From b87782eb00489b95af37d33e6ed0664b4c3f3369 Mon Sep 17 00:00:00 2001 From: gitadvisor Date: Tue, 14 Jan 2025 15:20:24 +0000 Subject: [PATCH] generated content from 2025-01-14 --- mapping.csv | 109 ++++++++++++++++++ ...-00c0daf5-2985-4993-9ebe-2aaff0e9521b.json | 22 ++++ ...-01879d11-aa87-4a1f-96cf-23f5d3c18df3.json | 22 ++++ ...-0387bce3-bf7c-4ceb-9eb0-6875816206ba.json | 22 ++++ ...-04013cb6-4f6a-41b8-bb27-802e3eb6910f.json | 22 ++++ ...-053b1846-f83e-4846-803d-64923b8648ab.json | 22 ++++ ...-073ca2a5-aac0-4673-8e0d-122fe4ac294b.json | 22 ++++ ...-0945c435-7fe9-466b-b1c3-15f98c65d2a5.json | 22 ++++ ...-09f5dab4-e182-4335-be7d-9345fda95a59.json | 22 ++++ ...-0c4c510d-05db-452b-bf8e-3355d0e50c98.json | 22 ++++ ...-0df60211-c2c6-40b4-9b8a-ad90d12d6c4b.json | 22 ++++ ...-0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18.json | 22 ++++ ...-110330a9-83ea-4ee9-a9eb-50211dc89f43.json | 22 ++++ ...-11e49fca-df96-4443-b2b1-e5388d089f87.json | 22 ++++ ...-14bc42ea-9858-47f1-bcb7-018fe2eefa27.json | 22 ++++ ...-17375adf-a92a-44ca-97da-31fad7d7f4e0.json | 22 ++++ ...-17fd60de-8e28-4216-bc1d-fb9648000925.json | 22 ++++ ...-19b24a21-04ac-4f41-b9e3-dc4848e55232.json | 22 ++++ ...-1b25999a-5402-40fe-8154-9a9922070978.json | 22 ++++ ...-1b8fd896-9087-4ccc-8d41-847bbe35da57.json | 22 ++++ ...-1bb5ec30-a064-4945-af82-6905c83c7ec6.json | 22 ++++ ...-1f2833f5-752a-45cb-9545-93a005c0104e.json | 22 ++++ ...-1f438ea6-597f-411d-a05e-7e9053f27cec.json | 22 ++++ ...-1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89.json | 22 ++++ ...-31f64418-1434-4e74-bad4-6ca12a4cf691.json | 22 ++++ ...-32da4cdc-934a-4e9b-887c-4344f2cc5b32.json | 22 ++++ ...-33619078-358d-4f1e-b0d9-9bdc04e4a418.json | 22 ++++ ...-394dbb74-6130-484f-80b5-0ecbb03bfe9f.json | 22 ++++ ...-3d3dfae1-a3ab-49a1-8879-e797699b95b5.json | 22 ++++ ...-4159db04-55e4-4d51-808a-7a7ca94fa230.json | 22 ++++ ...-417173d3-396d-4394-b626-4d18800ca2a8.json | 22 ++++ ...-41f22b5e-8cb2-459f-8d9b-00de7d24f463.json | 22 ++++ ...-44afb7e1-5e6e-474a-bc9b-cf15a5780284.json | 22 ++++ ...-47409718-854c-435e-b23a-e3d5fd383de5.json | 22 ++++ ...-49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469.json | 22 ++++ ...-4af8ec29-efbd-4eb3-aa5b-9010c8f12f96.json | 22 ++++ ...-4bdf5d89-045d-4d15-b6f7-e60af960b206.json | 22 ++++ ...-506933be-d7e0-497c-b29d-8f78a4581428.json | 22 ++++ ...-50c93691-f216-4506-af24-8eeca3152a53.json | 22 ++++ ...-58ccc962-3cb2-44bf-964a-f3b15791b294.json | 22 ++++ ...-5c753068-3ce6-4df2-b2c5-e35e01655db4.json | 22 ++++ ...-5f274eb3-eadd-42f1-aeeb-ad43fff3217f.json | 22 ++++ ...-61539f22-8196-44b1-87bb-a6fd51af951c.json | 22 ++++ ...-61f9082f-338c-4d57-8aef-d1f3a237fea9.json | 22 ++++ ...-63d65f27-4619-4b58-b170-1475eb7f79c1.json | 22 ++++ ...-6551d2f8-cef5-42c8-91e4-bf18a92b3497.json | 22 ++++ ...-69924207-d453-4508-82c9-4d8e682ffa49.json | 22 ++++ ...-69dfeb85-1999-436b-a9eb-7da737a4ca52.json | 22 ++++ ...-6a84791a-b966-44d5-b129-a72f258a8bf2.json | 22 ++++ ...-6d909d37-aeea-4be6-8002-b55d48ac1926.json | 22 ++++ ...-6d937bce-d974-4bd1-93b5-dbcf416db509.json | 22 ++++ ...-7083bb46-c1d0-4cb3-8aed-b9ee67cd314f.json | 22 ++++ ...-738f7b62-0d57-45ca-88d8-5a244a43591f.json | 22 ++++ ...-741e3439-dc55-46ae-b1f8-1c002b18c731.json | 22 ++++ ...-74af3eab-5a7c-49c7-a682-161bac0d0026.json | 22 ++++ ...-7adbc0da-2a9d-4656-b598-d6539d1b50b9.json | 22 ++++ ...-800586d5-fa23-4cf7-8db0-6b87995deeff.json | 22 ++++ ...-8184a410-3d54-4db3-8890-b4738c1f0e5b.json | 22 ++++ ...-829226de-4fa3-4983-a151-444974ecd2b6.json | 22 ++++ ...-8506902b-bb2f-45f5-b116-9f6fbf344ea5.json | 22 ++++ ...-8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28.json | 22 ++++ ...-87762d9a-c24c-4210-b4c9-bcf268c85ba2.json | 22 ++++ ...-89c45123-c1e6-4e3d-a55c-c994ee1ccf07.json | 22 ++++ ...-8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e.json | 22 ++++ ...-8c78b103-7d9f-4d2f-90bc-a754c7ac9d23.json | 22 ++++ ...-911fd3e2-17f6-4b4f-b190-59d22117b64c.json | 22 ++++ ...-9240fe36-0078-4747-8873-9d9d3a4909c2.json | 22 ++++ ...-94740c97-ba32-400d-bc25-1a112f1d4f2d.json | 22 ++++ ...-9b4824f6-dfdd-4f39-9be3-086cdda224ed.json | 22 ++++ ...-a26fa63d-a74a-4151-84f7-e031a1211c15.json | 22 ++++ ...-a6849fd4-24ce-4f35-beb4-c5d6aac85118.json | 22 ++++ ...-a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a.json | 22 ++++ ...-a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0.json | 22 ++++ ...-a9cd0b60-25c3-4c3e-9146-203c5d36c4a1.json | 22 ++++ ...-aa874a49-9ace-4f05-ad69-fa8b16d3b296.json | 22 ++++ ...-abad2219-303c-4823-8ff2-66c8532a77d2.json | 22 ++++ ...-aeff20c0-f580-4a77-b3ce-434fc195b855.json | 22 ++++ ...-afdbcd1e-922c-4a22-bea4-88c9a966886f.json | 22 ++++ ...-b1c8d9cc-b796-45f6-bb66-488d146d66ca.json | 22 ++++ ...-b33e0302-562d-4227-9c32-623b9fd234ba.json | 22 ++++ ...-b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e.json | 22 ++++ ...-bc62b05a-f8e2-4e0f-adfd-7e2842e86e82.json | 22 ++++ ...-bcc0f955-c96a-46a9-ae48-c265d3b305f3.json | 22 ++++ ...-bfeffc0b-bc9c-4618-b6aa-32e9c495270a.json | 22 ++++ ...-c0daa1b2-db2d-48bf-b52d-aa884ad10c11.json | 22 ++++ ...-c257b1d6-af02-49dd-a1c4-c0d09455dc7c.json | 22 ++++ ...-cd21baec-1693-492d-8820-bf24f1a10b4a.json | 22 ++++ ...-ce500fc1-bee1-44f2-ab4a-c950825bdcfc.json | 22 ++++ ...-cf83d36b-bb78-4d00-8c49-91aee9cef621.json | 22 ++++ ...-cfc7ee6a-aea1-432d-b83f-9f598fd70f6c.json | 22 ++++ ...-d74df392-a475-426f-9194-d0d4f0ebd6db.json | 22 ++++ ...-d976fdb0-40fd-4b89-9027-772c7cc2372e.json | 22 ++++ ...-de07e1f3-f7a3-4c71-b773-042f3bab8498.json | 22 ++++ ...-df17fc6d-62fd-48fe-991c-a8ac8da0a6f7.json | 22 ++++ ...-dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2.json | 22 ++++ ...-e2011bce-3439-4e25-91fe-05a1885b8b56.json | 22 ++++ ...-e581d2a4-452e-4d59-bfe6-b3c931ff858d.json | 22 ++++ ...-e62abfe2-0689-41b1-9c86-7736dc838179.json | 22 ++++ ...-e9474c36-07ce-42fe-b1d0-031e09b57e21.json | 22 ++++ ...-eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2.json | 22 ++++ ...-ed0c1998-31ca-470e-a235-e7e32b51092d.json | 22 ++++ ...-ed4b4180-53d2-4d92-a054-53d4c3e8b155.json | 22 ++++ ...-edc62c58-856b-4413-95ac-cba70a1c9c06.json | 22 ++++ ...-f1ea3af0-1db5-4fc3-8711-57fe84ff60b4.json | 22 ++++ ...-f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1.json | 22 ++++ ...-f35ec441-1c2d-46a9-a93f-281a60217113.json | 22 ++++ ...-f576f870-8eac-4980-9eea-4a79d0fc44a9.json | 22 ++++ ...-f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7.json | 22 ++++ ...-f8778ad5-c214-4e1c-87d9-b6c98c35cac4.json | 22 ++++ ...-f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56.json | 22 ++++ 110 files changed, 2507 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b.json create mode 100644 objects/vulnerability/vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3.json create mode 100644 objects/vulnerability/vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba.json create mode 100644 objects/vulnerability/vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f.json create mode 100644 objects/vulnerability/vulnerability--053b1846-f83e-4846-803d-64923b8648ab.json create mode 100644 objects/vulnerability/vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b.json create mode 100644 objects/vulnerability/vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5.json create mode 100644 objects/vulnerability/vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59.json create mode 100644 objects/vulnerability/vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98.json create mode 100644 objects/vulnerability/vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b.json create mode 100644 objects/vulnerability/vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18.json create mode 100644 objects/vulnerability/vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43.json create mode 100644 objects/vulnerability/vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87.json create mode 100644 objects/vulnerability/vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27.json create mode 100644 objects/vulnerability/vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0.json create mode 100644 objects/vulnerability/vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925.json create mode 100644 objects/vulnerability/vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232.json create mode 100644 objects/vulnerability/vulnerability--1b25999a-5402-40fe-8154-9a9922070978.json create mode 100644 objects/vulnerability/vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57.json create mode 100644 objects/vulnerability/vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6.json create mode 100644 objects/vulnerability/vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e.json create mode 100644 objects/vulnerability/vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec.json create mode 100644 objects/vulnerability/vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89.json create mode 100644 objects/vulnerability/vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691.json create mode 100644 objects/vulnerability/vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32.json create mode 100644 objects/vulnerability/vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418.json create mode 100644 objects/vulnerability/vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f.json create mode 100644 objects/vulnerability/vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5.json create mode 100644 objects/vulnerability/vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230.json create mode 100644 objects/vulnerability/vulnerability--417173d3-396d-4394-b626-4d18800ca2a8.json create mode 100644 objects/vulnerability/vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463.json create mode 100644 objects/vulnerability/vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284.json create mode 100644 objects/vulnerability/vulnerability--47409718-854c-435e-b23a-e3d5fd383de5.json create mode 100644 objects/vulnerability/vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469.json create mode 100644 objects/vulnerability/vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96.json create mode 100644 objects/vulnerability/vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206.json create mode 100644 objects/vulnerability/vulnerability--506933be-d7e0-497c-b29d-8f78a4581428.json create mode 100644 objects/vulnerability/vulnerability--50c93691-f216-4506-af24-8eeca3152a53.json create mode 100644 objects/vulnerability/vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294.json create mode 100644 objects/vulnerability/vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4.json create mode 100644 objects/vulnerability/vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f.json create mode 100644 objects/vulnerability/vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c.json create mode 100644 objects/vulnerability/vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9.json create mode 100644 objects/vulnerability/vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1.json create mode 100644 objects/vulnerability/vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497.json create mode 100644 objects/vulnerability/vulnerability--69924207-d453-4508-82c9-4d8e682ffa49.json create mode 100644 objects/vulnerability/vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52.json create mode 100644 objects/vulnerability/vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2.json create mode 100644 