generated content from 2024-12-12

mapping.csv

@@ -259594,3 +259594,55 @@ vulnerability,CVE-2024-43719,vulnerability--418a63f0-6271-46c4-835c-cdeb3bbf34b4
 vulnerability,CVE-2024-43747,vulnerability--cfd4ba16-a209-4c04-9788-3d9377a4a175
 vulnerability,CVE-2023-6947,vulnerability--785a0123-6a9f-4196-9adb-0c819b1de57a
 vulnerability,CVE-2020-28398,vulnerability--ce37da8b-f295-444b-8b96-faeddcb1b90a
+vulnerability,CVE-2024-51460,vulnerability--8789c726-278a-4569-b3a8-e416bebe403f
+vulnerability,CVE-2024-48912,vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd
+vulnerability,CVE-2024-52537,vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f
+vulnerability,CVE-2024-45337,vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9
+vulnerability,CVE-2024-12283,vulnerability--bed3e47c-3e2c-45dc-b9bf-2408250b3a05
+vulnerability,CVE-2024-12381,vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86
+vulnerability,CVE-2024-12294,vulnerability--8ed31001-f4be-42aa-b2ba-0a24f4c884a9
+vulnerability,CVE-2024-12382,vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4
+vulnerability,CVE-2024-12363,vulnerability--e744772b-8e74-4bd0-a681-33c246b73f07
+vulnerability,CVE-2024-12325,vulnerability--1084545d-7d72-4225-b982-31269d828e54
+vulnerability,CVE-2024-12004,vulnerability--a116f843-7952-40aa-b838-2e2ff9f1cfed
+vulnerability,CVE-2024-12479,vulnerability--9bd700a8-5e9b-4be1-8126-a861350dda68
+vulnerability,CVE-2024-10251,vulnerability--600edd1e-ebf6-4b9f-be9f-eea5a5963840
+vulnerability,CVE-2024-10511,vulnerability--857d2fb0-d623-48e3-8be0-59abf03ad698
+vulnerability,CVE-2024-9845,vulnerability--ef8714de-f13a-4a57-ae00-4c25adca2e2b
+vulnerability,CVE-2024-47544,vulnerability--bf68eca3-33c0-4b22-b62b-13882a29cb37
+vulnerability,CVE-2024-47542,vulnerability--d3f74659-a26e-48c3-a5ea-b5d271cd5fd4
+vulnerability,CVE-2024-47760,vulnerability--6124931d-6010-4815-b680-69dbc669b905
+vulnerability,CVE-2024-47537,vulnerability--d4268a83-7bfb-4abc-b1d3-a467dd5e9c72
+vulnerability,CVE-2024-47539,vulnerability--51336094-db2e-4c73-bc2e-96d6cc6c9485
+vulnerability,CVE-2024-47761,vulnerability--2d027835-0dc1-4090-984b-9f5debac819a
+vulnerability,CVE-2024-47545,vulnerability--c9724c95-ce5e-48fd-a9d8-73b6b60af7dc
+vulnerability,CVE-2024-47543,vulnerability--49fa795f-4041-477a-8c31-1be9843fb6ff
+vulnerability,CVE-2024-47540,vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92
+vulnerability,CVE-2024-47541,vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad
+vulnerability,CVE-2024-47758,vulnerability--4cf9e744-962b-49c2-b1f3-cb5537813fed
+vulnerability,CVE-2024-47538,vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31
+vulnerability,CVE-2024-50585,vulnerability--465473fd-cab3-41ff-a5b5-cfafdc4d6652
+vulnerability,CVE-2024-50339,vulnerability--e6097fc7-da0a-4321-8aa2-fdf0c73dcf42
+vulnerability,CVE-2024-11401,vulnerability--d9a8ac20-62f1-4ada-a373-d07640a85a37
+vulnerability,CVE-2024-11597,vulnerability--6c524e21-6f1c-401f-a911-e4752e3d48a6
+vulnerability,CVE-2024-11598,vulnerability--e45d48a6-a01f-4ace-abb0-a922a05add08
+vulnerability,CVE-2024-11840,vulnerability--7ae4e872-6a2d-4dcf-86d3-b36558c441a8
+vulnerability,CVE-2024-11053,vulnerability--a494a842-8e7d-4cc1-a153-3b19af6774af
+vulnerability,CVE-2024-11737,vulnerability--fbd3d4af-4698-499f-8a9c-e97dcdf73f6a
+vulnerability,CVE-2024-11351,vulnerability--4c37af2f-ca2b-4a47-8e75-6a2815f89c10
+vulnerability,CVE-2024-11008,vulnerability--45028407-dd9b-43c9-8ce7-2446e9f20b01
+vulnerability,CVE-2024-53289,vulnerability--e6eabc03-ed2b-4fce-8840-1f46e23fff13
+vulnerability,CVE-2024-53292,vulnerability--e22a69bd-6e51-41c0-a0d2-b5183ad8ea35
+vulnerability,CVE-2024-53290,vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779
+vulnerability,CVE-2024-53677,vulnerability--60da6a9f-dabe-4b1f-aeb4-020f4041b977
+vulnerability,CVE-2024-8496,vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9
+vulnerability,CVE-2024-37401,vulnerability--1bb110c5-5357-4646-9d75-30defdad4259
+vulnerability,CVE-2024-37377,vulnerability--f49545c9-8689-4289-b8f5-5a539b4a8501
+vulnerability,CVE-2024-35117,vulnerability--ba06a4f6-6b20-40ab-a48e-dad24e4a69e1
+vulnerability,CVE-2024-54269,vulnerability--92bf8085-2759-450b-9516-66f26a4ca483
+vulnerability,CVE-2024-42448,vulnerability--93f12df7-36cb-4912-9fb6-fafe08b9d844
+vulnerability,CVE-2024-28141,vulnerability--99149642-f6b9-42d9-a857-0418bb1fc9f5
+vulnerability,CVE-2024-28139,vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c
+vulnerability,CVE-2024-28140,vulnerability--9d415e7d-5543-4f7b-a4b5-a43b2a71b6b6
+vulnerability,CVE-2023-37395,vulnerability--3f6cb906-3693-4861-ba41-64d1531bd974
+vulnerability,CVE-2023-23472,vulnerability--8ca243f8-257f-47af-b787-94fc569a582d

