generated content from 2024-10-23

mapping.csv

@@ -253043,3 +253043,84 @@ vulnerability,CVE-2022-49029,vulnerability--363ec57c-e6e0-4a3d-8d5e-825d2e3c2449
 vulnerability,CVE-2022-49013,vulnerability--783fbf14-bc49-489f-b031-f4755dd79b2b
 vulnerability,CVE-2022-49028,vulnerability--16876896-cd0c-4198-acaa-f59bcd74c729
 vulnerability,CVE-2023-52917,vulnerability--43300332-1edd-48bd-9965-5f02239a83a0
+vulnerability,CVE-2024-48929,vulnerability--a259b7dc-67a7-4be4-8bf4-d255e3578151
+vulnerability,CVE-2024-48656,vulnerability--8a4e1bde-faea-4a74-b313-5fee3060b294
+vulnerability,CVE-2024-48644,vulnerability--01860a86-9269-4d2e-95fa-defe158d884e
+vulnerability,CVE-2024-48919,vulnerability--9b0128cf-69ad-4f3f-9288-03284cd160c6
+vulnerability,CVE-2024-48926,vulnerability--622d3dc0-56ef-4071-be50-4fce9e0d00cf
+vulnerability,CVE-2024-48415,vulnerability--b8cd9f32-d5f5-4459-be24-921d9d936cb4
+vulnerability,CVE-2024-48925,vulnerability--ed296bc1-9ed8-49d0-be92-cde256d8e8b6
+vulnerability,CVE-2024-48570,vulnerability--39f9972d-eb03-4d38-b5d1-ad7016e04a25
+vulnerability,CVE-2024-48706,vulnerability--7d4b5e17-b0cf-4c54-9c4b-b048e2d4e7c5
+vulnerability,CVE-2024-48708,vulnerability--47cdcc98-a2ce-44fb-b37c-9f35ecb7ced8
+vulnerability,CVE-2024-48927,vulnerability--e998228a-eca5-4f35-8ee9-7f227f422e8b
+vulnerability,CVE-2024-48652,vulnerability--e6bcf473-534f-4488-bbbb-3df5100e160f
+vulnerability,CVE-2024-48707,vulnerability--4c614913-0adf-46c9-b4ba-f2aa7373d6c1
+vulnerability,CVE-2024-48903,vulnerability--8ef7afd2-5fd0-44b1-83cf-b23308267b8c
+vulnerability,CVE-2024-48657,vulnerability--9d7f28f0-c26f-42b6-a08e-36ed6f6099a0
+vulnerability,CVE-2024-48605,vulnerability--d16586af-882e-425f-8bf8-8bc00e88ea86
+vulnerability,CVE-2024-48904,vulnerability--43e5fe3e-bad4-46da-a72d-6c7f3426eeb4
+vulnerability,CVE-2024-45526,vulnerability--5a91b267-2cc5-4556-8787-6d47e95aec76
+vulnerability,CVE-2024-45334,vulnerability--ddf44c33-3781-41d1-9a11-723d24592ead
+vulnerability,CVE-2024-45335,vulnerability--1d1bdf08-c2a5-42ef-b982-4343d55702ed
+vulnerability,CVE-2024-45518,vulnerability--1e9d2fe1-5a6e-4cd2-80f0-6edda9c95de3
+vulnerability,CVE-2024-10002,vulnerability--eacb8719-e4f3-4ccf-ae58-da20272e3791
+vulnerability,CVE-2024-10003,vulnerability--036c9ad9-6275-4dd0-9ea3-2b6bd19b411c
+vulnerability,CVE-2024-10189,vulnerability--d6ddc158-dfac-48e5-b26f-731210a6c05e
+vulnerability,CVE-2024-10231,vulnerability--862e5738-25c5-4238-b96f-c745792b0fc2
+vulnerability,CVE-2024-10229,vulnerability--9404f57d-91ef-4ee6-ace5-d21e3ac81136
+vulnerability,CVE-2024-10183,vulnerability--013bce4c-5312-4f15-bf31-035a32ab4477
+vulnerability,CVE-2024-10234,vulnerability--9c65a491-8a1f-4736-98d8-fdeeb1f10a75
+vulnerability,CVE-2024-10230,vulnerability--de211752-7c60-4bbe-bba0-24329ee0d3d5
+vulnerability,CVE-2024-9541,vulnerability--6b1212b2-1916-4bc1-8e09-ca3634ef3220
+vulnerability,CVE-2024-9287,vulnerability--e41e9eaf-feb6-42b3-9158-15775edf732e
+vulnerability,CVE-2024-9987,vulnerability--c25fa885-a7f3-4f8d-b8eb-83036989fb13
+vulnerability,CVE-2024-9627,vulnerability--4fa8c25f-30bb-47f6-b4de-ffb78f48c9ae
+vulnerability,CVE-2024-9591,vulnerability--61bf04f7-bbdb-4549-8817-d4a9a45ffa6b
+vulnerability,CVE-2024-9588,vulnerability--22525c28-1c56-4429-af4b-5bef583a1e65
+vulnerability,CVE-2024-9589,vulnerability--a8fa2350-46a0-4151-9546-c04d682f8df2
+vulnerability,CVE-2024-9677,vulnerability--053b4cc0-3829-48be-bd84-5aa36907d112
+vulnerability,CVE-2024-9050,vulnerability--32a0f364-dcaa-4d7d-812d-6721aa015eaf
+vulnerability,CVE-2024-9231,vulnerability--8417a385-44df-45a6-b6dd-23e5a74ba60b
+vulnerability,CVE-2024-9590,vulnerability--bc76a76d-8162-4002-befd-895d648a0fc8
+vulnerability,CVE-2024-9129,vulnerability--f84a6612-90fd-4eac-be19-564282d841d1
+vulnerability,CVE-2024-39753,vulnerability--d343426b-9bf3-4de8-80d8-35706b8f7aca
+vulnerability,CVE-2024-47819,vulnerability--c938f385-25a8-4b45-a149-20e8a537965f
+vulnerability,CVE-2024-50312,vulnerability--e29f035a-a6b2-401c-b2b3-c7897ff33f68
+vulnerability,CVE-2024-50311,vulnerability--a7cad680-332a-4aea-a3ce-9e81089e4069
+vulnerability,CVE-2024-26273,vulnerability--ad1d6ef4-105a-41e0-8888-c19d3742cbe7
+vulnerability,CVE-2024-26271,vulnerability--2f1dab01-4da7-4b8d-a1ce-7976ec1b1a7b