objects/vulnerability/vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926.json create mode 100644 objects/vulnerability/vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509.json create mode 100644 objects/vulnerability/vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f.json create mode 100644 objects/vulnerability/vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f.json create mode 100644 objects/vulnerability/vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731.json create mode 100644 objects/vulnerability/vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026.json create mode 100644 objects/vulnerability/vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9.json create mode 100644 objects/vulnerability/vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff.json create mode 100644 objects/vulnerability/vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b.json create mode 100644 objects/vulnerability/vulnerability--829226de-4fa3-4983-a151-444974ecd2b6.json create mode 100644 objects/vulnerability/vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5.json create mode 100644 objects/vulnerability/vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28.json create mode 100644 objects/vulnerability/vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2.json create mode 100644 objects/vulnerability/vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07.json create mode 100644 objects/vulnerability/vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e.json create mode 100644 objects/vulnerability/vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23.json create mode 100644 objects/vulnerability/vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c.json create mode 100644 objects/vulnerability/vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2.json create mode 100644 objects/vulnerability/vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d.json create mode 100644 objects/vulnerability/vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed.json create mode 100644 objects/vulnerability/vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15.json create mode 100644 objects/vulnerability/vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118.json create mode 100644 objects/vulnerability/vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a.json create mode 100644 objects/vulnerability/vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0.json create mode 100644 objects/vulnerability/vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1.json create mode 100644 objects/vulnerability/vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296.json create mode 100644 objects/vulnerability/vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2.json create mode 100644 objects/vulnerability/vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855.json create mode 100644 objects/vulnerability/vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f.json create mode 100644 objects/vulnerability/vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca.json create mode 100644 objects/vulnerability/vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba.json create mode 100644 objects/vulnerability/vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e.json create mode 100644 objects/vulnerability/vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82.json create mode 100644 objects/vulnerability/vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3.json create mode 100644 objects/vulnerability/vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a.json create mode 100644 objects/vulnerability/vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11.json create mode 100644 objects/vulnerability/vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c.json create mode 100644 objects/vulnerability/vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a.json create mode 100644 objects/vulnerability/vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc.json create mode 100644 objects/vulnerability/vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621.json create mode 100644 objects/vulnerability/vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c.json create mode 100644 objects/vulnerability/vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db.json create mode 100644 objects/vulnerability/vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e.json create mode 100644 objects/vulnerability/vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498.json create mode 100644 objects/vulnerability/vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7.json create mode 100644 objects/vulnerability/vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2.json create mode 100644 objects/vulnerability/vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56.json create mode 100644 objects/vulnerability/vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d.json create mode 100644 objects/vulnerability/vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179.json create mode 100644 objects/vulnerability/vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21.json create mode 100644 objects/vulnerability/vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2.json create mode 100644 objects/vulnerability/vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d.json create mode 100644 objects/vulnerability/vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155.json create mode 100644 objects/vulnerability/vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06.json create mode 100644 objects/vulnerability/vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4.json create mode 100644 objects/vulnerability/vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1.json create mode 100644 objects/vulnerability/vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113.json create mode 100644 objects/vulnerability/vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9.json create mode 100644 objects/vulnerability/vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7.json create mode 100644 objects/vulnerability/vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4.json create mode 100644 objects/vulnerability/vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56.json diff --git a/mapping.csv b/mapping.csv index 792e403ea7..69f3922ab0 100644 --- a/mapping.csv +++ b/mapping.csv @@ -263253,3 +263253,112 @@ vulnerability,CVE-2024-11497,vulnerability--1915d76b-deb0-4941-97b7-913baef2a839 vulnerability,CVE-2024-11863,vulnerability--a9cdf90e-65e8-4180-a01a-a6d5063d05ed vulnerability,CVE-2024-7344,vulnerability--9d69bee6-c563-4bdc-b0fb-3bc188e1313a vulnerability,CVE-2024-12988,vulnerability--510ba412-b7d7-4bb6-850d-aebb42cdd4ab +vulnerability,CVE-2023-37937,vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2 +vulnerability,CVE-2023-37931,vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba +vulnerability,CVE-2023-37936,vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7 +vulnerability,CVE-2023-42785,vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a +vulnerability,CVE-2023-42786,vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9 +vulnerability,CVE-2023-46715,vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4 +vulnerability,CVE-2024-21758,vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284 +vulnerability,CVE-2024-21797,vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b +vulnerability,CVE-2024-56497,vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca +vulnerability,CVE-2024-48886,vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d +vulnerability,CVE-2024-48893,vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855 +vulnerability,CVE-2024-48884,vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5 +vulnerability,CVE-2024-48890,vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f +vulnerability,CVE-2024-32115,vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18 +vulnerability,CVE-2024-37184,vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56 +vulnerability,CVE-2024-37186,vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469 +vulnerability,CVE-2024-37357,vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e +vulnerability,CVE-2024-23106,vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89 +vulnerability,CVE-2024-35277,vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e +vulnerability,CVE-2024-35275,vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2 +vulnerability,CVE-2024-35278,vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d +vulnerability,CVE-2024-35276,vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3 +vulnerability,CVE-2024-35273,vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f +vulnerability,CVE-2024-40587,vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06 +vulnerability,CVE-2024-50566,vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621 +vulnerability,CVE-2024-50564,vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5 +vulnerability,CVE-2024-55593,vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f +vulnerability,CVE-2024-55591,vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c +vulnerability,CVE-2024-39602,vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07 +vulnerability,CVE-2024-39793,vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b +vulnerability,CVE-2024-39763,vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21 +vulnerability,CVE-2024-39787,vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498 +vulnerability,CVE-2024-39782,vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba +vulnerability,CVE-2024-39774,vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28 +vulnerability,CVE-2024-39770,vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9 +vulnerability,CVE-2024-39370,vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2 +vulnerability,CVE-2024-39762,vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98 +vulnerability,CVE-2024-39803,vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691 +vulnerability,CVE-2024-39781,vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c +vulnerability,CVE-2024-39288,vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926 +vulnerability,CVE-2024-39773,vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118 +vulnerability,CVE-2024-39756,vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418 +vulnerability,CVE-2024-39783,vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e +vulnerability,CVE-2024-39760,vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c +vulnerability,CVE-2024-39788,vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96 +vulnerability,CVE-2024-39757,vulnerability--50c93691-f216-4506-af24-8eeca3152a53 +vulnerability,CVE-2024-39299,vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87 +vulnerability,CVE-2024-39367,vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11 +vulnerability,CVE-2024-39790,vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c +vulnerability,CVE-2024-39294,vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32 +vulnerability,CVE-2024-39759,vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed +vulnerability,CVE-2024-39789,vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f +vulnerability,CVE-2024-39761,vulnerability--47409718-854c-435e-b23a-e3d5fd383de5 +vulnerability,CVE-2024-39802,vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e +vulnerability,CVE-2024-39357,vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7 +vulnerability,CVE-2024-39784,vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27 +vulnerability,CVE-2024-39799,vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6 +vulnerability,CVE-2024-39786,vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2 +vulnerability,CVE-2024-39800,vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1 +vulnerability,CVE-2024-39754,vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4 +vulnerability,CVE-2024-39765,vulnerability--69924207-d453-4508-82c9-4d8e682ffa49 +vulnerability,CVE-2024-39764,vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155 +vulnerability,CVE-2024-39785,vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4 +vulnerability,CVE-2024-39359,vulnerability--053b1846-f83e-4846-803d-64923b8648ab +vulnerability,CVE-2024-39280,vulnerability--1b25999a-5402-40fe-8154-9a9922070978 +vulnerability,CVE-2024-39795,vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23 +vulnerability,CVE-2024-39768,vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec +vulnerability,CVE-2024-39360,vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15 +vulnerability,CVE-2024-39363,vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731 +vulnerability,CVE-2024-39608,vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57 +vulnerability,CVE-2024-39769,vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0 +vulnerability,CVE-2024-39798,vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d +vulnerability,CVE-2024-39794,vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f +vulnerability,CVE-2024-39604,vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113 +vulnerability,CVE-2024-39801,vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5 +vulnerability,CVE-2024-39273,vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1 +vulnerability,CVE-2024-39603,vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43 +vulnerability,CVE-2024-39358,vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296 +vulnerability,CVE-2024-27778,vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2 +vulnerability,CVE-2024-52967,vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f +vulnerability,CVE-2024-52963,vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232 +vulnerability,CVE-2024-52969,vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59 +vulnerability,CVE-2024-38666,vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509 +vulnerability,CVE-2024-47571,vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230 +vulnerability,CVE-2024-47572,vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a +vulnerability,CVE-2024-47566,vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179 +vulnerability,CVE-2024-45326,vulnerability--417173d3-396d-4394-b626-4d18800ca2a8 +vulnerability,CVE-2024-54021,vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a +vulnerability,CVE-2024-26012,vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9 +vulnerability,CVE-2024-46668,vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56 +vulnerability,CVE-2024-46665,vulnerability--829226de-4fa3-4983-a151-444974ecd2b6 +vulnerability,CVE-2024-46669,vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b +vulnerability,CVE-2024-46670,vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff +vulnerability,CVE-2024-46664,vulnerability--506933be-d7e0-497c-b29d-8f78a4581428 +vulnerability,CVE-2024-46667,vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82 +vulnerability,CVE-2024-46666,vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463 +vulnerability,CVE-2024-36512,vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db +vulnerability,CVE-2024-36493,vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294 +vulnerability,CVE-2024-36290,vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc +vulnerability,CVE-2024-36295,vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52 +vulnerability,CVE-2024-36272,vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0 +vulnerability,CVE-2024-36258,vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206 +vulnerability,CVE-2024-36506,vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497 +vulnerability,CVE-2024-36504,vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1 +vulnerability,CVE-2024-36510,vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b +vulnerability,CVE-2024-34166,vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026 +vulnerability,CVE-2024-34544,vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3 +vulnerability,CVE-2024-33503,vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2 +vulnerability,CVE-2024-33502,vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925 diff --git a/objects/vulnerability/vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b.json b/objects/vulnerability/vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b.json new file mode 100644 index 0000000000..11aabcd399 --- /dev/null +++ b/objects/vulnerability/vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36621030-7b70-4b70-9511-abda41948e48", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00c0daf5-2985-4993-9ebe-2aaff0e9521b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.100505Z", + "modified": "2025-01-14T15:20:04.100505Z", + "name": "CVE-2024-36510", + "description": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3.json b/objects/vulnerability/vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3.json new file mode 100644 index 0000000000..3afddc2ced --- /dev/null +++ b/objects/vulnerability/vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18574734-85ab-499a-9004-b2caacd9ca54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01879d11-aa87-4a1f-96cf-23f5d3c18df3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.64337Z", + "modified": "2025-01-14T15:20:02.64337Z", + "name": "CVE-2024-35276", + "description": "A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba.json b/objects/vulnerability/vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba.json new file mode 100644 index 0000000000..b2696f20e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb21a086-8fc1-46cb-bde6-83eafe1eb6f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0387bce3-bf7c-4ceb-9eb0-6875816206ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:57.806312Z", + "modified": "2025-01-14T15:19:57.806312Z", + "name": "CVE-2023-37931", + "description": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37931" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f.json b/objects/vulnerability/vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f.json new file mode 100644 index 0000000000..d4e748c668 --- /dev/null +++ b/objects/vulnerability/vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6612a602-e859-4243-8486-adcec7973131", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04013cb6-4f6a-41b8-bb27-802e3eb6910f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.032818Z", + "modified": "2025-01-14T15:20:03.032818Z", + "name": "CVE-2024-55593", + "description": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--053b1846-f83e-4846-803d-64923b8648ab.json b/objects/vulnerability/vulnerability--053b1846-f83e-4846-803d-64923b8648ab.json new file mode 100644 index 0000000000..4589b546c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--053b1846-f83e-4846-803d-64923b8648ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1c1aa28-0f85-43a1-a0f0-bf8d89dc2d94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--053b1846-f83e-4846-803d-64923b8648ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.121665Z", + "modified": "2025-01-14T15:20:03.121665Z", + "name": "CVE-2024-39359", + "description": "A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39359" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b.json b/objects/vulnerability/vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b.json new file mode 100644 index 0000000000..44dbea1d55 --- /dev/null +++ b/objects/vulnerability/vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da6946c6-1ee3-4837-ba88-2bd6c7c3649d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--073ca2a5-aac0-4673-8e0d-122fe4ac294b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.059247Z", + "modified": "2025-01-14T15:20:03.059247Z", + "name": "CVE-2024-39793", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39793" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5.json b/objects/vulnerability/vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5.json new file mode 100644 index 0000000000..ec9b555d05 --- /dev/null +++ b/objects/vulnerability/vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d44f6564-bd89-4142-9135-d505886544d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0945c435-7fe9-466b-b1c3-15f98c65d2a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.957897Z", + "modified": "2025-01-14T15:20:02.957897Z", + "name": "CVE-2024-50564", + "description": "A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59.json b/objects/vulnerability/vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59.json new file mode 100644 index 0000000000..b129a5b7be --- /dev/null +++ b/objects/vulnerability/vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d851fdb3-19a1-49d0-bfa0-5e30eaf0fcae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09f5dab4-e182-4335-be7d-9345fda95a59", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.307374Z", + "modified": "2025-01-14T15:20:03.307374Z", + "name": "CVE-2024-52969", + "description": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98.json b/objects/vulnerability/vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98.json new file mode 100644 index 0000000000..e46eab39e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0df959f0-ca70-40e3-87ed-d411f9b646f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c4c510d-05db-452b-bf8e-3355d0e50c98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.070225Z", + "modified": "2025-01-14T15:20:03.070225Z", + "name": "CVE-2024-39762", + "description": "Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39762" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b.json b/objects/vulnerability/vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b.json new file mode 100644 index 0000000000..3742cee8e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7410b8bb-2c80-4bcf-9288-1b7f53499b17", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0df60211-c2c6-40b4-9b8a-ad90d12d6c4b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.560055Z", + "modified": "2025-01-14T15:20:01.560055Z", + "name": "CVE-2024-21797", + "description": "A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21797" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18.json b/objects/vulnerability/vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18.json new file mode 100644 index 0000000000..7af2ea0cf9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c799fb28-9e4d-4bb8-b6bd-302d5f18f5d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f57fb9e-1aa4-44e5-82ff-92fa7bd54a18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.182244Z", + "modified": "2025-01-14T15:20:02.182244Z", + "name": "CVE-2024-32115", + "description": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-32115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43.json b/objects/vulnerability/vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43.json new file mode 100644 index 0000000000..0130e8e29e --- /dev/null +++ b/objects/vulnerability/vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e0bb295-30dc-4dda-b653-e38d803fce40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--110330a9-83ea-4ee9-a9eb-50211dc89f43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.150653Z", + "modified": "2025-01-14T15:20:03.150653Z", + "name": "CVE-2024-39603", + "description": "A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87.json b/objects/vulnerability/vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87.json new file mode 100644 index 0000000000..04b32b5013 --- /dev/null +++ b/objects/vulnerability/vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ac75ae8-de38-42b3-a257-40630cd4774b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11e49fca-df96-4443-b2b1-e5388d089f87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.088948Z", + "modified": "2025-01-14T15:20:03.088948Z", + "name": "CVE-2024-39299", + "description": "A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27.json b/objects/vulnerability/vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27.json new file mode 100644 index 0000000000..54f7210841 --- /dev/null +++ b/objects/vulnerability/vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53614bc3-3828-4c72-a6b9-0ee5605c8866", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14bc42ea-9858-47f1-bcb7-018fe2eefa27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.103893Z", + "modified": "2025-01-14T15:20:03.103893Z", + "name": "CVE-2024-39784", + "description": "Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39784" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0.json b/objects/vulnerability/vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0.json new file mode 100644 index 0000000000..f6595d1e68 --- /dev/null +++ b/objects/vulnerability/vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b20e9a79-164d-49dd-9907-be08397cca76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17375adf-a92a-44ca-97da-31fad7d7f4e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.139443Z", + "modified": "2025-01-14T15:20:03.139443Z", + "name": "CVE-2024-39769", + "description": "Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39769" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925.json b/objects/vulnerability/vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925.json new file mode 100644 index 0000000000..31afc9118c --- /dev/null +++ b/objects/vulnerability/vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11b9f710-5496-410d-85ff-3aef99b4bfc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17fd60de-8e28-4216-bc1d-fb9648000925", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.639146Z", + "modified": "2025-01-14T15:20:04.639146Z", + "name": "CVE-2024-33502", + "description": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33502" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232.json b/objects/vulnerability/vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232.json new file mode 100644 index 0000000000..65db23b690 --- /dev/null +++ b/objects/vulnerability/vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--073cceb8-bf81-44f1-a542-bd530b26a82d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19b24a21-04ac-4f41-b9e3-dc4848e55232", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.302986Z", + "modified": "2025-01-14T15:20:03.302986Z", + "name": "CVE-2024-52963", + "description": "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b25999a-5402-40fe-8154-9a9922070978.json b/objects/vulnerability/vulnerability--1b25999a-5402-40fe-8154-9a9922070978.json new file mode 100644 index 0000000000..2963333f3b --- /dev/null +++ b/objects/vulnerability/vulnerability--1b25999a-5402-40fe-8154-9a9922070978.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9c7f105-7d2c-490f-b635-3218d16dfad7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b25999a-5402-40fe-8154-9a9922070978", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.12306Z", + "modified": "2025-01-14T15:20:03.12306Z", + "name": "CVE-2024-39280", + "description": "An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57.json b/objects/vulnerability/vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57.json new file mode 100644 index 0000000000..addbadfb43 --- /dev/null +++ b/objects/vulnerability/vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71928699-8b43-454f-9299-0022cde86da4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b8fd896-9087-4ccc-8d41-847bbe35da57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.137465Z", + "modified": "2025-01-14T15:20:03.137465Z", + "name": "CVE-2024-39608", + "description": "A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6.json b/objects/vulnerability/vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6.json new file mode 100644 index 0000000000..988194f910 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09fe9d4b-2662-45ea-86ff-a6c114ccc133", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bb5ec30-a064-4945-af82-6905c83c7ec6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.105001Z", + "modified": "2025-01-14T15:20:03.105001Z", + "name": "CVE-2024-39799", + "description": "Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e.json b/objects/vulnerability/vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e.json new file mode 100644 index 0000000000..c6807b4a52 --- /dev/null +++ b/objects/vulnerability/vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f65f2b5-571a-4e93-a637-310cb852befc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f2833f5-752a-45cb-9545-93a005c0104e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.605152Z", + "modified": "2025-01-14T15:20:02.605152Z", + "name": "CVE-2024-35277", + "description": "A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35277" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec.json b/objects/vulnerability/vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec.json new file mode 100644 index 0000000000..c839e30bcd --- /dev/null +++ b/objects/vulnerability/vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c1ce35a-dbf3-43d5-89c9-1bcae3be34a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f438ea6-597f-411d-a05e-7e9053f27cec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.132239Z", + "modified": "2025-01-14T15:20:03.132239Z", + "name": "CVE-2024-39768", + "description": "Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39768" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89.json b/objects/vulnerability/vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89.json new file mode 100644 index 0000000000..148c6b0150 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8326af0-f88d-4f06-a4c1-17cb1049ae84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fbbd250-7ad7-4628-8d5c-4ce3bd1ead89", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.436923Z", + "modified": "2025-01-14T15:20:02.436923Z", + "name": "CVE-2024-23106", + "description": "An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691.json b/objects/vulnerability/vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691.json new file mode 100644 index 0000000000..dbc3cdc33e --- /dev/null +++ b/objects/vulnerability/vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b13c83e-a7bd-4cca-bb4a-ac19b527553b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31f64418-1434-4e74-bad4-6ca12a4cf691", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.07131Z", + "modified": "2025-01-14T15:20:03.07131Z", + "name": "CVE-2024-39803", + "description": "Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32.json b/objects/vulnerability/vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32.json new file mode 100644 index 0000000000..0ea45e2936 --- /dev/null +++ b/objects/vulnerability/vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27819654-04f6-4521-8079-da619674e4d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32da4cdc-934a-4e9b-887c-4344f2cc5b32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.092174Z", + "modified": "2025-01-14T15:20:03.092174Z", + "name": "CVE-2024-39294", + "description": "A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418.json b/objects/vulnerability/vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418.json new file mode 100644 index 0000000000..a05c0a9607 --- /dev/null +++ b/objects/vulnerability/vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ceb9de89-2af2-4d55-8ce2-44c00e868fa1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33619078-358d-4f1e-b0d9-9bdc04e4a418", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.081111Z", + "modified": "2025-01-14T15:20:03.081111Z", + "name": "CVE-2024-39756", + "description": "A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f.json b/objects/vulnerability/vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f.json new file mode 100644 index 0000000000..daeb25cdd7 --- /dev/null +++ b/objects/vulnerability/vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cb2be2e-0cc7-45e2-83cf-4d556f0455b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--394dbb74-6130-484f-80b5-0ecbb03bfe9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.095886Z", + "modified": "2025-01-14T15:20:03.095886Z", + "name": "CVE-2024-39789", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5.json b/objects/vulnerability/vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5.json new file mode 100644 index 0000000000..cd02bbd67e --- /dev/null +++ b/objects/vulnerability/vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbd7a97a-eb0a-445c-ba29-6768055ba703", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d3dfae1-a3ab-49a1-8879-e797699b95b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.145839Z", + "modified": "2025-01-14T15:20:03.145839Z", + "name": "CVE-2024-39801", + "description": "Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39801" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230.json b/objects/vulnerability/vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230.json new file mode 100644 index 0000000000..ab38242ce2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b2311a2-f270-4ff3-84a8-76942b019ad0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4159db04-55e4-4d51-808a-7a7ca94fa230", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.392992Z", + "modified": "2025-01-14T15:20:03.392992Z", + "name": "CVE-2024-47571", + "description": "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--417173d3-396d-4394-b626-4d18800ca2a8.json b/objects/vulnerability/vulnerability--417173d3-396d-4394-b626-4d18800ca2a8.json new file mode 100644 index 0000000000..5779399161 --- /dev/null +++ b/objects/vulnerability/vulnerability--417173d3-396d-4394-b626-4d18800ca2a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58be3701-57dc-4be5-a0a6-961d8a303233", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--417173d3-396d-4394-b626-4d18800ca2a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.582083Z", + "modified": "2025-01-14T15:20:03.582083Z", + "name": "CVE-2024-45326", + "description": "An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463.json b/objects/vulnerability/vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463.json new file mode 100644 index 0000000000..efce02b4cf --- /dev/null +++ b/objects/vulnerability/vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bc7036d7-c55d-46ea-9f0f-89213c017313", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41f22b5e-8cb2-459f-8d9b-00de7d24f463", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.022644Z", + "modified": "2025-01-14T15:20:04.022644Z", + "name": "CVE-2024-46666", + "description": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46666" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284.json