From 922febd939a0500c5977ad7db8332ca3053d4f6b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 2 Jan 2024 00:28:15 +0000 Subject: [PATCH] generated content from 2024-01-02 --- mapping.csv | 16 ++++++++++++++ ...-0399c8e0-9bf2-454c-a9f5-7ae98d2d6966.json | 22 +++++++++++++++++++ ...-347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4.json | 22 +++++++++++++++++++ ...-4b1c250c-c684-4d84-b850-39a67f6829f9.json | 22 +++++++++++++++++++ ...-52af5a7b-c0c1-473b-b967-f708979efea9.json | 22 +++++++++++++++++++ ...-7505e020-1a55-46a4-a3bf-a8744b660247.json | 22 +++++++++++++++++++ ...-767bf693-43cd-4137-a870-f3628350a33e.json | 22 +++++++++++++++++++ ...-9654131f-bf89-423f-8042-ad734e4ff8ae.json | 22 +++++++++++++++++++ ...-b301bfee-eb18-47b3-ab38-9943aa6f6661.json | 22 +++++++++++++++++++ ...-b3270328-9339-4ebe-8c40-5d788896e18b.json | 22 +++++++++++++++++++ ...-c1000f6b-65df-4bc1-a3b4-2563f32cecae.json | 22 +++++++++++++++++++ ...-cc4bd09f-32b0-4464-9067-f6b03daa53ac.json | 22 +++++++++++++++++++ ...-d6d6121b-8d48-4625-baf1-abe7e26959f0.json | 22 +++++++++++++++++++ ...-d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4.json | 22 +++++++++++++++++++ ...-eca789c9-2c58-40f7-a5b4-4bdfba574684.json | 22 +++++++++++++++++++ ...-f48321db-73e4-435a-b3a1-83d86a17084e.json | 22 +++++++++++++++++++ ...-fedb960e-ebfa-4e5c-8ce3-f3dde41557f9.json | 22 +++++++++++++++++++ 17 files changed, 368 insertions(+) create mode 100644 objects/vulnerability/vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966.json create mode 100644 objects/vulnerability/vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4.json create mode 100644 objects/vulnerability/vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9.json create mode 100644 objects/vulnerability/vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9.json create mode 100644 objects/vulnerability/vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247.json create mode 100644 objects/vulnerability/vulnerability--767bf693-43cd-4137-a870-f3628350a33e.json create mode 100644 objects/vulnerability/vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae.json create mode 100644 objects/vulnerability/vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661.json create mode 100644 objects/vulnerability/vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b.json create mode 100644 objects/vulnerability/vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae.json create mode 100644 objects/vulnerability/vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac.json create mode 100644 objects/vulnerability/vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0.json create mode 100644 objects/vulnerability/vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4.json create mode 100644 objects/vulnerability/vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684.json create mode 100644 objects/vulnerability/vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e.json create mode 100644 objects/vulnerability/vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9.json diff --git a/mapping.csv b/mapping.csv index 50f7c4b0661..2b749806414 100644 --- a/mapping.csv +++ b/mapping.csv @@ -221556,3 +221556,19 @@ vulnerability,CVE-2023-51423,vulnerability--df52c08b-8dd0-414d-97e2-c241d4286a47 vulnerability,CVE-2023-51547,vulnerability--7b8cbffb-3d8e-41eb-ba44-a297b75fe951 vulnerability,CVE-2023-6094,vulnerability--12ed166d-5837-437a-92d5-9eb35014176a vulnerability,CVE-2023-6093,vulnerability--d2d14a1d-e606-4674-8693-077ab7a1d42f +vulnerability,CVE-2023-5877,vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661 +vulnerability,CVE-2023-50094,vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9 +vulnerability,CVE-2023-50096,vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684 +vulnerability,CVE-2023-6113,vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e +vulnerability,CVE-2023-6064,vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9 +vulnerability,CVE-2023-6037,vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae +vulnerability,CVE-2023-6271,vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9 +vulnerability,CVE-2023-6485,vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247 +vulnerability,CVE-2023-6421,vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae +vulnerability,CVE-2023-6000,vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b +vulnerability,CVE-2024-21732,vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966 +vulnerability,CVE-2024-0184,vulnerability--767bf693-43cd-4137-a870-f3628350a33e +vulnerability,CVE-2024-0185,vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4 +vulnerability,CVE-2024-0182,vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0 +vulnerability,CVE-2024-0183,vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4 +vulnerability,CVE-2024-0181,vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac diff --git a/objects/vulnerability/vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966.json b/objects/vulnerability/vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966.json new file mode 100644 index 00000000000..dece47443e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79145f50-0456-4765-95e1-968868a896f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0399c8e0-9bf2-454c-a9f5-7ae98d2d6966", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.451693Z", + "modified": "2024-01-02T00:28:00.451693Z", + "name": "CVE-2024-21732", + "description": "FlyCms through abbaa5a allows XSS via the permission management feature.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21732" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4.json b/objects/vulnerability/vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4.json new file mode 100644 index 00000000000..33c39aad891 --- /dev/null +++ b/objects/vulnerability/vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5268591-fba5-4c69-a873-676e696bcdcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--347b9cc9-e27d-4345-b3a4-b2d6cad9e4f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.686358Z", + "modified": "2024-01-02T00:28:00.686358Z", + "name": "CVE-2024-0185", + "description": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0185" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9.json b/objects/vulnerability/vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9.json new file mode 100644 index 00000000000..acd5ed2de67 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7eee40e3-5109-47fb-80d6-dc8f3481cae1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b1c250c-c684-4d84-b850-39a67f6829f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.411529Z", + "modified": "2024-01-02T00:27:52.411529Z", + "name": "CVE-2023-50094", + "description": "reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9.json b/objects/vulnerability/vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9.json new file mode 100644 index 00000000000..e1ade98cca1 --- /dev/null +++ b/objects/vulnerability/vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--81de9bd6-90a1-4914-afc2-ba7e39f09bc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52af5a7b-c0c1-473b-b967-f708979efea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.636585Z", + "modified": "2024-01-02T00:27:52.636585Z", + "name": "CVE-2023-6271", + "description": "The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6271" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247.json