From 69f6a0c53b8b1348b25bdc9917b26effef2c1086 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 00:19:41 +0000 Subject: [PATCH] generated content from 2025-01-23 --- mapping.csv | 37 +++++++++++++++++++ ...-00cf0042-690f-4db6-827c-6e8ce939daa2.json | 22 +++++++++++ ...-00fa2ef8-5f69-4a06-b19a-201f7e4db423.json | 22 +++++++++++ ...-152d9cb5-134b-4d7b-a6f7-ebea18531dc9.json | 22 +++++++++++ ...-1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f.json | 22 +++++++++++ ...-26b6b0f2-72d8-46fe-b107-a3d3cd544582.json | 22 +++++++++++ ...-2754e085-b695-41fb-a039-69c8629574ab.json | 22 +++++++++++ ...-2dc8b479-505f-4579-877e-7d4a20e3dbaf.json | 22 +++++++++++ ...-2e8d9a08-b385-4a24-8923-13b0a462cf48.json | 22 +++++++++++ ...-2ea6dd6c-cf5a-4584-895d-7586c9dce80d.json | 22 +++++++++++ ...-3653a010-ed20-4bce-acad-a8dcc3375120.json | 22 +++++++++++ ...-3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2.json | 22 +++++++++++ ...-44e05092-b620-45ac-ac41-7beac75aa6dd.json | 22 +++++++++++ ...-457c9f78-e105-4062-8597-386b36351157.json | 22 +++++++++++ ...-55589396-084a-4a5c-92a6-434f6fd933a6.json | 22 +++++++++++ ...-57088e5a-5114-4e8a-befb-be33858fea7d.json | 22 +++++++++++ ...-5bd5ba93-78d4-4a5c-bee4-6e598550bc04.json | 22 +++++++++++ ...-6106d275-297d-4639-bbf3-e0a4ab1ea139.json | 22 +++++++++++ ...-616abcdc-95c6-46c5-9275-7384c0e02271.json | 22 +++++++++++ ...-6979ae47-3b6c-441e-802a-7ee28dcdbb8f.json | 22 +++++++++++ ...-76290d7b-7b9b-4367-af39-3edd57749ab3.json | 22 +++++++++++ ...-85df8f34-68ea-47a2-8d19-e6c901aa1c04.json | 22 +++++++++++ ...-89269e8d-0655-4c35-a9da-9c2255f68a2a.json | 22 +++++++++++ ...-9230a447-f93c-48d7-971c-4c5f73798b47.json | 22 +++++++++++ ...-981ba483-b76e-48ac-9b5a-0a205cf604c8.json | 22 +++++++++++ ...-992a6abb-d3b8-4456-8dbb-94fbe9377f02.json | 22 +++++++++++ ...-a041d906-6bfc-40b6-8c96-d0b3023dc3d1.json | 22 +++++++++++ ...-a885d2f2-5dd0-4424-8a9d-07deda43d3f3.json | 22 +++++++++++ ...-ba1678f2-f370-4a9d-813c-ed4018a88adf.json | 22 +++++++++++ ...-ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5.json | 22 +++++++++++ ...-d89a9009-b085-4fa2-9dde-4c8009a5024f.json | 22 +++++++++++ ...-d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4.json | 22 +++++++++++ ...-dd29e8f0-c65d-496a-8195-138ff66a6dfa.json | 22 +++++++++++ ...-e031dfb5-6348-49cc-8d69-9b1db8327fc2.json | 22 +++++++++++ ...-e7578fdc-01ad-48c7-bfa9-f1e34791826c.json | 22 +++++++++++ ...-edeb49e2-65d1-466c-a183-a4ba1d3799f2.json | 22 +++++++++++ ...-ee67ae95-9d70-46bb-bb2c-b43253f33f4e.json | 22 +++++++++++ ...-ff0e8b30-de10-4e53-bbfc-ea1562bd39ac.json | 22 +++++++++++ 38 files changed, 851 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2.json create mode 100644 objects/vulnerability/vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423.json create mode 100644 objects/vulnerability/vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9.json create mode 100644 objects/vulnerability/vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f.json create mode 100644 objects/vulnerability/vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582.json create mode 100644 objects/vulnerability/vulnerability--2754e085-b695-41fb-a039-69c8629574ab.json create mode 100644 objects/vulnerability/vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf.json create mode 100644 objects/vulnerability/vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48.json create mode 100644 objects/vulnerability/vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d.json create mode 100644 objects/vulnerability/vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120.json create mode 100644 objects/vulnerability/vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2.json create mode 100644 objects/vulnerability/vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd.json create mode 100644 objects/vulnerability/vulnerability--457c9f78-e105-4062-8597-386b36351157.json create mode 100644 objects/vulnerability/vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6.json create mode 100644 objects/vulnerability/vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d.json create mode 100644 objects/vulnerability/vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04.json create mode 100644 objects/vulnerability/vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139.json create mode 100644 objects/vulnerability/vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271.json create mode 100644 objects/vulnerability/vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f.json create mode 100644 objects/vulnerability/vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3.json create mode 100644 objects/vulnerability/vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04.json create mode 100644 objects/vulnerability/vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a.json create mode 100644 objects/vulnerability/vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47.json create mode 100644 objects/vulnerability/vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8.json create mode 100644 objects/vulnerability/vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02.json create mode 100644 objects/vulnerability/vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1.json create mode 100644 objects/vulnerability/vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3.json