b/objects/vulnerability/vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284.json new file mode 100644 index 0000000000..e799047994 --- /dev/null +++ b/objects/vulnerability/vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f8ad6fa-fe49-4c1b-bf27-967b934ca1cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44afb7e1-5e6e-474a-bc9b-cf15a5780284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.540651Z", + "modified": "2025-01-14T15:20:01.540651Z", + "name": "CVE-2024-21758", + "description": "A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21758" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47409718-854c-435e-b23a-e3d5fd383de5.json b/objects/vulnerability/vulnerability--47409718-854c-435e-b23a-e3d5fd383de5.json new file mode 100644 index 0000000000..d2662093f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--47409718-854c-435e-b23a-e3d5fd383de5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1a0a25b-db5f-4492-8569-2f2dd558d7ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47409718-854c-435e-b23a-e3d5fd383de5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.09982Z", + "modified": "2025-01-14T15:20:03.09982Z", + "name": "CVE-2024-39761", + "description": "Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39761" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469.json b/objects/vulnerability/vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469.json new file mode 100644 index 0000000000..00e2fa8c67 --- /dev/null +++ b/objects/vulnerability/vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f704aaa-518f-438f-adef-ac8e281b6296", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49f9ed46-bcd9-4b6b-8a5f-3ad3edb23469", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.40225Z", + "modified": "2025-01-14T15:20:02.40225Z", + "name": "CVE-2024-37186", + "description": "An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96.json b/objects/vulnerability/vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96.json new file mode 100644 index 0000000000..e83cfdd404 --- /dev/null +++ b/objects/vulnerability/vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bedeb0cc-9060-4fb4-92fa-ed17abd71b12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4af8ec29-efbd-4eb3-aa5b-9010c8f12f96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.086896Z", + "modified": "2025-01-14T15:20:03.086896Z", + "name": "CVE-2024-39788", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206.json b/objects/vulnerability/vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206.json new file mode 100644 index 0000000000..2067771a45 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9ea7bf4-9369-4bf8-84dd-bf0f5232ef2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bdf5d89-045d-4d15-b6f7-e60af960b206", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.083611Z", + "modified": "2025-01-14T15:20:04.083611Z", + "name": "CVE-2024-36258", + "description": "A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36258" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--506933be-d7e0-497c-b29d-8f78a4581428.json b/objects/vulnerability/vulnerability--506933be-d7e0-497c-b29d-8f78a4581428.json new file mode 100644 index 0000000000..25da076669 --- /dev/null +++ b/objects/vulnerability/vulnerability--506933be-d7e0-497c-b29d-8f78a4581428.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c0578a62-63cd-4c07-bbb0-1d3c9a36676f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--506933be-d7e0-497c-b29d-8f78a4581428", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.008706Z", + "modified": "2025-01-14T15:20:04.008706Z", + "name": "CVE-2024-46664", + "description": "A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50c93691-f216-4506-af24-8eeca3152a53.json b/objects/vulnerability/vulnerability--50c93691-f216-4506-af24-8eeca3152a53.json new file mode 100644 index 0000000000..d7e952c9e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--50c93691-f216-4506-af24-8eeca3152a53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7de903c-4a52-41ab-8ef6-996a40df5a1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50c93691-f216-4506-af24-8eeca3152a53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.087923Z", + "modified": "2025-01-14T15:20:03.087923Z", + "name": "CVE-2024-39757", + "description": "A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39757" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294.json b/objects/vulnerability/vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294.json new file mode 100644 index 0000000000..b7a5fc82db --- /dev/null +++ b/objects/vulnerability/vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be196076-3ecc-4eca-8f2e-f9155ddb4be2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58ccc962-3cb2-44bf-964a-f3b15791b294", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.057196Z", + "modified": "2025-01-14T15:20:04.057196Z", + "name": "CVE-2024-36493", + "description": "A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4.json b/objects/vulnerability/vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4.json new file mode 100644 index 0000000000..52e6c55733 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f00a72b-9dc9-42b2-8115-46754d8db0d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c753068-3ce6-4df2-b2c5-e35e01655db4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:59.165544Z", + "modified": "2025-01-14T15:19:59.165544Z", + "name": "CVE-2023-46715", + "description": "An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f.json b/objects/vulnerability/vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f.json new file mode 100644 index 0000000000..daade10cc1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--345944f0-fecc-46f1-9184-f2a150f09926", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f274eb3-eadd-42f1-aeeb-ad43fff3217f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.651476Z", + "modified": "2025-01-14T15:20:02.651476Z", + "name": "CVE-2024-35273", + "description": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35273" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c.json b/objects/vulnerability/vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c.json new file mode 100644 index 0000000000..2fe63eab8f --- /dev/null +++ b/objects/vulnerability/vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b50efa9-8232-48c0-b1e2-0b1d2310fd6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61539f22-8196-44b1-87bb-a6fd51af951c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.036835Z", + "modified": "2025-01-14T15:20:03.036835Z", + "name": "CVE-2024-55591", + "description": "An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9.json b/objects/vulnerability/vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9.json new file mode 100644 index 0000000000..47720ae918 --- /dev/null +++ b/objects/vulnerability/vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd1bdc39-0fc5-46ff-8651-3e717d4caa1c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61f9082f-338c-4d57-8aef-d1f3a237fea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.066666Z", + "modified": "2025-01-14T15:20:03.066666Z", + "name": "CVE-2024-39770", + "description": "Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1.json b/objects/vulnerability/vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1.json new file mode 100644 index 0000000000..8d8036a7e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aed8fa31-a3be-4476-a16d-dda2da402d2f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63d65f27-4619-4b58-b170-1475eb7f79c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.099279Z", + "modified": "2025-01-14T15:20:04.099279Z", + "name": "CVE-2024-36504", + "description": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36504" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497.json b/objects/vulnerability/vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497.json new file mode 100644 index 0000000000..c4639e1a3b --- /dev/null +++ b/objects/vulnerability/vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90f32f71-9bae-4c65-b164-7cc5e36c615a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6551d2f8-cef5-42c8-91e4-bf18a92b3497", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.0959Z", + "modified": "2025-01-14T15:20:04.0959Z", + "name": "CVE-2024-36506", + "description": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69924207-d453-4508-82c9-4d8e682ffa49.json b/objects/vulnerability/vulnerability--69924207-d453-4508-82c9-4d8e682ffa49.json new file mode 100644 index 0000000000..237c68d9f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--69924207-d453-4508-82c9-4d8e682ffa49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e40ae24-499a-493f-a36a-7fac1472e701", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69924207-d453-4508-82c9-4d8e682ffa49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.117673Z", + "modified": "2025-01-14T15:20:03.117673Z", + "name": "CVE-2024-39765", + "description": "Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52.json b/objects/vulnerability/vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52.json new file mode 100644 index 0000000000..19377d16c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7d962bda-57f0-4b99-a9f6-575ff022827e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69dfeb85-1999-436b-a9eb-7da737a4ca52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.061411Z", + "modified": "2025-01-14T15:20:04.061411Z", + "name": "CVE-2024-36295", + "description": "A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2.json b/objects/vulnerability/vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2.json new file mode 100644 index 0000000000..de79404487 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5604f96-8ba7-43b4-bbfd-a145521f3f19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a84791a-b966-44d5-b129-a72f258a8bf2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.068726Z", + "modified": "2025-01-14T15:20:03.068726Z", + "name": "CVE-2024-39370", + "description": "An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926.json b/objects/vulnerability/vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926.json new file mode 100644 index 0000000000..75062f5492 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b3829b7-00d8-4869-9f29-ed529202a294", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d909d37-aeea-4be6-8002-b55d48ac1926", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.074111Z", + "modified": "2025-01-14T15:20:03.074111Z", + "name": "CVE-2024-39288", + "description": "A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509.json b/objects/vulnerability/vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509.json new file mode 100644 index 0000000000..ccc03c003f --- /dev/null +++ b/objects/vulnerability/vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5d2eabc-0e52-49a0-9c1a-2280a14291bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d937bce-d974-4bd1-93b5-dbcf416db509", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.339019Z", + "modified": "2025-01-14T15:20:03.339019Z", + "name": "CVE-2024-38666", + "description": "An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38666" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f.json b/objects/vulnerability/vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f.json new file mode 100644 