnerability,CVE-2023-37413,vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa +vulnerability,CVE-2023-37398,vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5 +vulnerability,CVE-2023-37412,vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442 +vulnerability,CVE-2025-21396,vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55 +vulnerability,CVE-2025-21415,vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f +vulnerability,CVE-2025-23362,vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a +vulnerability,CVE-2025-24790,vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae +vulnerability,CVE-2025-24789,vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d +vulnerability,CVE-2025-24374,vulnerability--e1473664-1729-4468-8efc-d00e67bfca77 +vulnerability,CVE-2025-24793,vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469 +vulnerability,CVE-2025-24788,vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287 +vulnerability,CVE-2025-24791,vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87 +vulnerability,CVE-2025-24795,vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2 +vulnerability,CVE-2025-24884,vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6 +vulnerability,CVE-2025-24792,vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb +vulnerability,CVE-2025-24527,vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3 +vulnerability,CVE-2025-24794,vulnerability--74723deb-8b58-4107-862b-28075a776359 +vulnerability,CVE-2025-24882,vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4 +vulnerability,CVE-2025-0792,vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453 +vulnerability,CVE-2025-0803,vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2 +vulnerability,CVE-2025-0804,vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470 +vulnerability,CVE-2025-0841,vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1 +vulnerability,CVE-2025-0843,vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308 +vulnerability,CVE-2025-0851,vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95 +vulnerability,CVE-2025-0353,vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6 +vulnerability,CVE-2025-0797,vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1 +vulnerability,CVE-2025-0802,vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151 +vulnerability,CVE-2025-0762,vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20 +vulnerability,CVE-2025-0840,vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692 +vulnerability,CVE-2025-0844,vulnerability--699f374d-9d3d-4999-98c9-32c079f93183 +vulnerability,CVE-2025-0793,vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8 +vulnerability,CVE-2025-0800,vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd +vulnerability,CVE-2025-0842,vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67 +vulnerability,CVE-2025-0798,vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043 +vulnerability,CVE-2025-0795,vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0 +vulnerability,CVE-2025-0617,vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26 +vulnerability,CVE-2025-0794,vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9 +vulnerability,CVE-2025-0806,vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6 +vulnerability,CVE-2025-20014,vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852 +vulnerability,CVE-2025-20061,vulnerability--293e9954-316b-4986-9160-d5a67ed003c6 +vulnerability,CVE-2021-3978,vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea diff --git a/objects/vulnerability/vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8.json b/objects/vulnerability/vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8.json new file mode 100644 index 00000000000..7d84d11c2aa --- /dev/null +++ b/objects/vulnerability/vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81d75bb3-54ea-44db-a86d-e1c60595e7f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--010eb10e-881f-46c6-a6ac-f71b936364c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:01.154989Z", + "modified": "2025-01-30T00:19:01.154989Z", + "name": "CVE-2023-35907", + "description": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35907" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef.json b/objects/vulnerability/vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef.json new file mode 100644 index 00000000000..9d3590e34f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c88914b-4ffd-4cd9-ab9e-3f4cc189e629", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03d0be12-d661-46e9-84f2-22b2b3511cef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.901674Z", + "modified": "2025-01-30T00:18:55.901674Z", + "name": "CVE-2024-57509", + "description": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949.json b/objects/vulnerability/vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949.json new file mode 100644 index 00000000000..56347d0b355 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc5bc4ac-9785-4cd8-a124-d609a51a9b63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f945940-fd9c-4250-b92e-dbdef99d0949", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:01.116558Z", + "modified": "2025-01-30T00:19:01.116558Z", + "name": "CVE-2023-35017", + "description": "IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a.json b/objects/vulnerability/vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a.json new file mode 100644 index 00000000000..203564ca554 --- /dev/null +++ b/objects/vulnerability/vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34a31330-20df-4e2e-8ea8-94978aded75c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--112fb592-e91f-41a8-b43c-847d8840e58a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.763031Z", + "modified": "2025-01-30T00:19:05.763031Z", + "name": "CVE-2025-23362", + "description": "The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as