generated content from 2024-11-11

mapping.csv

@@ -255348,3 +255348,38 @@ vulnerability,CVE-2024-8756,vulnerability--78633ca0-1b97-48d6-8ed8-e31d11c497d6
 vulnerability,CVE-2024-8960,vulnerability--ad0fcbda-b5e2-449a-acee-d547b4e5e913
 vulnerability,CVE-2024-36250,vulnerability--f955bea4-4d57-44f6-872e-f3bc0ee0d119
 vulnerability,CVE-2024-42000,vulnerability--8c13edd8-62bd-41cb-9963-a4f7bf4e1044
+vulnerability,CVE-2024-51578,vulnerability--99cb08e3-7201-4e83-8a79-9bec72e0262d
+vulnerability,CVE-2024-51581,vulnerability--f6e1407f-ce6d-4552-a9c9-4474aefdf2ce
+vulnerability,CVE-2024-51580,vulnerability--898eaea6-1eb2-4ad8-80e1-337775e559fe
+vulnerability,CVE-2024-51577,vulnerability--b3d041e3-618b-4f5f-9b3a-cc2eb45af4ab
+vulnerability,CVE-2024-51584,vulnerability--3cd82b38-8f08-465e-b9a6-5809ada7a5a1
+vulnerability,CVE-2024-51576,vulnerability--2b3979c1-29ea-41ee-88c1-8c9daf8042e8
+vulnerability,CVE-2024-51583,vulnerability--0b2153c8-3a8b-459c-91e3-0bdeac867f45
+vulnerability,CVE-2024-10265,vulnerability--9f4fd0d8-a4d4-4a52-9865-2e8c97113a9f
+vulnerability,CVE-2024-10958,vulnerability--ac642b18-0539-404d-8af7-c4fa97c1dc85
+vulnerability,CVE-2024-11055,vulnerability--3c69f4fa-c60b-43a6-a74d-2fdafe0bdb14
+vulnerability,CVE-2024-11051,vulnerability--4d9070cf-0aaf-469b-b45d-c9cc3c225722
+vulnerability,CVE-2024-11059,vulnerability--d1edf9dd-e68b-4a41-b2d6-2e8cb37d3232
+vulnerability,CVE-2024-11048,vulnerability--59fa8ad0-8849-4b36-a5bb-121d52932c34
+vulnerability,CVE-2024-11050,vulnerability--dfdcb47b-b0d5-4212-9d1d-8e3c9901d051
+vulnerability,CVE-2024-11046,vulnerability--00483488-f54c-4821-879b-507859186a91
+vulnerability,CVE-2024-11049,vulnerability--81a1e4a6-b6fd-458d-86d7-4e0ac87c26df
+vulnerability,CVE-2024-11058,vulnerability--36a4972c-719d-4b2d-84a8-fbbfb45aa1e0
+vulnerability,CVE-2024-11054,vulnerability--bbbe0fed-bf80-4942-ad59-56ce0b412267
+vulnerability,CVE-2024-11057,vulnerability--127ae5ce-27d3-4428-be27-0f986f25c5f7
+vulnerability,CVE-2024-11047,vulnerability--c9e6634d-ba99-4772-b03b-c99345b784be
+vulnerability,CVE-2024-11056,vulnerability--f4330498-ee47-43d4-94ad-17d905d93c04
+vulnerability,CVE-2024-46954,vulnerability--b55101a6-d8a2-4167-a52e-07557434c7ef
+vulnerability,CVE-2024-46956,vulnerability--3b45836c-4a4f-4bea-a5be-9c7d1fd7ac9f
+vulnerability,CVE-2024-46952,vulnerability--f41bf906-0d22-496e-a875-c53c8ba03526
+vulnerability,CVE-2024-46953,vulnerability--1c5f69e0-8a32-4b64-885b-7a266e6864bb
+vulnerability,CVE-2024-46613,vulnerability--4d37f30f-c663-46fd-adb7-f011932a24fe
+vulnerability,CVE-2024-46951,vulnerability--90bce2ac-974c-4a7f-ae7a-1751a22fe17a
+vulnerability,CVE-2024-46955,vulnerability--7326db25-79bf-470b-82b1-0086d9d0d0dd
+vulnerability,CVE-2021-41737,vulnerability--81f67596-874e-4e37-a319-f5fc51283526
+vulnerability,CVE-2021-35473,vulnerability--c2265f42-69ed-4b1c-84eb-87438f067aa1
+vulnerability,CVE-2023-40457,vulnerability--716caaf9-acc9-45ad-b5eb-b9159c106b87
+vulnerability,CVE-2020-10370,vulnerability--cba6def1-60db-4555-8a56-53d7e80f155c
+vulnerability,CVE-2020-10369,vulnerability--28eed391-04f1-4049-88ba-f58c9aec4f92
+vulnerability,CVE-2020-10368,vulnerability--790adc4b-9d00-4b07-a28a-5decefc0fa45
+vulnerability,CVE-2020-10367,vulnerability--17121815-0732-461c-9dbe-87d07aeee619