index 0000000000..8287f390b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9d8807d-3944-425f-a2d5-01fd4f32571f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7083bb46-c1d0-4cb3-8aed-b9ee67cd314f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.286891Z", + "modified": "2025-01-14T15:20:03.286891Z", + "name": "CVE-2024-52967", + "description": "An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f.json b/objects/vulnerability/vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f.json new file mode 100644 index 0000000000..eb948799d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cc84234-07a5-4ac4-96da-99ae8fd066c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--738f7b62-0d57-45ca-88d8-5a244a43591f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.905451Z", + "modified": "2025-01-14T15:20:01.905451Z", + "name": "CVE-2024-48890", + "description": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48890" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731.json b/objects/vulnerability/vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731.json new file mode 100644 index 0000000000..47a3461fe2 --- /dev/null +++ b/objects/vulnerability/vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--055fc8fc-a85f-4e7e-ac25-aeacd22536cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--741e3439-dc55-46ae-b1f8-1c002b18c731", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.135558Z", + "modified": "2025-01-14T15:20:03.135558Z", + "name": "CVE-2024-39363", + "description": "A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39363" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026.json b/objects/vulnerability/vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026.json new file mode 100644 index 0000000000..9be792c927 --- /dev/null +++ b/objects/vulnerability/vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b60b02e8-cbb7-470f-86d2-a92e03856209", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74af3eab-5a7c-49c7-a682-161bac0d0026", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.163037Z", + "modified": "2025-01-14T15:20:04.163037Z", + "name": "CVE-2024-34166", + "description": "An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9.json b/objects/vulnerability/vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9.json new file mode 100644 index 0000000000..62da2be3b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a932b136-d7e4-483f-9577-c10f14591f15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7adbc0da-2a9d-4656-b598-d6539d1b50b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.962535Z", + "modified": "2025-01-14T15:20:03.962535Z", + "name": "CVE-2024-26012", + "description": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff.json b/objects/vulnerability/vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff.json new file mode 100644 index 0000000000..45f4c39da0 --- /dev/null +++ b/objects/vulnerability/vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3cb9ab5-5945-44d8-a671-edd228c909f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--800586d5-fa23-4cf7-8db0-6b87995deeff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.001324Z", + "modified": "2025-01-14T15:20:04.001324Z", + "name": "CVE-2024-46670", + "description": "An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b.json b/objects/vulnerability/vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b.json new file mode 100644 index 0000000000..3a5b97e93c --- /dev/null +++ b/objects/vulnerability/vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--badf9d4d-9afc-41ec-80a1-f1bd59fa9c87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8184a410-3d54-4db3-8890-b4738c1f0e5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.9994Z", + "modified": "2025-01-14T15:20:03.9994Z", + "name": "CVE-2024-46669", + "description": "An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--829226de-4fa3-4983-a151-444974ecd2b6.json b/objects/vulnerability/vulnerability--829226de-4fa3-4983-a151-444974ecd2b6.json new file mode 100644 index 0000000000..9ce8487383 --- /dev/null +++ b/objects/vulnerability/vulnerability--829226de-4fa3-4983-a151-444974ecd2b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e155aff8-692c-43e5-a04d-d7d28b565caa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--829226de-4fa3-4983-a151-444974ecd2b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.99558Z", + "modified": "2025-01-14T15:20:03.99558Z", + "name": "CVE-2024-46665", + "description": "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5.json b/objects/vulnerability/vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5.json new file mode 100644 index 0000000000..39832f4901 --- /dev/null +++ b/objects/vulnerability/vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46a40b6d-3c8b-469f-8f32-3af4b4945fd9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8506902b-bb2f-45f5-b116-9f6fbf344ea5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.895164Z", + "modified": "2025-01-14T15:20:01.895164Z", + "name": "CVE-2024-48884", + "description": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48884" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28.json b/objects/vulnerability/vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28.json new file mode 100644 index 0000000000..ff2c67db96 --- /dev/null +++ b/objects/vulnerability/vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04c946fe-38fe-485a-8e8f-d47ad61e205c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8583ef6c-ea21-4dd3-a8d6-cfcbb98e0c28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.065175Z", + "modified": "2025-01-14T15:20:03.065175Z", + "name": "CVE-2024-39774", + "description": "A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2.json b/objects/vulnerability/vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2.json new file mode 100644 index 0000000000..61df902e11 --- /dev/null +++ b/objects/vulnerability/vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59daa363-67f4-4b28-982c-b3644d151deb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87762d9a-c24c-4210-b4c9-bcf268c85ba2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.202043Z", + "modified": "2025-01-14T15:20:03.202043Z", + "name": "CVE-2024-27778", + "description": "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27778" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07.json b/objects/vulnerability/vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07.json new file mode 100644 index 0000000000..0be55460a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdd73268-060a-43b0-ace2-47b9d11c7098", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89c45123-c1e6-4e3d-a55c-c994ee1ccf07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.055983Z", + "modified": "2025-01-14T15:20:03.055983Z", + "name": "CVE-2024-39602", + "description": "An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e.json b/objects/vulnerability/vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e.json new file mode 100644 index 0000000000..c199199ffb --- /dev/null +++ b/objects/vulnerability/vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04911696-4404-4684-9a08-e475ae643871", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b15c707-ba86-4bfa-b9cf-7f9c59a48b7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.10134Z", + "modified": "2025-01-14T15:20:03.10134Z", + "name": "CVE-2024-39802", + "description": "Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23.json b/objects/vulnerability/vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23.json new file mode 100644 index 0000000000..806fc1aa78 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--300569d7-dcde-4330-ad52-1501586363b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c78b103-7d9f-4d2f-90bc-a754c7ac9d23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.131009Z", + "modified": "2025-01-14T15:20:03.131009Z", + "name": "CVE-2024-39795", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39795" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c.json b/objects/vulnerability/vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c.json new file mode 100644 index 0000000000..91ddc43b1f --- /dev/null +++ b/objects/vulnerability/vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19e93f15-fd02-495c-b5e5-3fbfff0e8ef1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--911fd3e2-17f6-4b4f-b190-59d22117b64c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.091093Z", + "modified": "2025-01-14T15:20:03.091093Z", + "name": "CVE-2024-39790", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2.json b/objects/vulnerability/vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2.json new file mode 100644 index 0000000000..3f40d51070 --- /dev/null +++ b/objects/vulnerability/vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a652d604-22bf-411a-ab98-3eb7946d6743", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9240fe36-0078-4747-8873-9d9d3a4909c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:57.794241Z", + "modified": "2025-01-14T15:19:57.794241Z", + "name": "CVE-2023-37937", + "description": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37937" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d.json b/objects/vulnerability/vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d.json new file mode 100644 index 0000000000..4312199440 --- /dev/null +++ b/objects/vulnerability/vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40a7b309-b915-43bd-975e-287733952458", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94740c97-ba32-400d-bc25-1a112f1d4f2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.88222Z", + "modified": "2025-01-14T15:20:01.88222Z", + "name": "CVE-2024-48886", + "description": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed.json b/objects/vulnerability/vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed.json new file mode 100644 index 0000000000..34cff0aa08 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9ba83cd-0e2c-4577-9d20-a3ebc8d05b31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b4824f6-dfdd-4f39-9be3-086cdda224ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.094299Z", + "modified": "2025-01-14T15:20:03.094299Z", + "name": "CVE-2024-39759", + "description": "Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39759" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15.json b/objects/vulnerability/vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15.json new file mode 100644 index 0000000000..d270a89bd2 --- /dev/null +++ b/objects/vulnerability/vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa8c0fde-387c-4a0f-8608-5982416064e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a26fa63d-a74a-4151-84f7-e031a1211c15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.133703Z", + "modified": "2025-01-14T15:20:03.133703Z", + "name": "CVE-2024-39360", + "description": "An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39360" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118.json b/objects/vulnerability/vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118.json new file mode 100644 index 0000000000..3ba2218228 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3606d3d4-3926-440c-bf9c-479b30e7df50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6849fd4-24ce-4f35-beb4-c5d6aac85118", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.079791Z", + "modified": "2025-01-14T15:20:03.079791Z", + "name": "CVE-2024-39773", + "description": "An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39773" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a.json