vulnerable. According to the vendor, the product has been refactored after those old versions and the version 3.0.1 is not vulnerable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23362" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5.json b/objects/vulnerability/vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5.json new file mode 100644 index 00000000000..f512db9e401 --- /dev/null +++ b/objects/vulnerability/vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78623c44-6569-4b44-9e69-4089acc81c5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--144d90c4-5e11-4b15-ad39-47b41d498bb5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:56.906556Z", + "modified": "2025-01-30T00:18:56.906556Z", + "name": "CVE-2024-7695", + "description": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \n\nThis vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8.json b/objects/vulnerability/vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8.json new file mode 100644 index 00000000000..b1b031b66f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20417e2a-7f5f-4b51-904e-6777050682cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--146dfdc2-48fa-4a3f-95ab-6a437ba953b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.912316Z", + "modified": "2025-01-30T00:18:55.912316Z", + "name": "CVE-2024-57436", + "description": "RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6.json b/objects/vulnerability/vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6.json new file mode 100644 index 00000000000..bacdc89b480 --- /dev/null +++ b/objects/vulnerability/vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78647f17-d2b9-4603-8ae1-c9aa6378d0e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14cf20bd-f6a6-4d78-a967-db0497ff21d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.790424Z", + "modified": "2025-01-30T00:19:05.790424Z", + "name": "CVE-2025-24884", + "description": "kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the \"full-elastic-stack\" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24884" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3.json b/objects/vulnerability/vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3.json new file mode 100644 index 00000000000..704be56d26b --- /dev/null +++ b/objects/vulnerability/vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed9a21d8-921b-4bc4-bae0-49b27e208da9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15dc676b-3654-41e2-8dc8-b697a8a74ed3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.817189Z", + "modified": "2025-01-30T00:19:05.817189Z", + "name": "CVE-2025-24527", + "description": "An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4.json b/objects/vulnerability/vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4.json new file mode 100644 index 00000000000..dfe45f84363 --- /dev/null +++ b/objects/vulnerability/vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43168b01-ba01-4e70-9c2c-01ee1d101e30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18b18c7b-9f1f-4cc7-80e7-9591d258d1a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.826203Z", + "modified": "2025-01-30T00:19:05.826203Z", + "name": "CVE-2025-24882", + "description": "regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24882" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3.json b/objects/vulnerability/vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3.json new file mode 100644 index 00000000000..f5208b0455d --- /dev/null +++ b/objects/vulnerability/vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05b3c3a7-6bb5-458c-87be-c64248b640e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19c32296-0354-4f17-88f9-fc62f9508eb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.864623Z", + "modified": "2025-01-30T00:18:55.864623Z", + "name": "CVE-2024-57510", + "description": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0.json b/objects/vulnerability/vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0.json new file mode 100644 index 00000000000..2c8344d3157 --- /dev/null +++ b/objects/vulnerability/vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb35ce35-c7e1-4369-81d2-70e50b9514b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22f99bda-88e9-400c-adee-6e4d2e230ab0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:56.379706Z", + "modified": "2025-01-30T00:18:56.379706Z", + "name": "CVE-2024-51182", + "description": "HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the \"erro\" parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1.json b/objects/vulnerability/vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1.json new file mode 100644 index 00000000000..0ff46346e0e --- /dev/null +++ b/objects/vulnerability/vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b054f725-ede6-43f0-94cc-6ab3e302f626", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2303f30d-c9c0-4ccc-a71f-81dcbbf90af1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.841904Z", + "modified": "2025-01-30T00:19:05.841904Z", + "name": "CVE-2025-0841", + "description": "A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--293e9954-316b-4986-9160-d5a67ed003c6.json b/objects/vulnerability/vulnerability--293e9954-316b-4986-9160-d5a67ed003c6.json new file mode 100644 index 00000000000..b594041f6b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--293e9954-316b-4986-9160-d5a67ed003c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89b98c74-3e38-4ddf-9e4e-6ef9405586b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--293e9954-316b-4986-9160-d5a67ed003c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.924173Z", + "modified": "2025-01-30T00:19:05.924173Z", + "name": "CVE-2025-20061", + "description": "mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87.json