generated content from 2023-12-26

mapping.csv

@@ -221089,3 +221089,68 @@ vulnerability,CVE-2023-51767,vulnerability--be603ee5-ca1d-4620-83be-bed9d57fe55d
 vulnerability,CVE-2023-51763,vulnerability--d0e51e76-99dc-47e8-9957-8875d8d65de8
 vulnerability,CVE-2023-51766,vulnerability--5796aa9e-7921-489e-90df-5c7e9429ad4f
 vulnerability,CVE-2023-51764,vulnerability--c5601204-c325-461c-949b-caf092ef6422
+vulnerability,CVE-2021-38927,vulnerability--6d0bd8e9-90c8-4717-b736-6c856efc1d28
+vulnerability,CVE-2023-7099,vulnerability--4b8e7e4a-8103-43fb-bbf5-6a6a27b0fc31
+vulnerability,CVE-2023-7107,vulnerability--de40772a-a5eb-42b4-b940-9c75dc5b645b
+vulnerability,CVE-2023-7100,vulnerability--dca0319d-f8cb-4d07-a0be-7ab24f011330
+vulnerability,CVE-2023-7097,vulnerability--5e6eae56-2bd2-4c7e-b37a-480a70511651
+vulnerability,CVE-2023-7108,vulnerability--a7572f75-8d6c-450d-a089-ff15190f9e50
+vulnerability,CVE-2023-7105,vulnerability--36870218-50d3-4c19-9c9f-c9682a6ee376
+vulnerability,CVE-2023-7098,vulnerability--ec0537c9-1f03-48fb-a16e-06518db01a81
+vulnerability,CVE-2023-7095,vulnerability--727993ed-a495-413a-a61c-0b3f0eb5685f
+vulnerability,CVE-2023-7106,vulnerability--93f9c346-f584-4150-ae64-1698ddaefe6c
+vulnerability,CVE-2023-7096,vulnerability--e462c057-a6b5-4d0a-9ed0-8066af6bf503
+vulnerability,CVE-2023-7104,vulnerability--127a59a6-83a3-472d-9b1f-9a6600c618e1
+vulnerability,CVE-2023-47247,vulnerability--e54fd67b-11a2-418c-9189-e7e105f4432d
+vulnerability,CVE-2023-47091,vulnerability--cf1bb283-39da-4ff4-8679-f430c1eaef66
+vulnerability,CVE-2023-28872,vulnerability--736bb70a-d09a-4372-af4f-737d3a984c95
+vulnerability,CVE-2023-30451,vulnerability--771d39eb-6788-4542-9a32-58de6cc07bfe
+vulnerability,CVE-2023-41165,vulnerability--dea1aeb6-fba4-44ff-a057-06736bc42769
+vulnerability,CVE-2023-37186,vulnerability--77f24963-d475-49df-bdf8-e2034f8d7169
+vulnerability,CVE-2023-37188,vulnerability--868529cc-a9d9-46bb-bb0b-eb6bfe772613
+vulnerability,CVE-2023-37185,vulnerability--de075da7-c9dc-452f-bdad-3195387f2220
+vulnerability,CVE-2023-37187,vulnerability--938489aa-dc25-46e6-9cff-ee27a2f55921
+vulnerability,CVE-2023-37225,vulnerability--821f02c0-08f7-4034-b509-884a981f3176
+vulnerability,CVE-2023-34198,vulnerability--e0273be6-e365-4a4b-a9ca-254b74ddaef0
+vulnerability,CVE-2023-27151,vulnerability--73966763-90e5-468c-8826-3fd8dba2167a
+vulnerability,CVE-2023-49944,vulnerability--48359b13-0782-4796-b7e9-41852509803f
+vulnerability,CVE-2023-49337,vulnerability--211017de-6ecf-4497-95cd-e54ad62f5fad
+vulnerability,CVE-2023-49880,vulnerability--afca46f1-45d5-473c-bd5c-61def45978e0
+vulnerability,CVE-2023-49328,vulnerability--5bdacebc-7d90-4242-885b-2ea40b01fb85
+vulnerability,CVE-2023-49954,vulnerability--9e8df856-8059-4f1c-97e8-d356fe622c9b
+vulnerability,CVE-2023-49226,vulnerability--7a149ffa-4157-43fd-be95-3ad45da04802
+vulnerability,CVE-2023-51774,vulnerability--e1900699-5907-488e-97ab-8cfb0a12b747
+vulnerability,CVE-2023-51781,vulnerability--35a3c7bb-7690-47dd-ae5e-1ce705aa2814
+vulnerability,CVE-2023-51775,vulnerability--632224bb-0db3-4d67-b4f5-895fdb1a1109
+vulnerability,CVE-2023-51780,vulnerability--f76ae8a2-a50d-497d-83a9-3687cceb1d7a
+vulnerability,CVE-2023-51771,vulnerability--cc99bdd5-4d22-4db0-952c-c370789602e3
+vulnerability,CVE-2023-51773,vulnerability--d75cd196-37c5-4463-af59-ac3192525e45
+vulnerability,CVE-2023-51772,vulnerability--07fb9448-fba0-4fb0-bd27-78568260e5d6
+vulnerability,CVE-2023-51782,vulnerability--fff8ece0-f039-43a8-b31c-3dacd15476d9
+vulnerability,CVE-2023-43064,vulnerability--74856a64-41e1-4c6e-96db-89fbb3e71b91
+vulnerability,CVE-2023-48650,vulnerability--0aab1c54-5dd7-4456-9198-da949deeb74f
+vulnerability,CVE-2023-48652,vulnerability--30fe23d0-b5b8-4286-a1c7-8a522b5efe93
+vulnerability,CVE-2023-48653,vulnerability--be19b8d3-9b2c-43b1-b721-15d798e917e5
+vulnerability,CVE-2023-48654,vulnerability--0ad234a2-8f88-438e-8aa8-9805926ea0e4
+vulnerability,CVE-2023-48651,vulnerability--7887d9a9-bb91-46ff-95f4-a18f59460475
+vulnerability,CVE-2023-31289,vulnerability--219f6bb6-3926-44ac-8f87-3cfa65d5288a
+vulnerability,CVE-2023-31455,vulnerability--22f0ca49-3d0b-478b-bc73-a2784d20d3cb
+vulnerability,CVE-2023-31297,vulnerability--c81ac023-1836-44ea-a676-778f684794f6