b/objects/vulnerability/vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a.json new file mode 100644 index 0000000000..48932b35d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05cf7d3c-f693-4708-9c2c-ae7b7f6c278d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8cbe72e-dd2e-41bd-ac9f-dfd9c5acc70a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.39777Z", + "modified": "2025-01-14T15:20:03.39777Z", + "name": "CVE-2024-47572", + "description": "An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0.json b/objects/vulnerability/vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0.json new file mode 100644 index 0000000000..1bfed413dc --- /dev/null +++ b/objects/vulnerability/vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9bb4ffb-41e7-48cf-8f02-a15f8a8aac5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8d090b4-b8fd-41f6-97e1-8cbe2a14f7b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.066697Z", + "modified": "2025-01-14T15:20:04.066697Z", + "name": "CVE-2024-36272", + "description": "A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36272" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1.json b/objects/vulnerability/vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1.json new file mode 100644 index 0000000000..84ca6a072c --- /dev/null +++ b/objects/vulnerability/vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8d90e81a-a0e9-411b-a570-bf5bbcaf5ab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9cd0b60-25c3-4c3e-9146-203c5d36c4a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.148034Z", + "modified": "2025-01-14T15:20:03.148034Z", + "name": "CVE-2024-39273", + "description": "A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39273" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296.json b/objects/vulnerability/vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296.json new file mode 100644 index 0000000000..028a34045b --- /dev/null +++ b/objects/vulnerability/vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4ed61ef-c529-4e45-a3fe-5be4ee92c69f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa874a49-9ace-4f05-ad69-fa8b16d3b296", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.152288Z", + "modified": "2025-01-14T15:20:03.152288Z", + "name": "CVE-2024-39358", + "description": "A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39358" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2.json b/objects/vulnerability/vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2.json new file mode 100644 index 0000000000..a5db515f81 --- /dev/null +++ b/objects/vulnerability/vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e80d7ff1-88f6-41e2-a374-90800acf1b56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--abad2219-303c-4823-8ff2-66c8532a77d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.594949Z", + "modified": "2025-01-14T15:20:04.594949Z", + "name": "CVE-2024-33503", + "description": "A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855.json b/objects/vulnerability/vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855.json new file mode 100644 index 0000000000..294c12725d --- /dev/null +++ b/objects/vulnerability/vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e75902fd-fa73-4ae9-99be-76efbddb35c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aeff20c0-f580-4a77-b3ce-434fc195b855", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.891089Z", + "modified": "2025-01-14T15:20:01.891089Z", + "name": "CVE-2024-48893", + "description": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48893" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f.json b/objects/vulnerability/vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f.json new file mode 100644 index 0000000000..a1df9b6d99 --- /dev/null +++ b/objects/vulnerability/vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1bf0fd2-d2b0-4967-81d8-fbe0efe40518", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--afdbcd1e-922c-4a22-bea4-88c9a966886f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.142584Z", + "modified": "2025-01-14T15:20:03.142584Z", + "name": "CVE-2024-39794", + "description": "Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca.json b/objects/vulnerability/vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca.json new file mode 100644 index 0000000000..c0b4eea7ca --- /dev/null +++ b/objects/vulnerability/vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c691170-0cda-4119-95bf-5217c977ab9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1c8d9cc-b796-45f6-bb66-488d146d66ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:01.862733Z", + "modified": "2025-01-14T15:20:01.862733Z", + "name": "CVE-2024-56497", + "description": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba.json b/objects/vulnerability/vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba.json new file mode 100644 index 0000000000..2cca3bc32f --- /dev/null +++ b/objects/vulnerability/vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb519550-39e1-49a2-83c6-abf361cb1b78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b33e0302-562d-4227-9c32-623b9fd234ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.06405Z", + "modified": "2025-01-14T15:20:03.06405Z", + "name": "CVE-2024-39782", + "description": "Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e.json b/objects/vulnerability/vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e.json new file mode 100644 index 0000000000..06ae9d040f --- /dev/null +++ b/objects/vulnerability/vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--099b9d6e-3d5b-47d0-888f-09b98b63e392", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8d0c3c3-9f62-4f1e-9ece-2c37fef2365e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.408898Z", + "modified": "2025-01-14T15:20:02.408898Z", + "name": "CVE-2024-37357", + "description": "A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37357" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82.json b/objects/vulnerability/vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82.json new file mode 100644 index 0000000000..5c0711d83b --- /dev/null +++ b/objects/vulnerability/vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7baf99e-59fc-4305-a249-bdc925bd888e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc62b05a-f8e2-4e0f-adfd-7e2842e86e82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.020755Z", + "modified": "2025-01-14T15:20:04.020755Z", + "name": "CVE-2024-46667", + "description": "A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3.json b/objects/vulnerability/vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3.json new file mode 100644 index 0000000000..820c9c614d --- /dev/null +++ b/objects/vulnerability/vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a51e4c8-0928-4477-acb0-4676328b3302", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcc0f955-c96a-46a9-ae48-c265d3b305f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.1954Z", + "modified": "2025-01-14T15:20:04.1954Z", + "name": "CVE-2024-34544", + "description": "A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a.json b/objects/vulnerability/vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a.json new file mode 100644 index 0000000000..d26c1b2110 --- /dev/null +++ b/objects/vulnerability/vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--002e6def-0510-4245-b2e3-1f85d8ee681f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfeffc0b-bc9c-4618-b6aa-32e9c495270a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.697925Z", + "modified": "2025-01-14T15:20:03.697925Z", + "name": "CVE-2024-54021", + "description": "An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11.json b/objects/vulnerability/vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11.json new file mode 100644 index 0000000000..8c17ad7de4 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16a53f40-d180-46f0-9b6a-9e60377ffd38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0daa1b2-db2d-48bf-b52d-aa884ad10c11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.089915Z", + "modified": "2025-01-14T15:20:03.089915Z", + "name": "CVE-2024-39367", + "description": "An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c.json b/objects/vulnerability/vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c.json new file mode 100644 index 0000000000..3239b3810d --- /dev/null +++ b/objects/vulnerability/vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8b7d288-874d-49fa-b681-02ebac9d9a67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c257b1d6-af02-49dd-a1c4-c0d09455dc7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.0727Z", + "modified": "2025-01-14T15:20:03.0727Z", + "name": "CVE-2024-39781", + "description": "Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a.json b/objects/vulnerability/vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a.json new file mode 100644 index 0000000000..5d1e3dec26 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8f1c59b-b2c2-45e9-bd84-0ad7f0488926", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd21baec-1693-492d-8820-bf24f1a10b4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:59.044112Z", + "modified": "2025-01-14T15:19:59.044112Z", + "name": "CVE-2023-42785", + "description": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc.json b/objects/vulnerability/vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc.json new file mode 100644 index 0000000000..361a32ded4 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be45274d-6f8c-448d-9135-168091fe099d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce500fc1-bee1-44f2-ab4a-c950825bdcfc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.059809Z", + "modified": "2025-01-14T15:20:04.059809Z", + "name": "CVE-2024-36290", + "description": "A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621.json b/objects/vulnerability/vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621.json new file mode 100644 index 0000000000..d9e6e71dfa --- /dev/null +++ b/objects/vulnerability/vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbdec4bf-82f4-4e7b-8884-2dad277e756a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf83d36b-bb78-4d00-8c49-91aee9cef621", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.955112Z", + "modified": "2025-01-14T15:20:02.955112Z", + "name": "CVE-2024-50566", + "description": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c.json b/objects/vulnerability/vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c.json new file mode 100644 index 0000000000..e6b8a9b7d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a7b683d-f09b-4205-aa54-e3af98f1e29c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfc7ee6a-aea1-432d-b83f-9f598fd70f6c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.083937Z", + "modified": "2025-01-14T15:20:03.083937Z", + "name": "CVE-2024-39760", + "description": "Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39760" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db.json b/objects/vulnerability/vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db.json new file mode 100644 index 0000000000..2c004d6c10 --- /dev/null +++ b/objects/vulnerability/vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce6c2972-fb59-4d07-a4ee-88196fcf0728", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d74df392-a475-426f-9194-d0d4f0ebd6db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:04.04818Z", + "modified": "2025-01-14T15:20:04.04818Z", + "name": "CVE-2024-36512", + "description": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36512" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e.json