b/objects/vulnerability/vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87.json new file mode 100644 index 00000000000..5306f6fa3ce --- /dev/null +++ b/objects/vulnerability/vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f10b9408-e84e-42f7-9062-3454f445077c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29ef3689-ddc6-43c5-b713-bff830ab0c87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.784832Z", + "modified": "2025-01-30T00:19:05.784832Z", + "name": "CVE-2025-24791", + "description": "snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692.json b/objects/vulnerability/vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692.json new file mode 100644 index 00000000000..597ffac6f70 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c365d67-6a85-49eb-8a18-e157a697f5e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e1ba8c5-986a-41be-856e-38469e5ee692", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.864718Z", + "modified": "2025-01-30T00:19:05.864718Z", + "name": "CVE-2025-0840", + "description": "A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469.json b/objects/vulnerability/vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469.json new file mode 100644 index 00000000000..37b6185e8d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0a6a00f-1677-487d-a2b6-168c0663d33f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36e1e4b8-f6e4-4349-a4d9-65fbd644c469", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.776143Z", + "modified": "2025-01-30T00:19:05.776143Z", + "name": "CVE-2025-24793", + "description": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26.json b/objects/vulnerability/vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26.json new file mode 100644 index 00000000000..0cb62fbe7f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--54cdfcf7-9254-4504-8dc3-7bc45af01a5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39f10dc5-2918-44dd-a109-8fafbed8dc26", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.882343Z", + "modified": "2025-01-30T00:19:05.882343Z", + "name": "CVE-2025-0617", + "description": "An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693.json b/objects/vulnerability/vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693.json new file mode 100644 index 00000000000..95f560c2d60 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a13a067-3ece-499b-ad8a-6943f93c97eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c7f8a9e-00bc-4d3f-81e9-69f3e4aa2693", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:56.224875Z", + "modified": "2025-01-30T00:18:56.224875Z", + "name": "CVE-2024-13696", + "description": "The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wishlist_name’ parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453.json b/objects/vulnerability/vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453.json new file mode 100644 index 00000000000..20218da90f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df3aba0b-0f3a-4704-9c1b-6f4905f88241", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e4efaf9-2073-441a-a360-a3dbc04cf453", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.830924Z", + "modified": "2025-01-30T00:19:05.830924Z", + "name": "CVE-2025-0792", + "description": "A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f.json b/objects/vulnerability/vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f.json new file mode 100644 index 00000000000..4d0d5618804 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58d60b1b-e135-4288-a5b3-442dc3279442", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e827318-0e2b-4d99-8aac-1730763b016f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.640956Z", + "modified": "2025-01-30T00:19:05.640956Z", + "name": "CVE-2025-21415", + "description": "Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-21415" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2.json b/objects/vulnerability/vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2.json new file mode 100644 index 00000000000..4db0a996342 --- /dev/null +++ b/objects/vulnerability/vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99daf376-d6c7-4054-8b04-ebeb6bbba41d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--424951a8-70a3-4666-814d-2e9a6481c8b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.83312Z", + "modified": "2025-01-30T00:19:05.83312Z", + "name": "CVE-2025-0803", + "description": "A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67.json b/objects/vulnerability/vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67.json new file mode 100644 index 00000000000..78f2b1f5116 --- /dev/null +++ b/objects/vulnerability/vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce5799ce-5118-46d1-8c43-95bb11d72552", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42b1654e-3a85-4193-9c03-ea8b2f1c9c67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.875605Z", + "modified": "2025-01-30T00:19:05.875605Z", + "name": "CVE-2025-0842", + "description": "A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43137e27-7c4a-41a3-889b-c3613af15307.json b/objects/vulnerability/vulnerability--43137e27-7c4a-41a3-889b-c3613af15307.json new file mode 100644 index 00000000000..2844d6967ae --- /dev/null +++ b/objects/vulnerability/vulnerability--43137e27-7c4a-41a3-889b-c3613af15307.