generated content from 2024-09-10

mapping.csv

@@ -248540,3 +248540,59 @@ vulnerability,CVE-2024-8579,vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb
 vulnerability,CVE-2024-8582,vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27
 vulnerability,CVE-2024-43835,vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85
 vulnerability,CVE-2024-43859,vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f
+vulnerability,CVE-2024-27366,vulnerability--6bd3772b-7dfb-4857-8057-c3196432b1f7
+vulnerability,CVE-2024-27367,vulnerability--a2d5bce8-6fd2-4b14-85a7-b3b7f9dd3bf2
+vulnerability,CVE-2024-27387,vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e
+vulnerability,CVE-2024-27368,vulnerability--ca2e642e-c702-4dcc-b037-49b16f4cc7d9
+vulnerability,CVE-2024-27364,vulnerability--4fa80371-f999-49cc-a08d-a84ff36a985c
+vulnerability,CVE-2024-27365,vulnerability--ec13c9d2-115e-47df-a7d1-5193ae9b8846
+vulnerability,CVE-2024-27383,vulnerability--f0773e48-fdc5-4b76-8a40-da4ae2db7129
+vulnerability,CVE-2024-37288,vulnerability--92e016f7-a796-4748-bcdd-3d24d8fe4752
+vulnerability,CVE-2024-44375,vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209
+vulnerability,CVE-2024-44333,vulnerability--52cd1161-9ff2-419e-a619-9ee0c6e07c98
+vulnerability,CVE-2024-44721,vulnerability--5ea1d4d4-6299-4394-bea6-5625bbbd484b
+vulnerability,CVE-2024-44334,vulnerability--812a917e-d5db-4293-aff7-628a9d1947e9
+vulnerability,CVE-2024-44335,vulnerability--c93ddcae-874f-4901-9c98-1add547d07de
+vulnerability,CVE-2024-44849,vulnerability--a77660b1-1b07-4a84-8b64-af3b27c127a2
+vulnerability,CVE-2024-44720,vulnerability--801f8f64-212e-427a-a55d-e96890b955ca
+vulnerability,CVE-2024-44902,vulnerability--63264cf9-b449-4721-a4b1-2eac8bbb69c0
+vulnerability,CVE-2024-44085,vulnerability--e1f021d4-b515-4698-8709-744ae02e9676
+vulnerability,CVE-2024-44725,vulnerability--c1a664df-917d-4b65-8d30-b94499a5d90e
+vulnerability,CVE-2024-44724,vulnerability--52cf09bd-2eb7-4fa3-9136-046592b203c2
+vulnerability,CVE-2024-44411,vulnerability--7fe6e5a4-65ea-4f90-b20c-1abba98d586c
+vulnerability,CVE-2024-44410,vulnerability--a2bbabc5-9add-4455-976e-de268d7f728a
+vulnerability,CVE-2024-6796,vulnerability--e845d834-75b8-491b-b70c-9146fa4d981d
+vulnerability,CVE-2024-6572,vulnerability--52f28002-f838-412d-8cfe-87e8ae4fa1cc
+vulnerability,CVE-2024-6910,vulnerability--203fbb58-d361-4480-a165-7883f5cc8676
+vulnerability,CVE-2024-6795,vulnerability--60ab0034-2fcb-4ee6-b548-413f2dc7d6fa
+vulnerability,CVE-2024-42759,vulnerability--782902b1-c26d-430e-ae9e-7073303150d8
+vulnerability,CVE-2024-42500,vulnerability--b2a6f4b7-4bfe-4548-93ac-b78b29458e43
+vulnerability,CVE-2024-24510,vulnerability--54da2c6f-834e-4759-8548-713134ceb15b
+vulnerability,CVE-2024-8586,vulnerability--c7a89c0c-5f3d-4eb1-9080-13f965c9e01d
+vulnerability,CVE-2024-8604,vulnerability--ad6b0e98-a5d2-483b-b4ab-aefec13d5276
+vulnerability,CVE-2024-8611,vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3
+vulnerability,CVE-2024-8605,vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a
+vulnerability,CVE-2024-8610,vulnerability--6b49c731-ab57-4e7f-9b0f-5215001f66c7
+vulnerability,CVE-2024-8372,vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415
+vulnerability,CVE-2024-8042,vulnerability--56c10d2b-6783-4ec1-ad92-fd7aed6cff10
+vulnerability,CVE-2024-8373,vulnerability--46db5192-1aaa-4009-8314-04043db2e23a
+vulnerability,CVE-2024-8585,vulnerability--be8fc3ba-5be5-4094-b8fa-96b03eb77b79
+vulnerability,CVE-2024-8584,vulnerability--94528850-866c-4ac7-b7d9-67664564f925
+vulnerability,CVE-2024-8601,vulnerability--dd22c98f-eeed-4459-8bf3-a781e673615e
+vulnerability,CVE-2024-7015,vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b
+vulnerability,CVE-2024-7688,vulnerability--42acd64a-e174-442c-8605-623a47c129b7
+vulnerability,CVE-2024-7318,vulnerability--6f8e01ee-674f-4831-aaab-c9e5ca69e06f
+vulnerability,CVE-2024-7341,vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f
+vulnerability,CVE-2024-7260,vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4
+vulnerability,CVE-2024-7687,vulnerability--6a085c2e-7dc9-4c68-9197-509e09ff8c89
+vulnerability,CVE-2024-7918,vulnerability--c478f08c-ba5d-4092-b911-170a8337aa2b
+vulnerability,CVE-2024-7689,vulnerability--78ec0fbe-cbf8-45eb-8008-7e325722ed02
+vulnerability,CVE-2024-40643,vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f
+vulnerability,CVE-2024-5561,vulnerability--dd2666af-a7a5-4d19-ad13-e2e14ecd80ce
+vulnerability,CVE-2024-45041,vulnerability--be5cfe6b-f94c-41ec-88a7-ba73afc9846e
+vulnerability,CVE-2024-45296,vulnerability--b5bd2d0c-7287-4c36-aaa1-55ea48ea229b
+vulnerability,CVE-2024-45411,vulnerability--ef1e24ca-add8-4a1d-b823-5b203ada5571
+vulnerability,CVE-2024-45203,vulnerability--5b1d1ba7-442b-4d53-83e8-7a9e52fc2eec
+vulnerability,CVE-2024-45625,vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8
+vulnerability,CVE-2024-45406,vulnerability--b3c995e8-6543-4238-8543-80477be10f8a
+vulnerability,CVE-2023-50883,vulnerability--f6b88413-86e9-4978-aa61-caa9fad845b3