b/objects/vulnerability/vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e.json new file mode 100644 index 0000000000..6badc9b494 --- /dev/null +++ b/objects/vulnerability/vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7d60ab9-517e-41b6-9b86-ebf39bd0ed86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d976fdb0-40fd-4b89-9027-772c7cc2372e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.082458Z", + "modified": "2025-01-14T15:20:03.082458Z", + "name": "CVE-2024-39783", + "description": "Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498.json b/objects/vulnerability/vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498.json new file mode 100644 index 0000000000..6987529bdf --- /dev/null +++ b/objects/vulnerability/vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--483cfd44-9bc9-46db-92ad-d1fee4e99b7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de07e1f3-f7a3-4c71-b773-042f3bab8498", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.06278Z", + "modified": "2025-01-14T15:20:03.06278Z", + "name": "CVE-2024-39787", + "description": "Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39787" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7.json b/objects/vulnerability/vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7.json new file mode 100644 index 0000000000..5c67c9215b --- /dev/null +++ b/objects/vulnerability/vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--439b7c99-9694-4892-8628-b90b1d15faea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df17fc6d-62fd-48fe-991c-a8ac8da0a6f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:57.833868Z", + "modified": "2025-01-14T15:19:57.833868Z", + "name": "CVE-2023-37936", + "description": "A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37936" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2.json b/objects/vulnerability/vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2.json new file mode 100644 index 0000000000..5e29b1e059 --- /dev/null +++ b/objects/vulnerability/vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e18dee78-92a5-461d-9909-3efa88ad332e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dfeec6e9-0cde-45db-b05a-ed8e6fd6e5f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.616453Z", + "modified": "2025-01-14T15:20:02.616453Z", + "name": "CVE-2024-35275", + "description": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56.json b/objects/vulnerability/vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56.json new file mode 100644 index 0000000000..bf57b9f986 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d03a30f0-bc11-4fa3-87a5-2c6a5653227d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2011bce-3439-4e25-91fe-05a1885b8b56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.391133Z", + "modified": "2025-01-14T15:20:02.391133Z", + "name": "CVE-2024-37184", + "description": "A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37184" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d.json b/objects/vulnerability/vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d.json new file mode 100644 index 0000000000..337e26042a --- /dev/null +++ b/objects/vulnerability/vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf789454-9447-4f1f-a21c-dfed7c49f109", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e581d2a4-452e-4d59-bfe6-b3c931ff858d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.141396Z", + "modified": "2025-01-14T15:20:03.141396Z", + "name": "CVE-2024-39798", + "description": "Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179.json b/objects/vulnerability/vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179.json new file mode 100644 index 0000000000..72e472cca3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--852ec7e4-9a54-4258-b9d3-b49b9564b477", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e62abfe2-0689-41b1-9c86-7736dc838179", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.402635Z", + "modified": "2025-01-14T15:20:03.402635Z", + "name": "CVE-2024-47566", + "description": "A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21.json b/objects/vulnerability/vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21.json new file mode 100644 index 0000000000..d9176e7d4e --- /dev/null +++ b/objects/vulnerability/vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a72d9c90-1ebf-4ac4-934d-98fdc23c65fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9474c36-07ce-42fe-b1d0-031e09b57e21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.061377Z", + "modified": "2025-01-14T15:20:03.061377Z", + "name": "CVE-2024-39763", + "description": "Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39763" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2.json b/objects/vulnerability/vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2.json new file mode 100644 index 0000000000..79a486e836 --- /dev/null +++ b/objects/vulnerability/vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b032d713-faa0-4c90-a6e6-1e1220cf325b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eae8c672-7ae7-4f6f-a4e0-e98ab351d4b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.107184Z", + "modified": "2025-01-14T15:20:03.107184Z", + "name": "CVE-2024-39786", + "description": "Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d.json b/objects/vulnerability/vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d.json new file mode 100644 index 0000000000..bdf820ff06 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--540f77b9-6550-499e-bf47-49f210fb0153", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed0c1998-31ca-470e-a235-e7e32b51092d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.636833Z", + "modified": "2025-01-14T15:20:02.636833Z", + "name": "CVE-2024-35278", + "description": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155.json b/objects/vulnerability/vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155.json new file mode 100644 index 0000000000..438f6c539e --- /dev/null +++ b/objects/vulnerability/vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d425065b-9128-4b38-a7bc-d3a382bf6ab5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed4b4180-53d2-4d92-a054-53d4c3e8b155", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.11954Z", + "modified": "2025-01-14T15:20:03.11954Z", + "name": "CVE-2024-39764", + "description": "Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39764" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06.json b/objects/vulnerability/vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06.json new file mode 100644 index 0000000000..1469dd6041 --- /dev/null +++ b/objects/vulnerability/vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14852ae4-d364-4c9f-912f-99f3155053a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edc62c58-856b-4413-95ac-cba70a1c9c06", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:02.851663Z", + "modified": "2025-01-14T15:20:02.851663Z", + "name": "CVE-2024-40587", + "description": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4.json b/objects/vulnerability/vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4.json new file mode 100644 index 0000000000..7870e5ed36 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b884822-b58e-439e-a896-dfe5d8d41eb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1ea3af0-1db5-4fc3-8711-57fe84ff60b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.120531Z", + "modified": "2025-01-14T15:20:03.120531Z", + "name": "CVE-2024-39785", + "description": "Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39785" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1.json b/objects/vulnerability/vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1.json new file mode 100644 index 0000000000..ca8cf9061d --- /dev/null +++ b/objects/vulnerability/vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--178c131b-9eb9-4191-a635-e2fea3a21b16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1fbaa1c-f71e-47f5-a1ce-a5000220b7f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.10851Z", + "modified": "2025-01-14T15:20:03.10851Z", + "name": "CVE-2024-39800", + "description": "Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39800" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113.json b/objects/vulnerability/vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113.json new file mode 100644 index 0000000000..0a8960c736 --- /dev/null +++ b/objects/vulnerability/vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f9bdf0f-b1c1-4b26-8bcd-473f163a129d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f35ec441-1c2d-46a9-a93f-281a60217113", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.143774Z", + "modified": "2025-01-14T15:20:03.143774Z", + "name": "CVE-2024-39604", + "description": "A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9.json b/objects/vulnerability/vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9.json new file mode 100644 index 0000000000..0fc9b2afa2 --- /dev/null +++ b/objects/vulnerability/vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05e1f2b0-1c71-48e9-b91e-4359d867b994", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f576f870-8eac-4980-9eea-4a79d0fc44a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:19:59.068685Z", + "modified": "2025-01-14T15:19:59.068685Z", + "name": "CVE-2023-42786", + "description": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-42786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7.json b/objects/vulnerability/vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7.json new file mode 100644 index 0000000000..88c1a30b16 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbc585e0-1376-4283-a10c-d1d51e528220", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6c96b1a-7c3f-4e6d-93de-fc69bb0041f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.10242Z", + "modified": "2025-01-14T15:20:03.10242Z", + "name": "CVE-2024-39357", + "description": "A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39357" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4.json b/objects/vulnerability/vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4.json new file mode 100644 index 0000000000..9066f8f0a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bbbf252-e3ac-4a61-9468-707f5d2d9699", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8778ad5-c214-4e1c-87d9-b6c98c35cac4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.115924Z", + "modified": "2025-01-14T15:20:03.115924Z", + "name": "CVE-2024-39754", + "description": "A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-39754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56.json b/objects/vulnerability/vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56.json new file mode 100644 index 0000000000..d550b9f48a --- /dev/null +++ b/objects/vulnerability/vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1734318d-18c8-46e7-be30-8bc150dcb9ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8c8389f-7776-4b9b-b10d-f0d8bf7dbf56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T15:20:03.991875Z", + "modified": "2025-01-14T15:20:03.991875Z", + "name": "CVE-2024-46668", + "description": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46668" + } + ] + } + ] +} \ No newline at end of file