+vulnerability,CVE-2023-31224,vulnerability--656d1500-cbb2-4a9c-a8cf-7e920b742cde
+vulnerability,CVE-2023-38321,vulnerability--bcf290cd-f2b5-44c7-a883-97b1648c7099
+vulnerability,CVE-2023-38826,vulnerability--98e91221-7cba-4d8f-9987-751aebf11d60
+vulnerability,CVE-2023-50658,vulnerability--01f2541d-6629-45cd-89c1-989ad09c86a7
+vulnerability,CVE-2023-36485,vulnerability--167073c0-fe48-4946-af46-be0d43948bf8
+vulnerability,CVE-2023-36486,vulnerability--8625021d-8b4c-4e0f-b66f-e166a3016783
+vulnerability,CVE-2023-40236,vulnerability--5bf1a278-1704-49c0-a2f5-822da95df7b9
+vulnerability,CVE-2022-41761,vulnerability--c26488d0-29ed-494f-b386-da9a58275ffd
+vulnerability,CVE-2022-41760,vulnerability--d7a37d70-4b51-4381-b8a4-b6a9255af5e7
+vulnerability,CVE-2022-41762,vulnerability--97ca0dd2-2875-4411-b12e-df5b7304aeaa
+vulnerability,CVE-2022-34269,vulnerability--c3143ac3-3dbb-4b5c-828f-3a8aea4c85ef
+vulnerability,CVE-2022-34270,vulnerability--c58aa42b-7681-4748-a1be-e6c1f266f9cf
+vulnerability,CVE-2022-34267,vulnerability--6556d35c-8744-48e6-a69a-86d5ca33c314
+vulnerability,CVE-2022-34268,vulnerability--94d3bb0a-2f29-4c93-9ee7-aebdaf12efe5
+vulnerability,CVE-2022-39820,vulnerability--d640b369-8ea3-48ed-a4b4-20417947432d
+vulnerability,CVE-2022-39822,vulnerability--9a838be0-0e86-4514-8728-cf6dcce5cf66
+vulnerability,CVE-2022-39818,vulnerability--3dae58fd-dbfd-4f11-be97-6a54b0d32504
+vulnerability,CVE-2022-43675,vulnerability--07995f87-cfdc-4978-81ed-b448d8bb736c

objects/vulnerability/vulnerability--01f2541d-6629-45cd-89c1-989ad09c86a7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4700a40f-7440-4f93-b0e0-5b4130ae9903",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--01f2541d-6629-45cd-89c1-989ad09c86a7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:23.237074Z",
+            "modified": "2023-12-26T00:27:23.237074Z",
+            "name": "CVE-2023-50658",
+            "description": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-50658"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--07995f87-cfdc-4978-81ed-b448d8bb736c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9e5e6561-c122-42b9-9101-ee2b693e8b8c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--07995f87-cfdc-4978-81ed-b448d8bb736c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:33.170693Z",
+            "modified": "2023-12-26T00:27:33.170693Z",
+            "name": "CVE-2022-43675",
+            "description": "An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-43675"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--07fb9448-fba0-4fb0-bd27-78568260e5d6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b71ff0e0-2a13-42a6-90ee-f2f4a79037e3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--07fb9448-fba0-4fb0-bd27-78568260e5d6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.462455Z",
+            "modified": "2023-12-26T00:27:22.462455Z",
+            "name": "CVE-2023-51772",
+            "description": "One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\\SYSTEM.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-51772"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0aab1c54-5dd7-4456-9198-da949deeb74f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2e442e5b-8b57-41be-a819-ef83498708df",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0aab1c54-5dd7-4456-9198-da949deeb74f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.885512Z",
+            "modified": "2023-12-26T00:27:22.885512Z",
+            "name": "CVE-2023-48650",
+            "description": "Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-48650"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0ad234a2-8f88-438e-8aa8-9805926ea0e4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d1f59874-9ecd-438b-a123-e54ddb4471d6",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0ad234a2-8f88-438e-8aa8-9805926ea0e4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.918439Z",
+            "modified": "2023-12-26T00:27:22.918439Z",
+            "name": "CVE-2023-48654",