objects/vulnerability/vulnerability--00483488-f54c-4821-879b-507859186a91.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--48f72d8b-44dd-4fbe-bf35-6e2edd1192da",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--00483488-f54c-4821-879b-507859186a91",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.726296Z",
+            "modified": "2024-11-11T00:21:31.726296Z",
+            "name": "CVE-2024-11046",
+            "description": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11046"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0b2153c8-3a8b-459c-91e3-0bdeac867f45.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9ce5658b-11ec-4bc7-a97c-4954b716946b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0b2153c8-3a8b-459c-91e3-0bdeac867f45",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.039772Z",
+            "modified": "2024-11-11T00:21:31.039772Z",
+            "name": "CVE-2024-51583",
+            "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-51583"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--127ae5ce-27d3-4428-be27-0f986f25c5f7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--07d771e3-3903-484b-b717-d26e71c1cad8",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--127ae5ce-27d3-4428-be27-0f986f25c5f7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.73071Z",
+            "modified": "2024-11-11T00:21:31.73071Z",
+            "name": "CVE-2024-11057",
+            "description": "A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11057"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--17121815-0732-461c-9dbe-87d07aeee619.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e989c9f3-96ff-48cd-9366-c2ac09bc1bfa",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--17121815-0732-461c-9dbe-87d07aeee619",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:46.616082Z",
+            "modified": "2024-11-11T00:21:46.616082Z",
+            "name": "CVE-2020-10367",
+            "description": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a \"Spectra\" attack.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2020-10367"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1c5f69e0-8a32-4b64-885b-7a266e6864bb.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f1c14615-73f8-4f58-8282-f4ec80b74a2e",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1c5f69e0-8a32-4b64-885b-7a266e6864bb",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:32.799694Z",
+            "modified": "2024-11-11T00:21:32.799694Z",
+            "name": "CVE-2024-46953",
+            "description": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-46953"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--28eed391-04f1-4049-88ba-f58c9aec4f92.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fdb0b286-6ecb-4f37-a839-62857ff61e30",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--28eed391-04f1-4049-88ba-f58c9aec4f92",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:46.557604Z",
+            "modified": "2024-11-11T00:21:46.557604Z",
+            "name": "CVE-2020-10369",
+            "description": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a \"Spectra\" attack.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2020-10369"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2b3979c1-29ea-41ee-88c1-8c9daf8042e8.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6f27012d-7e9e-424a-b3da-50383686968c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2b3979c1-29ea-41ee-88c1-8c9daf8042e8",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.03398Z",
+            "modified": "2024-11-11T00:21:31.03398Z",
+            "name": "CVE-2024-51576",
+            "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-51576"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--36a4972c-719d-4b2d-84a8-fbbfb45aa1e0.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e9dcd7b9-b4be-48ef-8718-722f45ad9d63",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--36a4972c-719d-4b2d-84a8-fbbfb45aa1e0",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.728761Z",
+            "modified": "2024-11-11T00:21:31.728761Z",
+            "name": "CVE-2024-11058",
+            "description": "A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11058"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3b45836c-4a4f-4bea-a5be-9c7d1fd7ac9f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--8489b11f-4971-49d5-9e96-b53f31872cb0",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3b45836c-4a4f-4bea-a5be-9c7d1fd7ac9f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:32.789887Z",
+            "modified": "2024-11-11T00:21:32.789887Z",
+            "name": "CVE-2024-46956",
+            "description": "An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-46956"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3c69f4fa-c60b-43a6-a74d-2fdafe0bdb14.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f869594f-f52a-4847-8f66-e0f1a5edc22f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3c69f4fa-c60b-43a6-a74d-2fdafe0bdb14",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.720515Z",
+            "modified": "2024-11-11T00:21:31.720515Z",
+            "name": "CVE-2024-11055",
+            "description": "A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11055"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3cd82b38-8f08-465e-b9a6-5809ada7a5a1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b15efb95-c755-422e-b739-6bebdb28c1e8",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3cd82b38-8f08-465e-b9a6-5809ada7a5a1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.028472Z",
+            "modified": "2024-11-11T00:21:31.028472Z",
+            "name": "CVE-2024-51584",
+            "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-51584"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4d37f30f-c663-46fd-adb7-f011932a24fe.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--8b7a11fb-c6b0-4c36-9333-588734c17628",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4d37f30f-c663-46fd-adb7-f011932a24fe",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:32.802558Z",
+            "modified": "2024-11-11T00:21:32.802558Z",
+            "name": "CVE-2024-46613",
+            "description": "WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-46613"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4d9070cf-0aaf-469b-b45d-c9cc3c225722.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c5065e53-bf8d-47f8-b1b5-e435e528034d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4d9070cf-0aaf-469b-b45d-c9cc3c225722",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.721858Z",
+            "modified": "2024-11-11T00:21:31.721858Z",
+            "name": "CVE-2024-11051",
+            "description": "A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11051"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--59fa8ad0-8849-4b36-a5bb-121d52932c34.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d4b47082-63d5-4456-af3c-1db9c33e2cb9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--59fa8ad0-8849-4b36-a5bb-121d52932c34",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:31.72414Z",
+            "modified": "2024-11-11T00:21:31.72414Z",
+            "name": "CVE-2024-11048",
+            "description": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11048"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--716caaf9-acc9-45ad-b5eb-b9159c106b87.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--669a8809-76bc-42c2-a694-03c6cb4a705f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--716caaf9-acc9-45ad-b5eb-b9159c106b87",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-11T00:21:41.716578Z",
+            "modified": "2024-11-11T00:21:41.716578Z",
+            "name": "CVE-2023-40457",
+            "description": "** DISPUTED ** The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is \"evaluating support for RFC 7606 as a future feature\" and believes that \"customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks.\"",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-40457"
+                }
+            ]
+        }
+    ]
+}