diff --git a/mapping.csv b/mapping.csv index fd8a88041c9..2afa3902946 100644 --- a/mapping.csv +++ b/mapping.csv @@ -261109,3 +261109,24 @@ vulnerability,CVE-2024-56433,vulnerability--0dc1bc78-8367-42ca-9f24-82a38adb64bc vulnerability,CVE-2024-56510,vulnerability--e5c83cbd-41a2-46e7-809b-cfbb53037278 vulnerability,CVE-2024-56361,vulnerability--81f90c45-2195-4f1b-b4c5-e0e0398a8f43 vulnerability,CVE-2023-7300,vulnerability--286a69e2-5bbe-419e-953f-f98ad0ccc879 +vulnerability,CVE-2024-39025,vulnerability--cbf13f5e-8aca-4db3-8e47-9796a9bd82dc +vulnerability,CVE-2024-50715,vulnerability--02d23e75-f276-4377-b945-63526151f95a +vulnerability,CVE-2024-50944,vulnerability--c7f9eb11-cf23-495d-9565-debe6f4b2cf9 +vulnerability,CVE-2024-50716,vulnerability--f2de1645-9733-418f-a4da-9d0413aa19e5 +vulnerability,CVE-2024-50717,vulnerability--8a20d373-da2c-4c52-8fef-eb2f537b313c +vulnerability,CVE-2024-50945,vulnerability--5222a829-3f8a-46ed-a9a7-0766bd38c00e +vulnerability,CVE-2024-50714,vulnerability--d5114684-18fa-4952-af4d-364e0090c436 +vulnerability,CVE-2024-50713,vulnerability--569d318d-e787-4846-a482-d2a98832232c +vulnerability,CVE-2024-53476,vulnerability--942401e0-8777-4877-a211-e10cb78f5b5c +vulnerability,CVE-2024-54452,vulnerability--22efc7a1-ef14-4876-a896-50df3088e291 +vulnerability,CVE-2024-54453,vulnerability--7260d540-119c-4c25-87af-2e811c44d3bf +vulnerability,CVE-2024-54774,vulnerability--af357c62-b917-45ec-a6ac-df524c15e28f +vulnerability,CVE-2024-54451,vulnerability--fbc78544-167c-46a9-8ed1-5167c8690337 +vulnerability,CVE-2024-54454,vulnerability--952e4576-94fb-4249-b1e4-84fc5bcbfaaa +vulnerability,CVE-2024-54450,vulnerability--70940eb7-964b-4b32-a248-a663c931c504 +vulnerability,CVE-2024-54775,vulnerability--8eb1f082-8ed4-44c7-a6f9-c40facca4358 +vulnerability,CVE-2024-56520,vulnerability--3566635b-9cb2-4749-95d8-81d008e85d21 +vulnerability,CVE-2024-56519,vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274 +vulnerability,CVE-2024-56521,vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd +vulnerability,CVE-2024-56522,vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db +vulnerability,CVE-2024-56527,vulnerability--e638acda-9473-4563-8980-ac80f39f1db1 diff --git a/objects/vulnerability/vulnerability--02d23e75-f276-4377-b945-63526151f95a.json b/objects/vulnerability/vulnerability--02d23e75-f276-4377-b945-63526151f95a.json new file mode 100644 index 00000000000..12ad15ea95d --- /dev/null +++ b/objects/vulnerability/vulnerability--02d23e75-f276-4377-b945-63526151f95a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40ce3506-28b2-41ee-9199-6a15b3d38899", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02d23e75-f276-4377-b945-63526151f95a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.100859Z", + "modified": "2024-12-28T00:20:58.100859Z", + "name": "CVE-2024-50715", + "description": "An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22efc7a1-ef14-4876-a896-50df3088e291.json b/objects/vulnerability/vulnerability--22efc7a1-ef14-4876-a896-50df3088e291.json new file mode 100644 index 00000000000..d859dabf04b --- /dev/null +++ b/objects/vulnerability/vulnerability--22efc7a1-ef14-4876-a896-50df3088e291.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c920c6d-ed96-4800-a0aa-115d2ad44b4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22efc7a1-ef14-4876-a896-50df3088e291", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.221847Z", + "modified": "2024-12-28T00:20:59.221847Z", + "name": "CVE-2024-54452", + "description": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54452" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3566635b-9cb2-4749-95d8-81d008e85d21.json b/objects/vulnerability/vulnerability--3566635b-9cb2-4749-95d8-81d008e85d21.json new file mode 100644 index 00000000000..d6497909e52 --- /dev/null +++ b/objects/vulnerability/vulnerability--3566635b-9cb2-4749-95d8-81d008e85d21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee3b2744-5c61-4082-90a6-9026b04a6897", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3566635b-9cb2-4749-95d8-81d008e85d21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.437627Z", + "modified": "2024-12-28T00:20:59.437627Z", + "name": "CVE-2024-56520", + "description": "An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd.json b/objects/vulnerability/vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd.json new file mode 100644 index 00000000000..8ae32bc4b96 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e869bc8-7dfa-4ad3-8aee-3dd49d147318", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.453539Z", + "modified": "2024-12-28T00:20:59.453539Z", + "name": "CVE-2024-56521", + "description": "An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56521" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5222a829-3f8a-46ed-a9a7-0766bd38c00e.json b/objects/vulnerability/vulnerability--5222a829-3f8a-46ed-a9a7-0766bd38c00e.json new file mode 100644 index 00000000000..0635940840e --- /dev/null +++ b/objects/vulnerability/vulnerability--5222a829-3f8a-46ed-a9a7-0766bd38c00e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--016ccf9e-fd33-4ced-8f3f-3229d325b898", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5222a829-3f8a-46ed-a9a7-0766bd38c00e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.143544Z", + "modified": "2024-12-28T00:20:58.143544Z", + "name": "CVE-2024-50945", + "description": "An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50945" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--569d318d-e787-4846-a482-d2a98832232c.json b/objects/vulnerability/vulnerability--569d318d-e787-4846-a482-d2a98832232c.json new file mode 100644 index 00000000000..4af78497a44 --- /dev/null +++ b/objects/vulnerability/vulnerability--569d318d-e787-4846-a482-d2a98832232c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac0be2d2-c7e3-4c34-a4e2-2ac88e8d4904", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--569d318d-e787-4846-a482-d2a98832232c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.158872Z", + "modified": "2024-12-28T00:20:58.158872Z", + "name": "CVE-2024-50713", + "description": "SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50713" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70940eb7-964b-4b32-a248-a663c931c504.json b/objects/vulnerability/vulnerability--70940eb7-964b-4b32-a248-a663c931c504.json new file mode 100644 index 00000000000..1e1b80597ff --- /dev/null +++ b/objects/vulnerability/vulnerability--70940eb7-964b-4b32-a248-a663c931c504.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1262060-8fb0-4ccc-87f3-e694e258ec4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70940eb7-964b-4b32-a248-a663c931c504", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.269682Z", + "modified": "2024-12-28T00:20:59.269682Z", + "name": "CVE-2024-54450", + "description": "An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7260d540-119c-4c25-87af-2e811c44d3bf.json b/objects/vulnerability/vulnerability--7260d540-119c-4c25-87af-2e811c44d3bf.json new file mode 100644 index 00000000000..e7f40b5d7e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7260d540-119c-4c25-87af-2e811c44d3bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a22f5f62-132f-434a-b9ff-edfe6ff9f70b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7260d540-119c-4c25-87af-2e811c44d3bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.224904Z", + "modified": "2024-12-28T00:20:59.224904Z", + "name": "CVE-2024-54453", + "description": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54453" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db.json b/objects/vulnerability/vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db.json new file mode 100644 index 00000000000..f9d87f16c41 --- /dev/null +++ b/objects/vulnerability/vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--635ed322-1238-477e-ab9f-b2ccbbd9b850", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.459582Z", + "modified": "2024-12-28T00:20:59.459582Z", + "name": "CVE-2024-56522", + "description": "An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a20d373-da2c-4c52-8fef-eb2f537b313c.json