+vulnerability,CVE-2024-26519,vulnerability--e9440568-6f2e-43c3-a6f2-c6650fb1e7f1
+vulnerability,CVE-2024-26272,vulnerability--5d358663-abdb-43e3-914a-61134fb8ce71
+vulnerability,CVE-2024-7587,vulnerability--91cd1a7e-9dca-4076-b781-d714bebd274a
+vulnerability,CVE-2024-44812,vulnerability--37e2e7f6-9812-4f9f-b88c-550d20a6743e
+vulnerability,CVE-2024-44331,vulnerability--334f8b96-5902-4233-b1ad-d02f8ecf9576
+vulnerability,CVE-2024-8852,vulnerability--12d3c66c-7035-4365-9525-48852fc5a860
+vulnerability,CVE-2024-8980,vulnerability--cfe33ea8-b7bd-414e-bdd0-f2d8ab4d9beb
+vulnerability,CVE-2024-38002,vulnerability--13b1e05f-9de2-4417-a903-8e1e759be74b
+vulnerability,CVE-2024-40494,vulnerability--3ecb60e1-ec53-4f74-9fd4-273dc07466a3
+vulnerability,CVE-2024-40493,vulnerability--ffc27a59-a562-454c-94fa-6b75db708297
+vulnerability,CVE-2024-31029,vulnerability--edfa003e-4554-4d1f-9e09-cf067df16234
+vulnerability,CVE-2024-41717,vulnerability--7a20abaf-bd2d-4b40-91b4-2e79b761d494
+vulnerability,CVE-2024-41183,vulnerability--3f89cfd2-fd37-4bca-a61c-a706a4c53ed1
+vulnerability,CVE-2024-35308,vulnerability--8c778804-6edc-49dd-bb73-005deeffb222
+vulnerability,CVE-2024-49208,vulnerability--d1f712bd-cb90-4f64-b071-daaba2d32a28
+vulnerability,CVE-2024-49373,vulnerability--2a4b36e0-ba2a-48a2-8a05-c85b4db0119e
+vulnerability,CVE-2024-49211,vulnerability--a1df8677-1477-477f-a379-228cfa19c403
+vulnerability,CVE-2024-49210,vulnerability--e95bb17c-c4ef-42f3-a7aa-8883105761d9
+vulnerability,CVE-2024-49209,vulnerability--a09bc531-ba4f-4444-a8ac-9701bac496d4
+vulnerability,CVE-2024-46902,vulnerability--f535c6af-e27e-4784-8279-f9ee64a1346d
+vulnerability,CVE-2024-46903,vulnerability--9d8d2430-1028-49e2-a0de-e77696ff7444
+vulnerability,CVE-2024-46482,vulnerability--aeeef540-2f2d-4bbe-8642-80feb6c34cba
+vulnerability,CVE-2024-46240,vulnerability--06c7f3ed-c85a-4a21-9f2e-059a80a2cfd1
+vulnerability,CVE-2024-46538,vulnerability--a745ac5b-5e3c-491a-955a-dbdab1eb7234
+vulnerability,CVE-2024-46483,vulnerability--780ec43c-3b9c-4293-9ecb-3bfb606a0e63
+vulnerability,CVE-2024-42643,vulnerability--3e1dd4d4-d372-42fc-9804-f0b38c464010
+vulnerability,CVE-2024-43812,vulnerability--ea4797d1-3669-44d2-82dd-41d56ece9d5e
+vulnerability,CVE-2024-43698,vulnerability--9308a818-5cf6-4303-9fca-aa6088225a44
+vulnerability,CVE-2024-43173,vulnerability--b6dcdc4f-88df-41f7-bfe4-7b69a4d5014f
+vulnerability,CVE-2024-43177,vulnerability--3fbc13f5-9327-41b0-b94f-75d8287fd3a6
+vulnerability,CVE-2022-23862,vulnerability--d31e4d2a-d3fc-4b25-877f-a85cc5441303
+vulnerability,CVE-2022-23861,vulnerability--3b278565-eaad-47d6-9f31-55cf7e356a57
+vulnerability,CVE-2023-52919,vulnerability--aa039efb-ca0f-4c83-8752-e47d9d9bb37a
+vulnerability,CVE-2023-52918,vulnerability--fd20179c-eb99-4767-922b-8756d5365650

objects/vulnerability/vulnerability--013bce4c-5312-4f15-bf31-035a32ab4477.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--3f08d93d-d4c0-4b02-8cc3-c859a97d7bde",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--013bce4c-5312-4f15-bf31-035a32ab4477",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.505822Z",
+            "modified": "2024-10-23T00:36:25.505822Z",
+            "name": "CVE-2024-10183",
+            "description": "A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-10183"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--01860a86-9269-4d2e-95fa-defe158d884e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--74a1b9a3-456b-4f73-b328-8abc6335d0ad",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--01860a86-9269-4d2e-95fa-defe158d884e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.287293Z",
+            "modified": "2024-10-23T00:36:25.287293Z",
+            "name": "CVE-2024-48644",
+            "description": "Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-48644"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--036c9ad9-6275-4dd0-9ea3-2b6bd19b411c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--96a5913c-6d49-4140-aa29-f126ee1ce085",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--036c9ad9-6275-4dd0-9ea3-2b6bd19b411c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.494704Z",
+            "modified": "2024-10-23T00:36:25.494704Z",
+            "name": "CVE-2024-10003",
