generated content from 2024-03-10

mapping.csv

@@ -227745,3 +227745,26 @@ vulnerability,CVE-2023-47221,vulnerability--d93b03f8-075d-4836-874b-70dfb5a45fba
 vulnerability,CVE-2023-34980,vulnerability--08c98ea2-43b0-4529-a927-d32144a9ccc2
 vulnerability,CVE-2019-6268,vulnerability--90d911b2-24ad-42fd-8d7c-ea33b32dfcae
 vulnerability,CVE-2022-43855,vulnerability--b9d8e75b-1b52-4737-9215-6407fcbeca4a
+vulnerability,CVE-2024-2332,vulnerability--9fd8263e-673f-4ce2-bb14-d113a9d2ccb6
+vulnerability,CVE-2024-2329,vulnerability--251ca1e4-62ce-41a7-a115-f5f8f63bc7bd
+vulnerability,CVE-2024-2331,vulnerability--ad95f9a9-aae8-4f7b-b987-f1a3db62adab
+vulnerability,CVE-2024-2330,vulnerability--f5967cd1-cc53-4b9a-a73d-22a5e3c28bd3
+vulnerability,CVE-2024-2333,vulnerability--b1e37a9c-2b9a-496e-bdff-1c15408f43a1
+vulnerability,CVE-2024-28176,vulnerability--b2c0be68-c868-4e2e-8397-178827f22506
+vulnerability,CVE-2024-28180,vulnerability--c9f041e6-0eca-444e-82a5-67364623d503
+vulnerability,CVE-2024-28122,vulnerability--4c32a48d-8a63-4723-9a31-14f9755a04de
+vulnerability,CVE-2024-28089,vulnerability--40b03626-12dc-404e-b2c1-ded0a768b004
+vulnerability,CVE-2024-28184,vulnerability--c05cdfe0-3ad4-4b57-8d34-821cb23a232e
+vulnerability,CVE-2024-1767,vulnerability--50c3f5e2-580c-4dcb-ba01-d93a59b39587
+vulnerability,CVE-2024-1125,vulnerability--b034b3cd-c35e-4e1e-a374-35224da458c0
+vulnerability,CVE-2024-1124,vulnerability--36ccf599-b7a9-4a2c-900e-ab79d8f17b8d
+vulnerability,CVE-2024-1870,vulnerability--70ba0e12-c766-47af-a80d-a96ce019971a
+vulnerability,CVE-2024-1320,vulnerability--1283cd2b-7dfb-40f6-8335-15057da5f353
+vulnerability,CVE-2024-1123,vulnerability--103c3b9d-f927-42d8-87bc-82a9f7e19706
+vulnerability,CVE-2024-25951,vulnerability--11ee8590-6bfd-4e30-b79c-21f07c5593c3
+vulnerability,CVE-2024-25501,vulnerability--c70f64fb-d79b-4842-93c1-95be2c58ec14
+vulnerability,CVE-2023-46427,vulnerability--4203a8ca-2408-44de-88a3-38bcb25d7eda
+vulnerability,CVE-2023-46426,vulnerability--33f73002-17e3-4533-81de-e11ac9803acc
+vulnerability,CVE-2023-50015,vulnerability--8d6b6b8c-ff01-4172-8b62-ff3838f477ec
+vulnerability,CVE-2023-49341,vulnerability--619ab903-6a53-4344-abd6-52e3312c5e68
+vulnerability,CVE-2023-49340,vulnerability--a1c09e43-7ee6-4e25-ad83-cbdd4ffcdbd6