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98051ab4-6003-4929-9e2e-5e10cc61ab33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43137e27-7c4a-41a3-889b-c3613af15307", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:56.846296Z", + "modified": "2025-01-30T00:18:56.846296Z", + "name": "CVE-2024-23733", + "description": "The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23733" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8.json b/objects/vulnerability/vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8.json new file mode 100644 index 00000000000..c85f0226b9f --- /dev/null +++ b/objects/vulnerability/vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--777ee450-6760-4a59-84bd-a57ba83e7321", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44d4c44a-d83c-48f7-8415-81c6ccc2b3e8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.868606Z", + "modified": "2025-01-30T00:19:05.868606Z", + "name": "CVE-2025-0793", + "description": "A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151.json b/objects/vulnerability/vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151.json new file mode 100644 index 00000000000..d3a8a76023a --- /dev/null +++ b/objects/vulnerability/vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5460f411-ee8b-4587-aa5a-3bc5aa74f17e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47ad921c-9308-436f-bc0b-47ce3bf1c151", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.859276Z", + "modified": "2025-01-30T00:19:05.859276Z", + "name": "CVE-2025-0802", + "description": "A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043.json b/objects/vulnerability/vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043.json new file mode 100644 index 00000000000..22981c43935 --- /dev/null +++ b/objects/vulnerability/vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--509d4a3b-42dc-4b0d-8ba2-40b43e69043f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--489fa6cb-110e-4df2-9a11-f2311c4e6043", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.87684Z", + "modified": "2025-01-30T00:19:05.87684Z", + "name": "CVE-2025-0798", + "description": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287.json b/objects/vulnerability/vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287.json new file mode 100644 index 00000000000..4ed679281d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b751adc-bbc3-4e7c-87be-ed1fe7c671d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c4fe1f7-886d-4bda-87f8-65da89da9287", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.783042Z", + "modified": "2025-01-30T00:19:05.783042Z", + "name": "CVE-2025-24788", + "description": "snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991.json b/objects/vulnerability/vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991.json new file mode 100644 index 00000000000..8db2f7f51f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd2723af-d32a-498d-bbce-e1409d2404c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e138669-5eed-4dbf-82c2-c9d31246a991", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.278319Z", + "modified": "2025-01-30T00:18:55.278319Z", + "name": "CVE-2024-12749", + "description": "The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b.json b/objects/vulnerability/vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b.json new file mode 100644 index 00000000000..e2f54806812 --- /dev/null +++ b/objects/vulnerability/vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--790ab420-3ad7-418e-b741-50e4060be1f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51f7f7a6-4e9c-423b-9dab-f069091d768b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.885337Z", + "modified": "2025-01-30T00:18:55.885337Z", + "name": "CVE-2024-57513", + "description": "A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57513" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb.json b/objects/vulnerability/vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb.json new file mode 100644 index 00000000000..581c89d04d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3b89c77-9e4f-462c-b072-f4552af08212", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5acd634d-9e87-4c37-b2e8-437404c472fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.806799Z", + "modified": "2025-01-30T00:19:05.806799Z", + "name": "CVE-2025-24792", + "description": "Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conversion error that crashes the application using the Driver. This vulnerability affects versions 0.2.0 through 3.0.3. Snowflake fixed the issue in version 3.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf.json b/objects/vulnerability/vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf.json new file mode 100644 index 00000000000..4f636af8e3a --- /dev/null +++ b/objects/vulnerability/vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c76273b5-90d5-46ee-8842-1a7ca71960cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d9c2980-a492-44d3-ba3b-f8675287abcf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:57.438108Z", + "modified": "2025-01-30T00:18:57.438108Z", + "name": "CVE-2024-41140", + "description": "Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41140" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae.json b/objects/vulnerability/vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae.json new file mode 100644 index 00000000000..1ce69318b9c --- /dev/null +++ b/objects/vulnerability/vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e14ca171-33cf-4fa6-975a-1fbdb4b20785", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6831a6bc-df78-4845-8ff8-b408d9c0efae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.767571Z", + "modified": "2025-01-30T00:19:05.767571Z", + "name": "CVE-2025-24790", + "description": "Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa.json b/objects/vulnerability/vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa.json new file mode 100644 index 00000000000..ea2b628a562 --- /dev/null +++ b/objects/vulnerability/vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbf77c25-2d19-4075-af47-c9405ab9a46f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6938acf1-bddc-415a-982e-8c91a49fc9fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:01.466534Z", + "modified": "2025-01-30T00:19:01.466534Z", + "name": "CVE-2023-37413", + "description": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--699f374d-9d3d-4999-98c9-32c079f93183.json b/objects/vulnerability/vulnerability--699f374d-9d3d-4999-98c9-32c079f93183.json new file mode 100644 index 00000000000..aa278879c25 --- /dev/null +++ b/objects/vulnerability/vulnerability--699f374d-9d3d-4999-98c9-32c079f93183.