From ec34940151b867fa33a2e104983080d11f3e1ab5 Mon Sep 17 00:00:00 2001 From: gitadvisor Date: Fri, 24 Jan 2025 15:20:15 +0000 Subject: [PATCH] generated content from 2025-01-24 --- mapping.csv | 11 ++++++++++ ...-2c88cb78-7acb-4eb8-902f-68a950e5fef0.json | 22 +++++++++++++++++++ ...-381fe63d-67e7-49f9-8c06-79f40f8e8a72.json | 22 +++++++++++++++++++ ...-65e73e70-436d-4543-8884-ca30de640ce1.json | 22 +++++++++++++++++++ ...-94c6523e-3f52-410c-9af4-edf99e7678d9.json | 22 +++++++++++++++++++ ...-97c17393-bda2-4761-993a-b979f6ced4c9.json | 22 +++++++++++++++++++ ...-bfac8151-4f07-4c5f-a56b-06bbaeee49b0.json | 22 +++++++++++++++++++ ...-bfb517fa-dc8b-41a5-a26a-00d31b1e248c.json | 22 +++++++++++++++++++ ...-c08c52aa-7e1d-4aaa-8eee-30199f4b303a.json | 22 +++++++++++++++++++ ...-dc54cbe4-cb89-47a5-956d-92e51972fe37.json | 22 +++++++++++++++++++ ...-dec3080a-5495-4e86-a519-ce6cfff6aa1a.json | 22 +++++++++++++++++++ ...-e2a789d3-0f40-47e5-b239-783bf4b9be96.json | 22 +++++++++++++++++++ 12 files changed, 253 insertions(+) create mode 100644 objects/vulnerability/vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0.json create mode 100644 objects/vulnerability/vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72.json create mode 100644 objects/vulnerability/vulnerability--65e73e70-436d-4543-8884-ca30de640ce1.json create mode 100644 objects/vulnerability/vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9.json create mode 100644 objects/vulnerability/vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9.json create mode 100644 objects/vulnerability/vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0.json create mode 100644 objects/vulnerability/vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c.json create mode 100644 objects/vulnerability/vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a.json create mode 100644 objects/vulnerability/vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37.json create mode 100644 objects/vulnerability/vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a.json create mode 100644 objects/vulnerability/vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96.json diff --git a/mapping.csv b/mapping.csv index 3140f167d6..0f20341fc2 100644 --- a/mapping.csv +++ b/mapping.csv @@ -264972,3 +264972,14 @@ vulnerability,CVE-2024-57184,vulnerability--9f2eaa89-ca9a-4d14-8138-9f91896d768f vulnerability,CVE-2024-41739,vulnerability--49e9fb2b-2a8d-456a-b8e1-2028c218c037 vulnerability,CVE-2024-11913,vulnerability--4c5c8157-5d06-487b-b499-243b22266e8e vulnerability,CVE-2022-47090,vulnerability--06b5328b-0c77-4202-828b-f78b8aa99679 +vulnerability,CVE-2024-9495,vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a +vulnerability,CVE-2024-9498,vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a +vulnerability,CVE-2024-9496,vulnerability--65e73e70-436d-4543-8884-ca30de640ce1 +vulnerability,CVE-2024-9494,vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96 +vulnerability,CVE-2024-9499,vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c +vulnerability,CVE-2024-9492,vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0 +vulnerability,CVE-2024-9491,vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0 +vulnerability,CVE-2024-9493,vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72 +vulnerability,CVE-2024-9490,vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37 +vulnerability,CVE-2024-9497,vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9 +vulnerability,CVE-2025-22605,vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9 diff --git a/objects/vulnerability/vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0.json b/objects/vulnerability/vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0.json new file mode 100644 index 0000000000..ed748b84a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6196fa4-13ac-4867-8d4a-0639b0899ff3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c88cb78-7acb-4eb8-902f-68a950e5fef0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.361728Z", + "modified": "2025-01-24T15:19:47.361728Z", + "name": "CVE-2024-9492", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72.json b/objects/vulnerability/vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72.json new file mode 100644 index 0000000000..5164c31620 --- /dev/null +++ b/objects/vulnerability/vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34926965-b6bd-4b92-910b-16633df2474f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--381fe63d-67e7-49f9-8c06-79f40f8e8a72", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.372641Z", + "modified": "2025-01-24T15:19:47.372641Z", + "name": "CVE-2024-9493", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the \n\nToolStick\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65e73e70-436d-4543-8884-ca30de640ce1.json b/objects/vulnerability/vulnerability--65e73e70-436d-4543-8884-ca30de640ce1.json new file mode 100644 index 0000000000..79b95118b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--65e73e70-436d-4543-8884-ca30de640ce1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3d6c1f5-2c77-4bc1-98bc-471acf45312d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65e73e70-436d-4543-8884-ca30de640ce1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.352087Z", + "modified": "2025-01-24T15:19:47.352087Z", + "name": "CVE-2024-9496", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9.json