generated content from 2024-09-09

mapping.csv

@@ -248511,3 +248511,32 @@ vulnerability,CVE-2023-30582,vulnerability--9893d947-b3f9-4579-8d63-4fa6b42ba650
 vulnerability,CVE-2023-30587,vulnerability--6224293e-36ec-4199-a626-932d5acb7e33
 vulnerability,CVE-2023-30584,vulnerability--82d63e2b-8741-483c-8790-beaf60e06fe3
 vulnerability,CVE-2023-39333,vulnerability--298907cf-485f-4874-8989-84e1418adcb7
+vulnerability,CVE-2024-6855,vulnerability--db9d7cd0-ecdc-4f48-9061-9c2c02b1b7d6
+vulnerability,CVE-2024-6852,vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a
+vulnerability,CVE-2024-6856,vulnerability--e7820d16-0f12-4507-919b-a50aad758d4f
+vulnerability,CVE-2024-6928,vulnerability--a3761c1a-dad2-4ede-81ca-be32c7665e17
+vulnerability,CVE-2024-6859,vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10
+vulnerability,CVE-2024-6924,vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b
+vulnerability,CVE-2024-6925,vulnerability--184e380c-d769-48fa-a65b-462ace737e76
+vulnerability,CVE-2024-6853,vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23
+vulnerability,CVE-2024-42341,vulnerability--0e774f44-712e-417b-be4d-997ddd06574f
+vulnerability,CVE-2024-42343,vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256
+vulnerability,CVE-2024-42342,vulnerability--60469a7c-1948-417d-a520-7e0303836256
+vulnerability,CVE-2024-8577,vulnerability--9e5771bb-8976-4d31-82aa-939a11ba49ca
+vulnerability,CVE-2024-8580,vulnerability--91c1a6e7-ca41-4797-bdcb-12a70bd7de02
+vulnerability,CVE-2024-8570,vulnerability--d71a5687-f66f-4cdb-a990-d7619469c1e4
+vulnerability,CVE-2024-8574,vulnerability--fef8837d-e3bb-4de8-bb11-67eee7aca618
+vulnerability,CVE-2024-8569,vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc
+vulnerability,CVE-2024-8576,vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf
+vulnerability,CVE-2024-8578,vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8
+vulnerability,CVE-2024-8571,vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4
+vulnerability,CVE-2024-8573,vulnerability--71b37319-0eab-4446-a49f-fb705f764f87
+vulnerability,CVE-2024-8572,vulnerability--d8ddc0f8-6085-401b-bc02-d81aa6f8985f
+vulnerability,CVE-2024-8568,vulnerability--e50c1750-59c3-4124-84d2-81ff1d6adf44
+vulnerability,CVE-2024-8567,vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2
+vulnerability,CVE-2024-8583,vulnerability--b2705eda-75bb-4ce4-8f4d-51c8a2a04f56
+vulnerability,CVE-2024-8575,vulnerability--d679301a-ad3a-4a80-a43a-14d05d47fc1c
+vulnerability,CVE-2024-8579,vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb
+vulnerability,CVE-2024-8582,vulnerability--dc8f4703-5367-458e-8c83-7cd65be7ec27
+vulnerability,CVE-2024-43835,vulnerability--b96e5433-e7c7-44ac-bc3b-6f745667ce85
+vulnerability,CVE-2024-43859,vulnerability--fbfd602f-4715-440e-a925-a439f5e2369f