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c64f3600-a226-4eb0-b90f-b7b1d639afd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--699f374d-9d3d-4999-98c9-32c079f93183", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.866613Z", + "modified": "2025-01-30T00:19:05.866613Z", + "name": "CVE-2025-0844", + "description": "A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/user_address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0844" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c.json b/objects/vulnerability/vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c.json new file mode 100644 index 00000000000..d2f204fb8e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d620d87e-56c4-4c25-b91f-1b7bd4f135b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c0d1b17-3c8a-4fdc-a7b3-6bba0676f78c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:56.248732Z", + "modified": "2025-01-30T00:18:56.248732Z", + "name": "CVE-2024-13561", + "description": "The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20.json b/objects/vulnerability/vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20.json new file mode 100644 index 00000000000..2511638bb62 --- /dev/null +++ b/objects/vulnerability/vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e05ba9a5-2902-42e3-8ca7-99fbdf34aecc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7123c975-5828-4206-b8a3-ea85b51d1f20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.861989Z", + "modified": "2025-01-30T00:19:05.861989Z", + "name": "CVE-2025-0762", + "description": "Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0762" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1.json b/objects/vulnerability/vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1.json new file mode 100644 index 00000000000..af95648ed50 --- /dev/null +++ b/objects/vulnerability/vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9441193-7ffe-45a8-9053-ecdf4ec1484b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7329cdfe-9a4f-42b6-8a45-4651a20bf7b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.872823Z", + "modified": "2025-01-30T00:18:55.872823Z", + "name": "CVE-2024-57437", + "description": "RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74723deb-8b58-4107-862b-28075a776359.json b/objects/vulnerability/vulnerability--74723deb-8b58-4107-862b-28075a776359.json new file mode 100644 index 00000000000..c85b0ed31ec --- /dev/null +++ b/objects/vulnerability/vulnerability--74723deb-8b58-4107-862b-28075a776359.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5aa2fcd-1719-42df-a36a-a4f3f972bc74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74723deb-8b58-4107-862b-28075a776359", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.818755Z", + "modified": "2025-01-30T00:19:05.818755Z", + "name": "CVE-2025-24794", + "description": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b.json b/objects/vulnerability/vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b.json new file mode 100644 index 00000000000..ba458645c2e --- /dev/null +++ b/objects/vulnerability/vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcd6b200-e5d2-4e85-932b-0e645d0818f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78b530c1-b8ab-43c3-9f9f-1603f504da3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:57.580225Z", + "modified": "2025-01-30T00:18:57.580225Z", + "name": "CVE-2024-11187", + "description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5.json b/objects/vulnerability/vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5.json new file mode 100644 index 00000000000..798d5a5ddb0 --- /dev/null +++ b/objects/vulnerability/vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2a2c320-52f1-4b5e-ae86-c321953c51a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--825fc663-2fce-4f06-bfab-b48e02546ea5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:01.485296Z", + "modified": "2025-01-30T00:19:01.485296Z", + "name": "CVE-2023-37398", + "description": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37398" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470.json b/objects/vulnerability/vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470.json new file mode 100644 index 00000000000..fd2b0569f2f --- /dev/null +++ b/objects/vulnerability/vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3579cfc0-b6a3-4f8c-8da4-e90098b49444", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--854c1d57-2573-4c95-82fe-b9dd2d452470", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.838384Z", + "modified": "2025-01-30T00:19:05.838384Z", + "name": "CVE-2025-0804", + "description": "The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0804" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308.json b/objects/vulnerability/vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308.json new file mode 100644 index 00000000000..f8da4a2a313 --- /dev/null +++ b/objects/vulnerability/vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f346fd8-9a1d-496f-b03b-3a6b8a19b195", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--867f08b4-2e86-4390-a31e-abb9b0f4b308", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.847051Z", + "modified": "2025-01-30T00:19:05.847051Z", + "name": "CVE-2025-0843", + "description": "A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0843" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75.json b/objects/vulnerability/vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75.json new file mode 100644 index 00000000000..7c365f2ddf2 --- /dev/null +++ b/objects/vulnerability/vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0fa7c10-4190-480b-bb89-6a6f7979be65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87717ed5-271e-41b8-8dfc-a8bd2f54bb75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:57.095147Z", + "modified": "2025-01-30T00:18:57.095147Z", + "name": "CVE-2024-48852", + "description": "Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.