b/objects/vulnerability/vulnerability--8a20d373-da2c-4c52-8fef-eb2f537b313c.json new file mode 100644 index 00000000000..106d00c113b --- /dev/null +++ b/objects/vulnerability/vulnerability--8a20d373-da2c-4c52-8fef-eb2f537b313c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05c130cf-7cfa-4c0e-8042-fbb63f36670f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a20d373-da2c-4c52-8fef-eb2f537b313c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.13329Z", + "modified": "2024-12-28T00:20:58.13329Z", + "name": "CVE-2024-50717", + "description": "SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50717" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8eb1f082-8ed4-44c7-a6f9-c40facca4358.json b/objects/vulnerability/vulnerability--8eb1f082-8ed4-44c7-a6f9-c40facca4358.json new file mode 100644 index 00000000000..77712b07ed9 --- /dev/null +++ b/objects/vulnerability/vulnerability--8eb1f082-8ed4-44c7-a6f9-c40facca4358.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b47557f5-ac97-45cc-a732-5b13ef7337f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8eb1f082-8ed4-44c7-a6f9-c40facca4358", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.275285Z", + "modified": "2024-12-28T00:20:59.275285Z", + "name": "CVE-2024-54775", + "description": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54775" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--942401e0-8777-4877-a211-e10cb78f5b5c.json b/objects/vulnerability/vulnerability--942401e0-8777-4877-a211-e10cb78f5b5c.json new file mode 100644 index 00000000000..b5ae7bb8692 --- /dev/null +++ b/objects/vulnerability/vulnerability--942401e0-8777-4877-a211-e10cb78f5b5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2767d344-b82f-4823-805f-f8f513c10a91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--942401e0-8777-4877-a211-e10cb78f5b5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.617791Z", + "modified": "2024-12-28T00:20:58.617791Z", + "name": "CVE-2024-53476", + "description": "A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--952e4576-94fb-4249-b1e4-84fc5bcbfaaa.json b/objects/vulnerability/vulnerability--952e4576-94fb-4249-b1e4-84fc5bcbfaaa.json new file mode 100644 index 00000000000..a516a456592 --- /dev/null +++ b/objects/vulnerability/vulnerability--952e4576-94fb-4249-b1e4-84fc5bcbfaaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--260fc003-fc12-4bb7-9c1b-a72f4eff5bdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--952e4576-94fb-4249-b1e4-84fc5bcbfaaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.245745Z", + "modified": "2024-12-28T00:20:59.245745Z", + "name": "CVE-2024-54454", + "description": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af357c62-b917-45ec-a6ac-df524c15e28f.json b/objects/vulnerability/vulnerability--af357c62-b917-45ec-a6ac-df524c15e28f.json new file mode 100644 index 00000000000..41800a60427 --- /dev/null +++ b/objects/vulnerability/vulnerability--af357c62-b917-45ec-a6ac-df524c15e28f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69cbacc0-b715-4a55-a6ec-ee1d333db656", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af357c62-b917-45ec-a6ac-df524c15e28f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.228816Z", + "modified": "2024-12-28T00:20:59.228816Z", + "name": "CVE-2024-54774", + "description": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274.json b/objects/vulnerability/vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274.json new file mode 100644 index 00000000000..9781ea6012e --- /dev/null +++ b/objects/vulnerability/vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c3eabe3-4241-4ed0-89f2-49e11847de42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.443925Z", + "modified": "2024-12-28T00:20:59.443925Z", + "name": "CVE-2024-56519", + "description": "An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7f9eb11-cf23-495d-9565-debe6f4b2cf9.json b/objects/vulnerability/vulnerability--c7f9eb11-cf23-495d-9565-debe6f4b2cf9.json new file mode 100644 