create mode 100644 objects/vulnerability/vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf.json create mode 100644 objects/vulnerability/vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5.json create mode 100644 objects/vulnerability/vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f.json create mode 100644 objects/vulnerability/vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4.json create mode 100644 objects/vulnerability/vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa.json create mode 100644 objects/vulnerability/vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2.json create mode 100644 objects/vulnerability/vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c.json create mode 100644 objects/vulnerability/vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2.json create mode 100644 objects/vulnerability/vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e.json create mode 100644 objects/vulnerability/vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac.json diff --git a/mapping.csv b/mapping.csv index da57aa0faa..e0e744c99e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -264609,3 +264609,40 @@ vulnerability,CVE-2025-24460,vulnerability--78b7f111-a50d-4d4a-b60b-67bd33bc82d6 vulnerability,CVE-2025-24461,vulnerability--948a7597-75c8-4eda-b579-0639a3993671 vulnerability,CVE-2025-24012,vulnerability--aa4d0da7-bb78-4f43-8509-19e26772c46e vulnerability,CVE-2025-24457,vulnerability--1b772270-f6c7-4db9-8256-8c7c493730c5 +vulnerability,CVE-2024-34235,vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2 +vulnerability,CVE-2024-56923,vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3 +vulnerability,CVE-2024-56914,vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423 +vulnerability,CVE-2024-56924,vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f +vulnerability,CVE-2024-42013,vulnerability--2754e085-b695-41fb-a039-69c8629574ab +vulnerability,CVE-2024-42012,vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3 +vulnerability,CVE-2024-55488,vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04 +vulnerability,CVE-2024-55957,vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1 +vulnerability,CVE-2024-24430,vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4 +vulnerability,CVE-2024-24429,vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47 +vulnerability,CVE-2024-24432,vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271 +vulnerability,CVE-2023-36998,vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2 +vulnerability,CVE-2023-37013,vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf +vulnerability,CVE-2023-37017,vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04 +vulnerability,CVE-2023-37016,vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2 +vulnerability,CVE-2023-37020,vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120 +vulnerability,CVE-2023-37018,vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48 +vulnerability,CVE-2023-37008,vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e +vulnerability,CVE-2023-37022,vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f +vulnerability,CVE-2023-37012,vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c +vulnerability,CVE-2023-37006,vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6 +vulnerability,CVE-2023-37015,vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf +vulnerability,CVE-2023-37021,vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd +vulnerability,CVE-2023-37002,vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139 +vulnerability,CVE-2023-37011,vulnerability--457c9f78-e105-4062-8597-386b36351157 +vulnerability,CVE-2023-37010,vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d +vulnerability,CVE-2023-37003,vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9 +vulnerability,CVE-2023-37005,vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02 +vulnerability,CVE-2023-37009,vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f +vulnerability,CVE-2023-37014,vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8 +vulnerability,CVE-2023-37023,vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a +vulnerability,CVE-2023-37019,vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2 +vulnerability,CVE-2023-37777,vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac +vulnerability,CVE-2023-37004,vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582 +vulnerability,CVE-2023-37007,vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa +vulnerability,CVE-2025-22980,vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d +vulnerability,CVE-2025-0625,vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5 diff --git a/objects/vulnerability/vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2.json b/objects/vulnerability/vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2.json new file mode 100644 index 0000000000..37ec908728 --- /dev/null +++ b/objects/vulnerability/vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48bee5bd-27da-4b00-89d1-b3f65c70f541", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00cf0042-690f-4db6-827c-6e8ce939daa2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.783768Z", + "modified": "2025-01-23T00:19:18.783768Z", + "name": "CVE-2023-37016", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423.json