+            "description": "The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-10003"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--053b4cc0-3829-48be-bd84-5aa36907d112.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d25f2ce7-c2a8-41b5-850c-a625512ca798",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--053b4cc0-3829-48be-bd84-5aa36907d112",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.560882Z",
+            "modified": "2024-10-23T00:36:25.560882Z",
+            "name": "CVE-2024-9677",
+            "description": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9677"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--06c7f3ed-c85a-4a21-9f2e-059a80a2cfd1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--583e3918-025a-405e-b691-88db84e7edd0",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--06c7f3ed-c85a-4a21-9f2e-059a80a2cfd1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:26.963398Z",
+            "modified": "2024-10-23T00:36:26.963398Z",
+            "name": "CVE-2024-46240",
+            "description": "Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-46240"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--12d3c66c-7035-4365-9525-48852fc5a860.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6250545b-4da4-46b4-8d96-5f81bc72a5af",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--12d3c66c-7035-4365-9525-48852fc5a860",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:26.111973Z",
+            "modified": "2024-10-23T00:36:26.111973Z",
+            "name": "CVE-2024-8852",
+            "description": "The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8852"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--13b1e05f-9de2-4417-a903-8e1e759be74b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c7b9c800-8784-43eb-b7d9-9aa35d763c88",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--13b1e05f-9de2-4417-a903-8e1e759be74b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:26.227983Z",
+            "modified": "2024-10-23T00:36:26.227983Z",
+            "name": "CVE-2024-38002",
+            "description": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-38002"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1d1bdf08-c2a5-42ef-b982-4343d55702ed.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6d89448d-c828-48f1-b9e8-8aacf7077449",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1d1bdf08-c2a5-42ef-b982-4343d55702ed",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.480421Z",
+            "modified": "2024-10-23T00:36:25.480421Z",
+            "name": "CVE-2024-45335",
+            "description": "Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45335"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1e9d2fe1-5a6e-4cd2-80f0-6edda9c95de3.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1cfb8e23-6be0-456e-8320-ce5f037351b3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1e9d2fe1-5a6e-4cd2-80f0-6edda9c95de3",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.484388Z",
+            "modified": "2024-10-23T00:36:25.484388Z",
+            "name": "CVE-2024-45518",
+            "description": "An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45518"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--22525c28-1c56-4429-af4b-5bef583a1e65.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0fb1ee63-1032-435a-ada2-7688483b9d16",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--22525c28-1c56-4429-af4b-5bef583a1e65",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:25.547594Z",
+            "modified": "2024-10-23T00:36:25.547594Z",
+            "name": "CVE-2024-9588",
+            "description": "The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9588"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2a4b36e0-ba2a-48a2-8a05-c85b4db0119e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4985c228-89b8-4ac2-8e22-56a58dc28509",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2a4b36e0-ba2a-48a2-8a05-c85b4db0119e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-23T00:36:26.715259Z",
+            "modified": "2024-10-23T00:36:26.715259Z",
+            "name": "CVE-2024-49373",
+            "description": "No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-49373"
+                }
+            ]
+        }
+    ]
+}