objects/vulnerability/vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--aca9b697-2897-42b8-bf9f-c22504a43edc",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0aebba4a-ce75-4bf7-8b1b-bf5892eab8d4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.662408Z",
+            "modified": "2024-09-09T00:20:45.662408Z",
+            "name": "CVE-2024-8571",
+            "description": "A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8571"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0e774f44-712e-417b-be4d-997ddd06574f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--db4235c3-9eca-4e66-9c4e-acbc77fc6708",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0e774f44-712e-417b-be4d-997ddd06574f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.097135Z",
+            "modified": "2024-09-09T00:20:45.097135Z",
+            "name": "CVE-2024-42341",
+            "description": "Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-42341"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9d366c41-3048-45eb-904e-81ef42a6575c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0fdb8e3c-7b3c-4ed7-8377-a172acc1d256",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.102328Z",
+            "modified": "2024-09-09T00:20:45.102328Z",
+            "name": "CVE-2024-42343",
+            "description": "Loway - CWE-204: Observable Response Discrepancy",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-42343"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--184e380c-d769-48fa-a65b-462ace737e76.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--678503fc-2be2-4495-aae6-861445a4e748",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--184e380c-d769-48fa-a65b-462ace737e76",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.06936Z",
+            "modified": "2024-09-09T00:20:45.06936Z",
+            "name": "CVE-2024-6925",
+            "description": "The TrueBooker  WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6925"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--58e81f46-96df-423a-88f2-9751b851c9ab",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2b8311eb-37d3-4481-9e8b-b60349009adb",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.687225Z",
+            "modified": "2024-09-09T00:20:45.687225Z",
+            "name": "CVE-2024-8579",
+            "description": "A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8579"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d4ab62a0-12d6-4bc9-aa4e-7ded95988030",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--49bb70fa-17c3-42c8-8efb-5c750529350b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.065913Z",
+            "modified": "2024-09-09T00:20:45.065913Z",
+            "name": "CVE-2024-6924",
+            "description": "The TrueBooker  WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6924"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b43c44c5-cc90-49a2-bd2e-10e1a1704f6f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--580e2782-a8e1-4ee4-9b0d-5f4f38677ea8",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.659704Z",
+            "modified": "2024-09-09T00:20:45.659704Z",
+            "name": "CVE-2024-8578",
+            "description": "A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8578"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--60469a7c-1948-417d-a520-7e0303836256.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9ee23715-dddf-4309-b41a-217e4ce00603",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--60469a7c-1948-417d-a520-7e0303836256",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.110114Z",
+            "modified": "2024-09-09T00:20:45.110114Z",
+            "name": "CVE-2024-42342",
+            "description": "Loway -  CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-42342"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--90acb835-a77a-4562-aca3-4463a704515c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--654d2e6e-2328-46c9-9571-79d4502b85bc",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.651791Z",
+            "modified": "2024-09-09T00:20:45.651791Z",
+            "name": "CVE-2024-8569",
+            "description": "A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8569"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--19349ce3-7671-41cb-98b4-e6c1b7a48148",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--6c0c2025-8448-493d-9bdb-4f3374883b10",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.059532Z",
+            "modified": "2024-09-09T00:20:45.059532Z",
+            "name": "CVE-2024-6859",
+            "description": "The WP MultiTasking  WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6859"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--71b37319-0eab-4446-a49f-fb705f764f87.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f6cfe0c6-0c9f-4524-b59d-f749b725420e",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--71b37319-0eab-4446-a49f-fb705f764f87",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.667218Z",
+            "modified": "2024-09-09T00:20:45.667218Z",
+            "name": "CVE-2024-8573",
+            "description": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8573"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ad353d87-ebf5-4d77-a22c-241fc65afc21",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--75ba8ace-b0f3-496f-91f6-7b06a724d72a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.020435Z",
+            "modified": "2024-09-09T00:20:45.020435Z",
+            "name": "CVE-2024-6852",
+            "description": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6852"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1305fa25-9656-4c34-8f5b-3c1be12d34d3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--813b77c5-8bee-4f7a-8501-585c2debbf23",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.071091Z",
+            "modified": "2024-09-09T00:20:45.071091Z",
+            "name": "CVE-2024-6853",
+            "description": "The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-6853"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d7d2d4f7-8ed3-498f-9c3e-a8a1fdaa2a20",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--8c5a2815-85bc-41cf-b601-a6a164e98da2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.680721Z",
+            "modified": "2024-09-09T00:20:45.680721Z",
+            "name": "CVE-2024-8567",
+            "description": "A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8567"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--53afe930-c53e-465a-8dfb-1898e0f3638b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--8ea13eea-e06e-43ab-8fd1-fd1a01746ecf",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-09-09T00:20:45.657487Z",
+            "modified": "2024-09-09T00:20:45.657487Z",
+            "name": "CVE-2024-8576",
+            "description": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8576"
+                }
+            ]
+        }
+    ]
+}