b/objects/vulnerability/vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423.json new file mode 100644 index 0000000000..b460eabeb3 --- /dev/null +++ b/objects/vulnerability/vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d28a044b-ab0f-4002-a972-69297803c733", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00fa2ef8-5f69-4a06-b19a-201f7e4db423", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:13.791754Z", + "modified": "2025-01-23T00:19:13.791754Z", + "name": "CVE-2024-56914", + "description": "D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56914" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9.json b/objects/vulnerability/vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9.json new file mode 100644 index 0000000000..547754a1ea --- /dev/null +++ b/objects/vulnerability/vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2f336f6-3276-4731-a8da-bc47e98d7073", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--152d9cb5-134b-4d7b-a6f7-ebea18531dc9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.818083Z", + "modified": "2025-01-23T00:19:18.818083Z", + "name": "CVE-2023-37003", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f.json b/objects/vulnerability/vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f.json new file mode 100644 index 0000000000..d5ba3ad874 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8eccedc3-d3f8-42f8-ba37-e2b035bc0947", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bc817b9-1cb6-4a76-9bbb-bc8cf1ad296f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.825761Z", + "modified": "2025-01-23T00:19:18.825761Z", + "name": "CVE-2023-37009", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37009" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582.json b/objects/vulnerability/vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582.json new file mode 100644 index 0000000000..81ee8854bf --- /dev/null +++ b/objects/vulnerability/vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--780f8b01-6db7-40fd-ba84-e3134599bbdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26b6b0f2-72d8-46fe-b107-a3d3cd544582", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.843567Z", + "modified": "2025-01-23T00:19:18.843567Z", + "name": "CVE-2023-37004", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37004" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2754e085-b695-41fb-a039-69c8629574ab.json b/objects/vulnerability/vulnerability--2754e085-b695-41fb-a039-69c8629574ab.json new file mode 100644 index 0000000000..16da07b393 --- /dev/null +++ b/objects/vulnerability/vulnerability--2754e085-b695-41fb-a039-69c8629574ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5a42db9-2670-4900-ac9e-1a114c2ae51c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2754e085-b695-41fb-a039-69c8629574ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.147369Z", + "modified": "2025-01-23T00:19:14.147369Z", + "name": "CVE-2024-42013", + "description": "In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42013" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf.json b/objects/vulnerability/vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf.json new file mode 100644 index 0000000000..8076f93a07 --- /dev/null +++ b/objects/vulnerability/vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35ace6bb-e26e-4942-8a30-90ae60b7299d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2dc8b479-505f-4579-877e-7d4a20e3dbaf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.770415Z", + "modified": "2025-01-23T00:19:18.770415Z", + "name": "CVE-2023-37013", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37013" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48.json b/objects/vulnerability/vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48.json new file mode 100644 index 0000000000..0c497cd8b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--513ee71a-c18c-44b2-a262-1918f765c8cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e8d9a08-b385-4a24-8923-13b0a462cf48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.79636Z", + "modified": "2025-01-23T00:19:18.79636Z", + "name": "CVE-2023-37018", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d.json b/objects/vulnerability/vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d.json new file mode 100644 index 0000000000..f54ab834e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0bf9c824-4d25-4833-9eb1-4c2077bff599", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ea6dd6c-cf5a-4584-895d-7586c9dce80d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:23.342036Z", + "modified": "2025-01-23T00:19:23.342036Z", + "name": "CVE-2025-22980", + "description": "A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120.json b/objects/vulnerability/vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120.json new file mode 100644 index 0000000000..89e5e3fdaa --- /dev/null +++ b/objects/vulnerability/vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d3bf710-db37-40c8-ab69-425d7ce31b23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3653a010-ed20-4bce-acad-a8dcc3375120", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.793344Z", + "modified": "2025-01-23T00:19:18.793344Z", + "name": "CVE-2023-37020", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2.json