b/objects/vulnerability/vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247.json new file mode 100644 index 00000000000..ca99b34160c --- /dev/null +++ b/objects/vulnerability/vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd64f007-3aa8-41ce-9648-b73453cc7330", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7505e020-1a55-46a4-a3bf-a8744b660247", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.641148Z", + "modified": "2024-01-02T00:27:52.641148Z", + "name": "CVE-2023-6485", + "description": "The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--767bf693-43cd-4137-a870-f3628350a33e.json b/objects/vulnerability/vulnerability--767bf693-43cd-4137-a870-f3628350a33e.json new file mode 100644 index 00000000000..c1793188221 --- /dev/null +++ b/objects/vulnerability/vulnerability--767bf693-43cd-4137-a870-f3628350a33e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecbeb802-a0be-4089-955a-d543d385090e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--767bf693-43cd-4137-a870-f3628350a33e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.675112Z", + "modified": "2024-01-02T00:28:00.675112Z", + "name": "CVE-2024-0184", + "description": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0184" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae.json b/objects/vulnerability/vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae.json new file mode 100644 index 00000000000..17f3b40ddae --- /dev/null +++ b/objects/vulnerability/vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdab9818-8ccc-42ba-8c33-add132356719", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9654131f-bf89-423f-8042-ad734e4ff8ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.651975Z", + "modified": "2024-01-02T00:27:52.651975Z", + "name": "CVE-2023-6421", + "description": "The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6421" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661.json b/objects/vulnerability/vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661.json new file mode 100644 index 00000000000..b59da6d14bd --- /dev/null +++ b/objects/vulnerability/vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2844c973-57bb-44f1-9cc0-d3deaf85b3b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b301bfee-eb18-47b3-ab38-9943aa6f6661", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:50.532739Z", + "modified": "2024-01-02T00:27:50.532739Z", + "name": "CVE-2023-5877", + "description": "The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-5877" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b.json b/objects/vulnerability/vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b.json new file mode 100644 index 00000000000..1c4f73e34d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8002c49b-8576-46c7-82a7-67f074b86f19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3270328-9339-4ebe-8c40-5d788896e18b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.659351Z", + "modified": "2024-01-02T00:27:52.659351Z", + "name": "CVE-2023-6000", + "description": "The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6000" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae.json b/objects/vulnerability/vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae.json new file mode 100644 index 00000000000..ce4f4170721 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b9939c3-0582-40bb-a747-857ea104e4fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1000f6b-65df-4bc1-a3b4-2563f32cecae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.632808Z", + "modified": "2024-01-02T00:27:52.632808Z", + "name": "CVE-2023-6037", + "description": "The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6037" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac.json b/objects/vulnerability/vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac.json new file mode 100644 index 00000000000..1c4bafc56a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd8db137-9f12-4f71-9d62-cfef8c13c2e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc4bd09f-32b0-4464-9067-f6b03daa53ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.691278Z", + "modified": "2024-01-02T00:28:00.691278Z", + "name": "CVE-2024-0181", + "description": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0.json b/objects/vulnerability/vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0.json new file mode 100644 index 00000000000..1316260c0da --- /dev/null +++ b/objects/vulnerability/vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c3599ab-dae6-43a4-a74b-592ea7c045fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6d6121b-8d48-4625-baf1-abe7e26959f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.688197Z", + "modified": "2024-01-02T00:28:00.688197Z", + "name": "CVE-2024-0182", + "description": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4.json b/objects/vulnerability/vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4.json new file mode 100644 index 00000000000..d7638d6f275 --- /dev/null +++ b/objects/vulnerability/vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c18b53a1-ea21-4bb9-a69e-01af4bfbbbb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7ff3193-ec2a-4bd0-81a4-a22e7186c3d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:28:00.690017Z", + "modified": "2024-01-02T00:28:00.690017Z", + "name": "CVE-2024-0183", + "description": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-0183" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684.json b/objects/vulnerability/vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684.json new file mode 100644 index 00000000000..2eaa5c5d410 --- /dev/null +++ b/objects/vulnerability/vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0601de7e-f5ae-41a0-bd52-a36751b4d94c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eca789c9-2c58-40f7-a5b4-4bdfba574684", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.446375Z", + "modified": "2024-01-02T00:27:52.446375Z", + "name": "CVE-2023-50096", + "description": "STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-50096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e.json b/objects/vulnerability/vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e.json new file mode 100644 index 00000000000..e2f5ab74a90 --- /dev/null +++ b/objects/vulnerability/vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--357f6e87-4dd8-4a3c-991e-fe7ddb1a6f5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f48321db-73e4-435a-b3a1-83d86a17084e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.533817Z", + "modified": "2024-01-02T00:27:52.533817Z", + "name": "CVE-2023-6113", + "description": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9.json b/objects/vulnerability/vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9.json new file mode 100644 index 00000000000..ddd70d2bb1f --- /dev/null +++ b/objects/vulnerability/vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d55af50-7ff4-461c-8112-bd42fdd7e3e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fedb960e-ebfa-4e5c-8ce3-f3dde41557f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-01-02T00:27:52.621424Z", + "modified": "2024-01-02T00:27:52.621424Z", + "name": "CVE-2023-6064", + "description": "The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-6064" + } + ] + } + ] +} \ No newline at end of file