index 00000000000..282b948ed6e --- /dev/null +++ b/objects/vulnerability/vulnerability--c7f9eb11-cf23-495d-9565-debe6f4b2cf9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--027cbe66-f983-4ebb-af4f-fdfb5223ff98", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7f9eb11-cf23-495d-9565-debe6f4b2cf9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.104924Z", + "modified": "2024-12-28T00:20:58.104924Z", + "name": "CVE-2024-50944", + "description": "Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50944" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbf13f5e-8aca-4db3-8e47-9796a9bd82dc.json b/objects/vulnerability/vulnerability--cbf13f5e-8aca-4db3-8e47-9796a9bd82dc.json new file mode 100644 index 00000000000..024caa5310f --- /dev/null +++ b/objects/vulnerability/vulnerability--cbf13f5e-8aca-4db3-8e47-9796a9bd82dc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d46b373-3d85-437c-82b4-23b702ea8305", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbf13f5e-8aca-4db3-8e47-9796a9bd82dc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:57.987275Z", + "modified": "2024-12-28T00:20:57.987275Z", + "name": "CVE-2024-39025", + "description": "Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5114684-18fa-4952-af4d-364e0090c436.json b/objects/vulnerability/vulnerability--d5114684-18fa-4952-af4d-364e0090c436.json new file mode 100644 index 00000000000..fb3debd96db --- /dev/null +++ b/objects/vulnerability/vulnerability--d5114684-18fa-4952-af4d-364e0090c436.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08ccfa00-8d83-434b-836c-eec2ba381b56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5114684-18fa-4952-af4d-364e0090c436", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.156814Z", + "modified": "2024-12-28T00:20:58.156814Z", + "name": "CVE-2024-50714", + "description": "A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50714" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e638acda-9473-4563-8980-ac80f39f1db1.json b/objects/vulnerability/vulnerability--e638acda-9473-4563-8980-ac80f39f1db1.json new file mode 100644 index 00000000000..9c318807135 --- /dev/null +++ b/objects/vulnerability/vulnerability--e638acda-9473-4563-8980-ac80f39f1db1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cadb7eca-f44f-466e-ae2b-f265eddde331", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e638acda-9473-4563-8980-ac80f39f1db1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.46087Z", + "modified": "2024-12-28T00:20:59.46087Z", + "name": "CVE-2024-56527", + "description": "An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2de1645-9733-418f-a4da-9d0413aa19e5.json b/objects/vulnerability/vulnerability--f2de1645-9733-418f-a4da-9d0413aa19e5.json new file mode 100644 index 00000000000..d7467b8ac40 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2de1645-9733-418f-a4da-9d0413aa19e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11b80fa9-6149-4d21-9255-782a558d0225", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2de1645-9733-418f-a4da-9d0413aa19e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:58.118131Z", + "modified": "2024-12-28T00:20:58.118131Z", + "name": "CVE-2024-50716", + "description": "SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50716" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbc78544-167c-46a9-8ed1-5167c8690337.json b/objects/vulnerability/vulnerability--fbc78544-167c-46a9-8ed1-5167c8690337.json new file mode 100644 index 00000000000..453342968fd --- /dev/null +++ b/objects/vulnerability/vulnerability--fbc78544-167c-46a9-8ed1-5167c8690337.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20c692f6-2e87-4a12-a2f1-5b6f4cab1c44", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbc78544-167c-46a9-8ed1-5167c8690337", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-28T00:20:59.235305Z", + "modified": "2024-12-28T00:20:59.235305Z", + "name": "CVE-2024-54451", + "description": "A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54451" + } + ] + } + ] +} \ No newline at end of file