b/objects/vulnerability/vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2.json new file mode 100644 index 0000000000..4d980e5a4b --- /dev/null +++ b/objects/vulnerability/vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b478cddd-3432-4f5e-b83a-aed65fb3aeb7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dbd6b3a-4ffc-4597-9c91-1a29fa29b8d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.300196Z", + "modified": "2025-01-23T00:19:18.300196Z", + "name": "CVE-2023-36998", + "description": "The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36998" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd.json b/objects/vulnerability/vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd.json new file mode 100644 index 0000000000..39faf70ece --- /dev/null +++ b/objects/vulnerability/vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f774965-5be6-4dc4-a34e-641a4c5ef0d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44e05092-b620-45ac-ac41-7beac75aa6dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.809143Z", + "modified": "2025-01-23T00:19:18.809143Z", + "name": "CVE-2023-37021", + "description": "Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--457c9f78-e105-4062-8597-386b36351157.json b/objects/vulnerability/vulnerability--457c9f78-e105-4062-8597-386b36351157.json new file mode 100644 index 0000000000..476e9437e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--457c9f78-e105-4062-8597-386b36351157.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a00e744-1571-4c88-9673-76cc2595ac47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--457c9f78-e105-4062-8597-386b36351157", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.812558Z", + "modified": "2025-01-23T00:19:18.812558Z", + "name": "CVE-2023-37011", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37011" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6.json b/objects/vulnerability/vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6.json new file mode 100644 index 0000000000..f6513c0599 --- /dev/null +++ b/objects/vulnerability/vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c1c9bb2-8a3c-45f6-854b-2b989d478b99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55589396-084a-4a5c-92a6-434f6fd933a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.806648Z", + "modified": "2025-01-23T00:19:18.806648Z", + "name": "CVE-2023-37006", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37006" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d.json b/objects/vulnerability/vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d.json new file mode 100644 index 0000000000..ee1e2af77b --- /dev/null +++ b/objects/vulnerability/vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3866a17c-62db-4296-bb52-0546fa05df3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57088e5a-5114-4e8a-befb-be33858fea7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.817123Z", + "modified": "2025-01-23T00:19:18.817123Z", + "name": "CVE-2023-37010", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37010" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04.json b/objects/vulnerability/vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04.json new file mode 100644 index 0000000000..d6d0c67b3e --- /dev/null +++ b/objects/vulnerability/vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da657c33-6507-4b0d-99b7-9de5d0891f4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bd5ba93-78d4-4a5c-bee4-6e598550bc04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.487368Z", + "modified": "2025-01-23T00:19:14.487368Z", + "name": "CVE-2024-55488", + "description": "A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139.json b/objects/vulnerability/vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139.json new file mode 100644 index 0000000000..443ac4bcec --- /dev/null +++ b/objects/vulnerability/vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d534b98-96f5-4ed5-8181-48707b96a12b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6106d275-297d-4639-bbf3-e0a4ab1ea139", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.811092Z", + "modified": "2025-01-23T00:19:18.811092Z", + "name": "CVE-2023-37002", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37002" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271.json b/objects/vulnerability/vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271.json new file mode 100644 index 0000000000..ce15f96b2c --- /dev/null +++ b/objects/vulnerability/vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a900ece3-396f-477e-8d49-82d0e65cf5b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--616abcdc-95c6-46c5-9275-7384c0e02271", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.607659Z", + "modified": "2025-01-23T00:19:14.607659Z", + "name": "CVE-2024-24432", + "description": "A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24432" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f.json b/objects/vulnerability/vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f.json new file mode 100644 index 0000000000..e0a4af28a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1846dc92-8ea4-42bc-9340-8eab1a721860", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6979ae47-3b6c-441e-802a-7ee28dcdbb8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.801361Z", + "modified": "2025-01-23T00:19:18.801361Z", + "name": "CVE-2023-37022", + "description": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37022" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3.json