+            "description": "One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\\SYSTEM.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-48654"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--127a59a6-83a3-472d-9b1f-9a6600c618e1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--eb5cbaa8-b3cb-4c24-9025-3890df38b24c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--127a59a6-83a3-472d-9b1f-9a6600c618e1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:21.40784Z",
+            "modified": "2023-12-26T00:27:21.40784Z",
+            "name": "CVE-2023-7104",
+            "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-7104"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--167073c0-fe48-4946-af46-be0d43948bf8.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--abc1ca8f-5a00-4c44-8a65-17f701b2fc83",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--167073c0-fe48-4946-af46-be0d43948bf8",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:23.261661Z",
+            "modified": "2023-12-26T00:27:23.261661Z",
+            "name": "CVE-2023-36485",
+            "description": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-36485"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--211017de-6ecf-4497-95cd-e54ad62f5fad.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--17bb68a4-a692-40e0-99e7-1bd7cbe8ac55",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--211017de-6ecf-4497-95cd-e54ad62f5fad",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.392791Z",
+            "modified": "2023-12-26T00:27:22.392791Z",
+            "name": "CVE-2023-49337",
+            "description": "Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-49337"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--219f6bb6-3926-44ac-8f87-3cfa65d5288a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--dd0c8940-adad-471e-abfc-d213113396c1",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--219f6bb6-3926-44ac-8f87-3cfa65d5288a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:23.003373Z",
+            "modified": "2023-12-26T00:27:23.003373Z",
+            "name": "CVE-2023-31289",
+            "description": "Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-31289"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--22f0ca49-3d0b-478b-bc73-a2784d20d3cb.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6c460088-a841-46c9-8d9d-d737a6fefed8",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--22f0ca49-3d0b-478b-bc73-a2784d20d3cb",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:23.018382Z",
+            "modified": "2023-12-26T00:27:23.018382Z",
+            "name": "CVE-2023-31455",
+            "description": "Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-31455"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--30fe23d0-b5b8-4286-a1c7-8a522b5efe93.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6a5c9955-5547-4584-94d7-203c1bb8d08d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--30fe23d0-b5b8-4286-a1c7-8a522b5efe93",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.895381Z",
+            "modified": "2023-12-26T00:27:22.895381Z",
+            "name": "CVE-2023-48652",
+            "description": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-48652"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--35a3c7bb-7690-47dd-ae5e-1ce705aa2814.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5c6dcf44-922f-4e1c-8088-cd24284f1335",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--35a3c7bb-7690-47dd-ae5e-1ce705aa2814",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:22.443398Z",
+            "modified": "2023-12-26T00:27:22.443398Z",
+            "name": "CVE-2023-51781",
+            "description": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-51781"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--36870218-50d3-4c19-9c9f-c9682a6ee376.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5cdf0231-d534-4f4a-a3d9-b110ceb4e9b5",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--36870218-50d3-4c19-9c9f-c9682a6ee376",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-12-26T00:27:21.401635Z",
+            "modified": "2023-12-26T00:27:21.401635Z",
+            "name": "CVE-2023-7105",
+            "description": "A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249000.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-7105"
+                }
+            ]
+        }
+    ]
+}