objects/vulnerability/vulnerability--103c3b9d-f927-42d8-87bc-82a9f7e19706.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d2741ade-3b6d-4130-8ad1-0f72a24668f4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--103c3b9d-f927-42d8-87bc-82a9f7e19706",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.116558Z",
+            "modified": "2024-03-10T00:17:41.116558Z",
+            "name": "CVE-2024-1123",
+            "description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-1123"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--11ee8590-6bfd-4e30-b79c-21f07c5593c3.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--71c4ba77-2348-4b75-b8f1-97c0a5c181d6",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--11ee8590-6bfd-4e30-b79c-21f07c5593c3",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.379676Z",
+            "modified": "2024-03-10T00:17:41.379676Z",
+            "name": "CVE-2024-25951",
+            "description": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-25951"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1283cd2b-7dfb-40f6-8335-15057da5f353.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--41d4d7b8-ab47-4ccb-b1f3-fd146817ee17",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1283cd2b-7dfb-40f6-8335-15057da5f353",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.112368Z",
+            "modified": "2024-03-10T00:17:41.112368Z",
+            "name": "CVE-2024-1320",
+            "description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-1320"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--251ca1e4-62ce-41a7-a115-f5f8f63bc7bd.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d3883a09-395d-4d41-88ae-dca0da1a5a71",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--251ca1e4-62ce-41a7-a115-f5f8f63bc7bd",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:40.957994Z",
+            "modified": "2024-03-10T00:17:40.957994Z",
+            "name": "CVE-2024-2329",
+            "description": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-2329"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--33f73002-17e3-4533-81de-e11ac9803acc.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--bd500e5b-c93e-4409-a740-459dd7c37f1f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--33f73002-17e3-4533-81de-e11ac9803acc",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:45.280118Z",
+            "modified": "2024-03-10T00:17:45.280118Z",
+            "name": "CVE-2023-46426",
+            "description": "Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46426"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--36ccf599-b7a9-4a2c-900e-ab79d8f17b8d.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--7c67a500-6061-48bd-aec5-f1d4980a609a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--36ccf599-b7a9-4a2c-900e-ab79d8f17b8d",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.095761Z",
+            "modified": "2024-03-10T00:17:41.095761Z",
+            "name": "CVE-2024-1124",
+            "description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-1124"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--40b03626-12dc-404e-b2c1-ded0a768b004.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--71db7ba1-85e7-4613-a7a4-eb11bc79d6e3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--40b03626-12dc-404e-b2c1-ded0a768b004",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.059401Z",
+            "modified": "2024-03-10T00:17:41.059401Z",
+            "name": "CVE-2024-28089",
+            "description": "Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-28089"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4203a8ca-2408-44de-88a3-38bcb25d7eda.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0b6c397b-1689-4522-93dd-442559d8f78d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4203a8ca-2408-44de-88a3-38bcb25d7eda",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:45.255302Z",
+            "modified": "2024-03-10T00:17:45.255302Z",
+            "name": "CVE-2023-46427",
+            "description": "An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46427"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4c32a48d-8a63-4723-9a31-14f9755a04de.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--a05a6f0e-bdb4-4de9-bafc-58206c6b76a4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4c32a48d-8a63-4723-9a31-14f9755a04de",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.050071Z",
+            "modified": "2024-03-10T00:17:41.050071Z",
+            "name": "CVE-2024-28122",
+            "description": " JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-28122"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--50c3f5e2-580c-4dcb-ba01-d93a59b39587.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--27f72c55-cabe-4e02-9346-2598a8bdf6ad",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--50c3f5e2-580c-4dcb-ba01-d93a59b39587",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.068294Z",
+            "modified": "2024-03-10T00:17:41.068294Z",
+            "name": "CVE-2024-1767",
+            "description": "The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-1767"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--619ab903-6a53-4344-abd6-52e3312c5e68.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--36798b53-6ab3-4cbf-854e-7cf03221d17e",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--619ab903-6a53-4344-abd6-52e3312c5e68",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:46.556223Z",
+            "modified": "2024-03-10T00:17:46.556223Z",
+            "name": "CVE-2023-49341",
+            "description": "An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-49341"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--70ba0e12-c766-47af-a80d-a96ce019971a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--989fd34f-8b1d-49d8-9efd-bd1eba9ce219",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--70ba0e12-c766-47af-a80d-a96ce019971a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:41.105398Z",
+            "modified": "2024-03-10T00:17:41.105398Z",
+            "name": "CVE-2024-1870",
+            "description": "The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-1870"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--8d6b6b8c-ff01-4172-8b62-ff3838f477ec.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c94992eb-ad8f-43c8-a032-7bb7ca61e706",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--8d6b6b8c-ff01-4172-8b62-ff3838f477ec",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:45.980055Z",
+            "modified": "2024-03-10T00:17:45.980055Z",
+            "name": "CVE-2023-50015",
+            "description": "An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-50015"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--9fd8263e-673f-4ce2-bb14-d113a9d2ccb6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2ddb0be5-f4f4-41de-b073-a15de163f6da",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--9fd8263e-673f-4ce2-bb14-d113a9d2ccb6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:40.946498Z",
+            "modified": "2024-03-10T00:17:40.946498Z",
+            "name": "CVE-2024-2332",
+            "description": "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-2332"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--a1c09e43-7ee6-4e25-ad83-cbdd4ffcdbd6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--150db9c4-94cd-4c7c-9ed5-9819503d68d4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--a1c09e43-7ee6-4e25-ad83-cbdd4ffcdbd6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-03-10T00:17:46.562505Z",
+            "modified": "2024-03-10T00:17:46.562505Z",
+            "name": "CVE-2023-49340",
+            "description": "An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-49340"
+                }
+            ]
+        }
+    ]
+}