b/objects/vulnerability/vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3.json new file mode 100644 index 0000000000..53022fccc4 --- /dev/null +++ b/objects/vulnerability/vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f5ea1b6-cb91-4f3b-9a9c-e12ba4c7768e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76290d7b-7b9b-4367-af39-3edd57749ab3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:13.766709Z", + "modified": "2025-01-23T00:19:13.766709Z", + "name": "CVE-2024-56923", + "description": "Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56923" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04.json b/objects/vulnerability/vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04.json new file mode 100644 index 0000000000..7d7e734ebf --- /dev/null +++ b/objects/vulnerability/vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3be7db10-bc56-4273-bf43-b8408bcde56f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85df8f34-68ea-47a2-8d19-e6c901aa1c04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.779363Z", + "modified": "2025-01-23T00:19:18.779363Z", + "name": "CVE-2023-37017", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a.json b/objects/vulnerability/vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a.json new file mode 100644 index 0000000000..1b29b09b8b --- /dev/null +++ b/objects/vulnerability/vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b6ebfba-1566-4686-bd72-21fb27c33da7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89269e8d-0655-4c35-a9da-9c2255f68a2a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.834284Z", + "modified": "2025-01-23T00:19:18.834284Z", + "name": "CVE-2023-37023", + "description": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47.json b/objects/vulnerability/vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47.json new file mode 100644 index 0000000000..da473ed978 --- /dev/null +++ b/objects/vulnerability/vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df64fce5-b470-40a1-bc91-ef9925039772", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9230a447-f93c-48d7-971c-4c5f73798b47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.59984Z", + "modified": "2025-01-23T00:19:14.59984Z", + "name": "CVE-2024-24429", + "description": "A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24429" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8.json b/objects/vulnerability/vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8.json new file mode 100644 index 0000000000..8cb177ca5e --- /dev/null +++ b/objects/vulnerability/vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--555c4896-f0b8-4e8e-81c5-16ebffc17d40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--981ba483-b76e-48ac-9b5a-0a205cf604c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.831797Z", + "modified": "2025-01-23T00:19:18.831797Z", + "name": "CVE-2023-37014", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02.json b/objects/vulnerability/vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02.json new file mode 100644 index 0000000000..b7f8990c26 --- /dev/null +++ b/objects/vulnerability/vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27a11416-3ca4-4dff-aea3-3167bdd272cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--992a6abb-d3b8-4456-8dbb-94fbe9377f02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.822836Z", + "modified": "2025-01-23T00:19:18.822836Z", + "name": "CVE-2023-37005", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37005" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1.json b/objects/vulnerability/vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1.json new file mode 100644 index 0000000000..033c149c4b --- /dev/null +++ b/objects/vulnerability/vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7748f8c-63b7-4075-ba7e-8c64e3612165", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a041d906-6bfc-40b6-8c96-d0b3023dc3d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.491547Z", + "modified": "2025-01-23T00:19:14.491547Z", + "name": "CVE-2024-55957", + "description": "In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55957" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3.json b/objects/vulnerability/vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3.json new file mode 100644 index 0000000000..81ab305171 --- /dev/null +++ b/objects/vulnerability/vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79e13125-a232-47d3-b8b7-5963f17758a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a885d2f2-5dd0-4424-8a9d-07deda43d3f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.170405Z", + "modified": "2025-01-23T00:19:14.170405Z", + "name": "CVE-2024-42012", + "description": "GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf.json b/objects/vulnerability/vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf.json new file mode 100644 index 0000000000..678a75107f --- /dev/null +++ b/objects/vulnerability/vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dabd0eb-6375-42b3-b02a-25f2364f124b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba1678f2-f370-4a9d-813c-ed4018a88adf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.807806Z", + "modified": "2025-01-23T00:19:18.807806Z", + "name": "CVE-2023-37015", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5.json