objects/vulnerability/vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--189f0537-37c2-42ae-9421-a0b3cbad8b8f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--03b95477-ca81-42c4-8228-f5e7d76374f4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.893896Z",
+            "modified": "2024-12-12T00:22:32.893896Z",
+            "name": "CVE-2024-12382",
+            "description": "Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-12382"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--af6137a0-1732-4772-a802-e4b9cf8f2970",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--04ba741e-8373-41d1-ac76-55f62a1beef9",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.771686Z",
+            "modified": "2024-12-12T00:22:33.771686Z",
+            "name": "CVE-2024-8496",
+            "description": "Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8496"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--530a6a6b-0f04-449f-b5d8-14b75388d718",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0c0a7be1-60d7-40e6-acee-6efbbc908c0c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:35.016149Z",
+            "modified": "2024-12-12T00:22:35.016149Z",
+            "name": "CVE-2024-28139",
+            "description": "The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-28139"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1084545d-7d72-4225-b982-31269d828e54.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d65c71bc-845c-4145-84ce-47747d7682f0",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1084545d-7d72-4225-b982-31269d828e54",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.896811Z",
+            "modified": "2024-12-12T00:22:32.896811Z",
+            "name": "CVE-2024-12325",
+            "description": "The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-12325"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c5bf8fab-6eaa-4d76-ba62-7f5a26303416",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--17097c26-cbb8-473e-8341-96bd6b40edb9",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.853315Z",
+            "modified": "2024-12-12T00:22:32.853315Z",
+            "name": "CVE-2024-45337",
+            "description": "Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45337"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1bb110c5-5357-4646-9d75-30defdad4259.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--7f84ba97-2523-4274-b5ae-bcacc0b485c5",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1bb110c5-5357-4646-9d75-30defdad4259",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:34.19037Z",
+            "modified": "2024-12-12T00:22:34.19037Z",
+            "name": "CVE-2024-37401",
+            "description": "An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-37401"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--18eedda1-7e5b-4511-8596-503e8318c208",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1bc56e41-ba7b-41a4-b5ad-753503ce590f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.765291Z",
+            "modified": "2024-12-12T00:22:32.765291Z",
+            "name": "CVE-2024-52537",
+            "description": "Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-52537"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--a2dbd3df-4d4b-47d4-9a43-dd4a96a7d51a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1dab06d3-5477-4b63-82eb-6ee8e6190f31",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.145073Z",
+            "modified": "2024-12-12T00:22:33.145073Z",
+            "name": "CVE-2024-47538",
+            "description": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-47538"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--79179b71-290f-4620-a09b-bc323060f2f5",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--20942854-feec-49ca-a6d9-e7e3e5784dcd",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.670889Z",
+            "modified": "2024-12-12T00:22:32.670889Z",
+            "name": "CVE-2024-48912",
+            "description": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-48912"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f9477a57-6105-4585-9936-69ee54c7e868",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--244ff715-c801-4bdb-a2fc-18f183dd7a92",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.134787Z",
+            "modified": "2024-12-12T00:22:33.134787Z",
+            "name": "CVE-2024-47540",
+            "description": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-47540"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4470acff-e046-4280-93a6-12176ed85242",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2a179cca-c880-4f71-afdc-0d21e36185ad",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.138664Z",
+            "modified": "2024-12-12T00:22:33.138664Z",
+            "name": "CVE-2024-47541",
+            "description": "GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-47541"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2d027835-0dc1-4090-984b-9f5debac819a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b7846e4d-ea9c-44fe-b9eb-1c065d2384e8",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2d027835-0dc1-4090-984b-9f5debac819a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.112137Z",
+            "modified": "2024-12-12T00:22:33.112137Z",
+            "name": "CVE-2024-47761",
+            "description": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-47761"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--cfe54176-34a7-4cc2-bba4-078398914b24",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--342a3ab7-f439-4fe8-aa73-56ae548ad779",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:33.708207Z",
+            "modified": "2024-12-12T00:22:33.708207Z",
+            "name": "CVE-2024-53290",
+            "description": "Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53290"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--208d9e31-9bee-497c-ae0a-51b594868e48",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3cd481de-1d6c-442a-9c3f-ce39cacbef86",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-12-12T00:22:32.883019Z",
+            "modified": "2024-12-12T00:22:32.883019Z",
+            "name": "CVE-2024-12381",
+            "description": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-12381"
+                }
+            ]
+        }
+    ]
+}