b/objects/vulnerability/vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9.json new file mode 100644 index 0000000000..7286818349 --- /dev/null +++ b/objects/vulnerability/vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fbe6d95-dff2-498b-9288-ff1115661753", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94c6523e-3f52-410c-9af4-edf99e7678d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.384477Z", + "modified": "2025-01-24T15:19:47.384477Z", + "name": "CVE-2024-9497", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9.json b/objects/vulnerability/vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9.json new file mode 100644 index 0000000000..70cbf7b422 --- /dev/null +++ b/objects/vulnerability/vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--276533bd-6730-43eb-9091-10e28fa7e7bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97c17393-bda2-4761-993a-b979f6ced4c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:56.508762Z", + "modified": "2025-01-24T15:19:56.508762Z", + "name": "CVE-2025-22605", + "description": "Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data and private keys or tokens of other users/teams. The ability to inject malicious commands into the Coolify container gives authenticated attackers the ability to fully retrieve and control the data and availability of the software. Centrally hosted Coolify instances (open registration and/or multiple teams with potentially untrustworthy users) are especially at risk, as sensitive data of all users and connected servers can be leaked by any user. Additionally, attackers are able to modify the running software, potentially deploying malicious images to remote nodes or generally changing its behavior. Version 4.0.0-beta.253 patches this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0.json b/objects/vulnerability/vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0.json new file mode 100644 index 0000000000..091a510c24 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edd8b09a-f18a-41c1-8aad-bb7c3d8cd731", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfac8151-4f07-4c5f-a56b-06bbaeee49b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.371319Z", + "modified": "2025-01-24T15:19:47.371319Z", + "name": "CVE-2024-9491", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c.json b/objects/vulnerability/vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c.json new file mode 100644 index 0000000000..5e39acae25 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f6c2fed-727a-4c05-a3e5-536563d1e88c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfb517fa-dc8b-41a5-a26a-00d31b1e248c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.358714Z", + "modified": "2025-01-24T15:19:47.358714Z", + "name": "CVE-2024-9499", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a.json b/objects/vulnerability/vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a.json new file mode 100644 index 0000000000..8967f6ea95 --- /dev/null +++ b/objects/vulnerability/vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96456a22-4894-4632-8a82-b8e1612591d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c08c52aa-7e1d-4aaa-8eee-30199f4b303a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.329237Z", + "modified": "2025-01-24T15:19:47.329237Z", + "name": "CVE-2024-9495", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9495" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37.json b/objects/vulnerability/vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37.json new file mode 100644 index 0000000000..40a54db358 --- /dev/null +++ b/objects/vulnerability/vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5619aa7-e083-4da9-84d7-6b1e15ed9cdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dc54cbe4-cb89-47a5-956d-92e51972fe37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.375768Z", + "modified": "2025-01-24T15:19:47.375768Z", + "name": "CVE-2024-9490", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9490" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a.json b/objects/vulnerability/vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a.json new file mode 100644 index 0000000000..5c98b5adb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6eab9208-739b-4ccb-9484-b42c877d2fcb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dec3080a-5495-4e86-a519-ce6cfff6aa1a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.34625Z", + "modified": "2025-01-24T15:19:47.34625Z", + "name": "CVE-2024-9498", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96.json b/objects/vulnerability/vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96.json new file mode 100644 index 0000000000..cf580b8e14 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b082454f-c5a7-4e7f-a74b-f99c907b6265", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2a789d3-0f40-47e5-b239-783bf4b9be96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-24T15:19:47.354164Z", + "modified": "2025-01-24T15:19:47.354164Z", + "name": "CVE-2024-9494", + "description": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the \n\n\n\nCP210 VCP Win 2k\n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9494" + } + ] + } + ] +} \ No newline at end of file