b/objects/vulnerability/vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5.json new file mode 100644 index 0000000000..710737d40c --- /dev/null +++ b/objects/vulnerability/vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8410d2af-c3c0-455c-95a4-406ce9f7a57f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce4b6e5c-de0e-486d-bbe3-1f277a0fd4b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:23.445686Z", + "modified": "2025-01-23T00:19:23.445686Z", + "name": "CVE-2025-0625", + "description": "A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f.json b/objects/vulnerability/vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f.json new file mode 100644 index 0000000000..d77c2bb379 --- /dev/null +++ b/objects/vulnerability/vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7175fefb-7d6d-4f29-8583-57a36ad30dc5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d89a9009-b085-4fa2-9dde-4c8009a5024f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:13.799658Z", + "modified": "2025-01-23T00:19:13.799658Z", + "name": "CVE-2024-56924", + "description": "A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56924" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4.json b/objects/vulnerability/vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4.json new file mode 100644 index 0000000000..40f31b8285 --- /dev/null +++ b/objects/vulnerability/vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a7f3ee7-54cd-493f-b20d-0cbb8bd68449", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d9d003fd-e6bc-4653-bcdc-2ec3b0fc6ea4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:14.578546Z", + "modified": "2025-01-23T00:19:14.578546Z", + "name": "CVE-2024-24430", + "description": "A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24430" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa.json b/objects/vulnerability/vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa.json new file mode 100644 index 0000000000..3a52e7d281 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db29240b-a826-4907-b213-159b3e930fa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd29e8f0-c65d-496a-8195-138ff66a6dfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.847423Z", + "modified": "2025-01-23T00:19:18.847423Z", + "name": "CVE-2023-37007", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37007" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2.json b/objects/vulnerability/vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2.json new file mode 100644 index 0000000000..ca38add96d --- /dev/null +++ b/objects/vulnerability/vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c73ede0-9b55-4e32-aaf3-7c14801c42fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e031dfb5-6348-49cc-8d69-9b1db8327fc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.837716Z", + "modified": "2025-01-23T00:19:18.837716Z", + "name": "CVE-2023-37019", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c.json b/objects/vulnerability/vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c.json new file mode 100644 index 0000000000..296357497e --- /dev/null +++ b/objects/vulnerability/vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc0e0266-e3d8-4d1a-a344-f5efdd17e31e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7578fdc-01ad-48c7-bfa9-f1e34791826c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.803339Z", + "modified": "2025-01-23T00:19:18.803339Z", + "name": "CVE-2023-37012", + "description": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2.json b/objects/vulnerability/vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2.json new file mode 100644 index 0000000000..1cdbff746c --- /dev/null +++ b/objects/vulnerability/vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f764bcea-0be7-413d-be79-905768e25781", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edeb49e2-65d1-466c-a183-a4ba1d3799f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:12.652228Z", + "modified": "2025-01-23T00:19:12.652228Z", + "name": "CVE-2024-34235", + "description": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e.json b/objects/vulnerability/vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e.json new file mode 100644 index 0000000000..92be936d15 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b673a71-7042-48f0-881d-be3ce7f6ee95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee67ae95-9d70-46bb-bb2c-b43253f33f4e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.799Z", + "modified": "2025-01-23T00:19:18.799Z", + "name": "CVE-2023-37008", + "description": "Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac.json b/objects/vulnerability/vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac.json new file mode 100644 index 0000000000..c7918fec89 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dff7a04f-2a73-45f6-99b0-bfbc2a021925", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff0e8b30-de10-4e53-bbfc-ea1562bd39ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-23T00:19:18.840423Z", + "modified": "2025-01-23T00:19:18.840423Z", + "name": "CVE-2023-37777", + "description": "Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37777" + } + ] + } + ] +} \ No newline at end of file