objects/vulnerability/vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--957a71c0-ec18-48a6-8b19-8c9edf74b0fa",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--05c5811e-1941-4196-8fba-c550c5c7806a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:32.746253Z",
+            "modified": "2024-09-10T00:19:32.746253Z",
+            "name": "CVE-2024-8605",
+            "description": "A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8605"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9ae4ac14-6a73-4c48-9ce4-5d5eee383b75",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0f1246a9-dae1-4173-a796-3b10c928485f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.403967Z",
+            "modified": "2024-09-10T00:19:33.403967Z",
+            "name": "CVE-2024-40643",
+            "description": "Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that \"<\" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an \"illegal\" tag within a tag.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-40643"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--136e52b7-0a09-4835-8cb1-7947d7c65505",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1a9d253e-90a5-4b40-9e61-449adeebb1d4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.233271Z",
+            "modified": "2024-09-10T00:19:33.233271Z",
+            "name": "CVE-2024-7260",
+            "description": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7260"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f78f426b-ffb7-4ef3-b7e5-92e8e9c7c047",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1e6f56b8-851e-4b1a-9b67-2e0fb39ac415",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:32.750279Z",
+            "modified": "2024-09-10T00:19:32.750279Z",
+            "name": "CVE-2024-8372",
+            "description": "** UNSUPPPORTED WHEN ASSIGNED ** Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8372"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--203fbb58-d361-4480-a165-7883f5cc8676.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--dd32e1ed-ed9c-4583-b473-b97f0403e61b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--203fbb58-d361-4480-a165-7883f5cc8676",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:32.13766Z",
+            "modified": "2024-09-10T00:19:32.13766Z",
+            "name": "CVE-2024-6910",
+            "description": "The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6910"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c7cabfb9-094e-4974-a397-a01e2a2d6adf",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--21c2907c-4726-44da-8e7f-93284e0a753e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:31.683388Z",
+            "modified": "2024-09-10T00:19:31.683388Z",
+            "name": "CVE-2024-27387",
+            "description": "An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on rtt_id coming from userspace, which can lead to a heap overwrite.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-27387"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5f4d9c08-1424-408e-adfe-d2a6ba9e3b11",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--387f2082-3f28-4b87-a0e9-7c95b721e65b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.205048Z",
+            "modified": "2024-09-10T00:19:33.205048Z",
+            "name": "CVE-2024-7015",
+            "description": "Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7015"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ff0ed3e2-371a-4267-817b-ee1dbb63ba4a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3c2543c3-f5bb-4022-9566-4bdcd5222d3f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.22481Z",
+            "modified": "2024-09-10T00:19:33.22481Z",
+            "name": "CVE-2024-7341",
+            "description": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7341"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0b204142-7bf0-43e0-b06f-8cba4269d7d9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3dd38f7b-ddb9-4ca6-841a-6549082d21e8",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.660043Z",
+            "modified": "2024-09-10T00:19:33.660043Z",
+            "name": "CVE-2024-45625",
+            "description": "Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45625"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--42acd64a-e174-442c-8605-623a47c129b7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--310e134b-a850-4eec-a6bc-3c4c381d1965",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--42acd64a-e174-442c-8605-623a47c129b7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:33.20784Z",
+            "modified": "2024-09-10T00:19:33.20784Z",
+            "name": "CVE-2024-7688",
+            "description": "The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7688"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--46db5192-1aaa-4009-8314-04043db2e23a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ddcfac1d-d81b-49db-be0b-c79fd6d51c85",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--46db5192-1aaa-4009-8314-04043db2e23a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:32.756916Z",
+            "modified": "2024-09-10T00:19:32.756916Z",
+            "name": "CVE-2024-8373",
+            "description": "** UNSUPPPORTED WHEN ASSIGNED ** Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8373"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--be691f0f-2283-4656-a786-bc918aec4494",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--472172af-a38c-41bb-8c13-6248ec3b6209",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:31.841195Z",
+            "modified": "2024-09-10T00:19:31.841195Z",
+            "name": "CVE-2024-44375",
+            "description": "D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-44375"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0fab0abd-38e1-4201-a6a3-55a948765f49",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4f19a0e1-3c36-46a4-a71c-086e994d49d3",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-10T00:19:32.743558Z",
+            "modified": "2024-09-10T00:19:32.743558Z",
+            "name": "CVE-2024-8611",
+            "description": "A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8611"
+                }
+            ]
+        }
+    ]
+}