\n \n\nThis issue affects FLXEON through <= 9.3.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852.json b/objects/vulnerability/vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852.json new file mode 100644 index 00000000000..28c38897902 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a7c7a76-27d4-4eb4-a47f-8051c2813108", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b926aa0-ef43-474e-8aee-cc3a54b90852", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.891389Z", + "modified": "2025-01-30T00:19:05.891389Z", + "name": "CVE-2025-20014", + "description": "mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f077954-cb1b-4621-a519-04b64e49b944.json b/objects/vulnerability/vulnerability--8f077954-cb1b-4621-a519-04b64e49b944.json new file mode 100644 index 00000000000..7948d43e6da --- /dev/null +++ b/objects/vulnerability/vulnerability--8f077954-cb1b-4621-a519-04b64e49b944.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d19a11ac-5f2c-442a-ae5e-6cbd0f7eaeb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f077954-cb1b-4621-a519-04b64e49b944", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.866474Z", + "modified": "2025-01-30T00:18:55.866474Z", + "name": "CVE-2024-57395", + "description": "Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd.json b/objects/vulnerability/vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd.json new file mode 100644 index 00000000000..aa4f8276024 --- /dev/null +++ b/objects/vulnerability/vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f2edf81-ad4b-4dd8-9223-719152a94673", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--926919bd-42b9-4983-8cd1-12f391ae91dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.874204Z", + "modified": "2025-01-30T00:19:05.874204Z", + "name": "CVE-2025-0800", + "description": "A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac.json b/objects/vulnerability/vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac.json new file mode 100644 index 00000000000..7569464105d --- /dev/null +++ b/objects/vulnerability/vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6d72121-f661-4c57-80b6-717c2a86d4f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96af1df9-f53f-4451-ba74-ac29adde11ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:00.562747Z", + "modified": "2025-01-30T00:19:00.562747Z", + "name": "CVE-2023-33838", + "description": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33838" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6.json b/objects/vulnerability/vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6.json new file mode 100644 index 00000000000..8c7a7458f6f --- /dev/null +++ b/objects/vulnerability/vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d1fe773-ad76-43d2-93b3-be37e553952c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96c7bbce-92a4-4dd1-b806-79e1c6b0bff6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.854261Z", + "modified": "2025-01-30T00:19:05.854261Z", + "name": "CVE-2025-0353", + "description": "The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0353" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7.json b/objects/vulnerability/vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7.json new file mode 100644 index 00000000000..e4a386b9409 --- /dev/null +++ b/objects/vulnerability/vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a01b6b40-bf83-406d-b582-dbd72d82baf5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--990fc8c5-1354-4a3d-90ad-f84ce21e3ec7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.708564Z", + "modified": "2025-01-30T00:18:55.708564Z", + "name": "CVE-2024-54851", + "description": "Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0.json b/objects/vulnerability/vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0.json new file mode 100644 index 00000000000..d476bd5299e --- /dev/null +++ b/objects/vulnerability/vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e44d89b-bec7-4a42-97fe-8e03b5c2e15d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0de6edb-776f-4525-ba46-0075cbf712a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.910793Z", + "modified": "2025-01-30T00:18:55.910793Z", + "name": "CVE-2024-57965", + "description": "** DISPUTED ** In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea.json b/objects/vulnerability/vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea.json new file mode 100644 index 00000000000..000c878b343 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16d93b65-54d4-47b4-92ae-8e833972c366", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1b23a7f-7bd3-4f11-8aef-12c1668b13ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:08.145163Z", + "modified": "2025-01-30T00:19:08.145163Z", + "name": "CVE-2021-3978", + "description": "When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-3978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2.json b/objects/vulnerability/vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2.json new file mode 100644 index 00000000000..96d444e79ce --- /dev/null +++ b/objects/vulnerability/vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23725261-0794-481f-b04d-cb0a70d2e971", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5581176-0b13-40d4-9048-6af2655c9fa2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.787226Z", + "modified": "2025-01-30T00:19:05.787226Z", + "name": "CVE-2025-24795", + "description": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4.json b/objects/vulnerability/vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4.json new file mode 100644 index 00000000000..fb1568cfd74 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb0d3f35-084f-4130-a22c-2e0621b233a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae72d079-5688-47c3-a10f-f0d0b9a857f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.847578Z", + "modified": "2025-01-30T00:18:55.847578Z", + "name": "CVE-2024-10001", + "description": "A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442.json b/objects/vulnerability/vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442.json new file mode 100644 index 00000000000..fcf0112d248 --- /dev/null +++ b/objects/vulnerability/vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79f4e5ad-2dd7-4768-b4b7-2c5aced2eb6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aecd7a2e-2095-49fe-a1c7-08c0aacd8442", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:01.497823Z", + "modified": "2025-01-30T00:19:01.497823Z", + "name": "CVE-2023-37412", + "description": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095.json b/objects/vulnerability/vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095.json new file mode 100644 index 00000000000..3d8d809f93a --- /dev/null +++ b/objects/vulnerability/vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5e90d1d-0d64-409d-b924-620281b3dbad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2b61e84-bff5-4041-86f5-1f6f3d1e9095", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.246527Z", + "modified": "2025-01-30T00:18:55.246527Z", + "name": "CVE-2024-12705", + "description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95.json b/objects/vulnerability/vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95.json new file mode 100644 index 00000000000..d658ac55350 --- /dev/null +++ b/objects/vulnerability/vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6571d8c-fff0-4354-b678-668f39ba2497", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b6352885-d4ef-45ec-9db4-92c81c704b95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.851191Z", + "modified": "2025-01-30T00:19:05.851191Z", + "name": "CVE-2025-0851", + "description": "A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0.json b/objects/vulnerability/vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0.json new file mode 100644 index 00000000000..077a74119e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c2de388-2b1e-4865-9a2c-2f7181f01b71", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbf028f4-153a-4c56-91a4-7b6c4d3311a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.879994Z", + "modified": "2025-01-30T00:19:05.879994Z", + "name": "CVE-2025-0795", + "description": "A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1.json b/objects/vulnerability/vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1.json new file mode 100644 index 00000000000..ae9011f4e51 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ac88f13-9d61-46c1-abdb-4d0c55c91d73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2ab6b7d-5ba9-489d-9c9f-7f4521e1abe1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.858141Z", + "modified": "2025-01-30T00:19:05.858141Z", + "name": "CVE-2025-0797", + "description": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0797" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9.json b/objects/vulnerability/vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9.json new file mode 100644 index 00000000000..169b0b24481 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ee4906e-6c6d-40d4-b1d1-b0549a4ee8de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9c64ecf-f33a-44bc-9ecc-100d44176ef9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.884519Z", + "modified": "2025-01-30T00:19:05.884519Z", + "name": "CVE-2025-0794", + "description": "A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44.json b/objects/vulnerability/vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44.json new file mode 100644 index 00000000000..e7aea1737c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9250113-9f2a-4a6d-ad90-acc732d7bebe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cdd54ffb-6412-4e38-b21d-170b0e707f44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.882399Z", + "modified": "2025-01-30T00:18:55.882399Z", + "name": "CVE-2024-57439", + "description": "An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57439" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622.json b/objects/vulnerability/vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622.json new file mode 100644 index 00000000000..7c784288bbf --- /dev/null +++ b/objects/vulnerability/vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6686df9-e3db-4520-b779-0ac745521378", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf2314c2-5b43-4c54-b513-2183fee1c622", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.880341Z", + "modified": "2025-01-30T00:18:55.880341Z", + "name": "CVE-2024-57438", + "description": "Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57438" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094.json b/objects/vulnerability/vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094.json new file mode 100644 index 00000000000..24a9a9acd95 