-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f3c32d8
commit a61341e
Showing
90 changed files
with
2,047 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--00d5f9e5-6c37-4413-8915-c4eb24af2a7b.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--fea209fb-17e2-4c94-a43a-5fa7adfe1a61", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--00d5f9e5-6c37-4413-8915-c4eb24af2a7b", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.036075Z", | ||
| "modified": "2024-10-05T00:20:13.036075Z", | ||
| "name": "CVE-2024-9410", | ||
| "description": "Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9410" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--03f7f64b-db23-4fd5-9eee-6376063a4b5e.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--876183e1-c0a5-423c-814b-2dcd8c1f169d", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--03f7f64b-db23-4fd5-9eee-6376063a4b5e", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:14.203069Z", | ||
| "modified": "2024-10-05T00:20:14.203069Z", | ||
| "name": "CVE-2024-37869", | ||
| "description": "File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the \"poster.php\" file, and the uploaded file was received using the \"$- FILES\" variable", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-37869" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--0a67d47a-4e56-4dd7-9595-c99cc3e31d24.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--68e28029-e641-4958-ade9-ade607418afd", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--0a67d47a-4e56-4dd7-9595-c99cc3e31d24", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:12.474618Z", | ||
| "modified": "2024-10-05T00:20:12.474618Z", | ||
| "name": "CVE-2024-43684", | ||
| "description": "Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-43684" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--1221adbc-1c1a-4025-b554-8e9af193e8f2.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--fe57a3ce-de76-4c05-ad44-5a6fc843f03c", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--1221adbc-1c1a-4025-b554-8e9af193e8f2", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.081216Z", | ||
| "modified": "2024-10-05T00:20:13.081216Z", | ||
| "name": "CVE-2024-9445", | ||
| "description": "The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9445" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--156c920d-1fd3-432e-a709-65ba2c4da3b5.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--cc40d200-661f-4d5e-94b2-b995e4a5562e", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--156c920d-1fd3-432e-a709-65ba2c4da3b5", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.617301Z", | ||
| "modified": "2024-10-05T00:20:13.617301Z", | ||
| "name": "CVE-2024-25707", | ||
| "description": "There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-25707" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--16f2bbf5-a6ea-4953-bc64-626f41f5dbe0.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--5752d11c-a7e2-4244-af16-196683d386e3", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--16f2bbf5-a6ea-4953-bc64-626f41f5dbe0", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.118821Z", | ||
| "modified": "2024-10-05T00:20:13.118821Z", | ||
| "name": "CVE-2024-8519", | ||
| "description": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-8519" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--17b10849-6471-4bdc-a848-56cd1933d632.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--e74ef317-19f0-43fb-bb92-372c66004672", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--17b10849-6471-4bdc-a848-56cd1933d632", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.041592Z", | ||
| "modified": "2024-10-05T00:20:13.041592Z", | ||
| "name": "CVE-2024-9421", | ||
| "description": "The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9421" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--187089bb-916e-4578-81ae-78f3b6d6e064.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--d7c07fdb-34cc-4f51-8618-7aa07a6f4fca", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--187089bb-916e-4578-81ae-78f3b6d6e064", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:12.460008Z", | ||
| "modified": "2024-10-05T00:20:12.460008Z", | ||
| "name": "CVE-2024-43687", | ||
| "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-43687" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--18773681-f227-409c-a324-64724ec545de.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--5dd5f762-910c-4f1a-b8e4-a03999569c51", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--18773681-f227-409c-a324-64724ec545de", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:14.308284Z", | ||
| "modified": "2024-10-05T00:20:14.308284Z", | ||
| "name": "CVE-2024-47790", | ||
| "description": "** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-47790" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--1b18155f-acd6-4b94-9f58-077dcf1ba21d.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--3f63ded2-f0de-46d1-9bcf-d5bfc19a6c4f", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--1b18155f-acd6-4b94-9f58-077dcf1ba21d", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.078257Z", | ||
| "modified": "2024-10-05T00:20:13.078257Z", | ||
| "name": "CVE-2024-9375", | ||
| "description": "The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9375" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--1e7e876a-9949-4ad0-a207-872185809770.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--42ce63ab-f1c8-43c4-baef-2f5b86b93db7", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--1e7e876a-9949-4ad0-a207-872185809770", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-10-05T00:20:13.055782Z", | ||
| "modified": "2024-10-05T00:20:13.055782Z", | ||
| "name": "CVE-2024-9306", | ||
| "description": "The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9306" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.