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b297070-ade3-4a33-8b4c-67db9972d09e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfe6c8c4-0084-40c6-81b1-c2460789c094", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.751044Z", + "modified": "2025-01-30T00:18:55.751044Z", + "name": "CVE-2024-54461", + "description": "The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6.json b/objects/vulnerability/vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6.json new file mode 100644 index 00000000000..266e50a14a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90c6cee6-c808-42df-97eb-7d29c2472473", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d41ac2f8-cfa5-4b70-8a8d-34eabb3e0eb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.886113Z", + "modified": "2025-01-30T00:19:05.886113Z", + "name": "CVE-2025-0806", + "description": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0806" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c.json b/objects/vulnerability/vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c.json new file mode 100644 index 00000000000..9ae245f7605 --- /dev/null +++ b/objects/vulnerability/vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7faeb6c7-ab86-43c6-b29c-168989ab9b5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d45cad06-dd79-4f99-8489-6027d5411b0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.756565Z", + "modified": "2025-01-30T00:18:55.756565Z", + "name": "CVE-2024-54462", + "description": "The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54462" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a.json b/objects/vulnerability/vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a.json new file mode 100644 index 00000000000..8260a569707 --- /dev/null +++ b/objects/vulnerability/vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e37a2545-6130-4177-87db-325e36cdd724", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5cd6951-d054-411c-9033-5c008def7d4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:57.069634Z", + "modified": "2025-01-30T00:18:57.069634Z", + "name": "CVE-2024-48849", + "description": "Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24.json b/objects/vulnerability/vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24.json new file mode 100644 index 00000000000..6b4b054638e --- /dev/null +++ b/objects/vulnerability/vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--803686e4-7b33-457c-82c8-0f15ce5016bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8076c5f-0901-45ac-be78-5a09cd1a1e24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:57.10159Z", + "modified": "2025-01-30T00:18:57.10159Z", + "name": "CVE-2024-48761", + "description": "The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48761" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55.json b/objects/vulnerability/vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55.json new file mode 100644 index 00000000000..4092553a586 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cff69ed7-a705-4de4-bc06-57198f4811ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8adfde6-5ea7-4ff4-a2e6-5d223f3ead55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.622595Z", + "modified": "2025-01-30T00:19:05.622595Z", + "name": "CVE-2025-21396", + "description": "Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-21396" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d.json b/objects/vulnerability/vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d.json new file mode 100644 index 00000000000..e7c25912e02 --- /dev/null +++ b/objects/vulnerability/vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f7ea0b1-dc4b-4f43-be4e-91b2ddc0a3a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--daa13730-9e74-4cfa-8a75-22332c18553d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.770367Z", + "modified": "2025-01-30T00:19:05.770367Z", + "name": "CVE-2025-24789", + "description": "Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1473664-1729-4468-8efc-d00e67bfca77.json b/objects/vulnerability/vulnerability--e1473664-1729-4468-8efc-d00e67bfca77.json new file mode 100644 index 00000000000..0a3be717239 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1473664-1729-4468-8efc-d00e67bfca77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98c08906-efbc-4710-9976-b67b1f99ecf6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1473664-1729-4468-8efc-d00e67bfca77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:19:05.774929Z", + "modified": "2025-01-30T00:19:05.774929Z", + "name": "CVE-2025-24374", + "description": "Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24374" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116.json b/objects/vulnerability/vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116.json new file mode 100644 index 00000000000..eccc7568cd3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cf11896-a0bb-4653-9ee2-31ca924919bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1b4419b-aec4-4dcb-a986-509c257fd116", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.744741Z", + "modified": "2025-01-30T00:18:55.744741Z", + "name": "CVE-2024-54852", + "description": "When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54852" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e.json b/objects/vulnerability/vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e.json new file mode 100644 index 00000000000..db9e8323501 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f9001fe-b1e3-4b29-a92c-2b6cbe4c521f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8a92744-69b7-414f-bb7c-37c5c3f13d5e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-30T00:18:55.903742Z", + "modified": "2025-01-30T00:18:55.903742Z", + "name": "CVE-2024-57665", + "description": "JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57665" + } + ] + } + ] +} \ No newline at end of file