generated content from 2024-10-03

mapping.csv

@@ -250659,3 +250659,94 @@ vulnerability,CVE-2024-47523,vulnerability--6a062210-2a7d-4944-8747-ade2124900c1
 vulnerability,CVE-2023-3441,vulnerability--dbf322d5-0221-4d2d-9f66-759fb9491d23
 vulnerability,CVE-2023-7273,vulnerability--63559473-806e-469d-bc15-df3510024a5d
 vulnerability,CVE-2021-37577,vulnerability--cf6a874c-4e1b-49a8-bcfe-75083662fde7
+vulnerability,CVE-2024-33210,vulnerability--2a45da02-cd59-4942-a879-5166489e4ff1
+vulnerability,CVE-2024-33662,vulnerability--2bf1f751-51bf-47de-8e31-81f4b94885e6
+vulnerability,CVE-2024-33209,vulnerability--4e4b71bd-d11e-43e6-8484-78d8e1c2e722
+vulnerability,CVE-2024-43795,vulnerability--e144a571-3fd6-408a-a38b-b2fb9afd529d
+vulnerability,CVE-2024-24117,vulnerability--8103dc4b-1220-4dbc-a381-689cc0805a18
+vulnerability,CVE-2024-24122,vulnerability--1910f2b4-27d6-4f3f-ac8c-7b6a8454a998
+vulnerability,CVE-2024-24116,vulnerability--2ccb5fc1-e6cd-44cb-9abd-ef6c81f811c9
+vulnerability,CVE-2024-45186,vulnerability--cd774b18-0f0e-4ed9-a5a1-85366ac7e359
+vulnerability,CVE-2024-45962,vulnerability--48985f6b-4d93-4fdd-9484-e0ff47132ebc
+vulnerability,CVE-2024-45519,vulnerability--bd6e0a7f-13b4-49f0-8d19-89707144aefc
+vulnerability,CVE-2024-45960,vulnerability--22a28f06-e72b-4d3a-9c0a-04b184a02140
+vulnerability,CVE-2024-45965,vulnerability--e7fac862-f3d9-46fb-9328-542e984e2e67
+vulnerability,CVE-2024-45964,vulnerability--4e529e32-3dea-44ec-ad89-6cf10a8bf216
+vulnerability,CVE-2024-35293,vulnerability--28caca79-c508-43e4-b7a2-e484e710c9f6
+vulnerability,CVE-2024-35294,vulnerability--eaf36f3f-d89d-451b-920d-6bd8a6220479
+vulnerability,CVE-2024-9225,vulnerability--2f5262bd-4a91-4c59-a838-fc7c00a5c0f8
+vulnerability,CVE-2024-9423,vulnerability--cbc4fb2a-fec1-4f3f-b0b5-35625da9d8a1
+vulnerability,CVE-2024-9174,vulnerability--97fbcf92-401a-4465-815d-339fdf70cd35
+vulnerability,CVE-2024-9441,vulnerability--6dbfee16-9e4e-4f23-a0ad-03e0d4b02781
+vulnerability,CVE-2024-9210,vulnerability--45dc3206-50ab-452f-9bfc-2497ee03207f
+vulnerability,CVE-2024-9344,vulnerability--0181e338-e5ea-4181-b53c-606bf39c9dfc
+vulnerability,CVE-2024-9440,vulnerability--fbe6d6b9-5ac3-4db4-9af2-f9a0c1776b7a
+vulnerability,CVE-2024-9333,vulnerability--59744b44-b4d2-49c2-8c48-9ae11a255b81
+vulnerability,CVE-2024-9378,vulnerability--e36f0ead-5e15-4881-8623-9dee767ff922
+vulnerability,CVE-2024-9222,vulnerability--5ac58f1e-51ad-442c-92d0-fac834e4bc92
+vulnerability,CVE-2024-9172,vulnerability--77f7b440-9bb2-486c-a76b-42bbbd1048a9
+vulnerability,CVE-2024-9218,vulnerability--fc47f7ad-7a39-4ed0-ae83-d8f78426ab24
+vulnerability,CVE-2024-9429,vulnerability--093a6111-bea7-496d-b09f-0fa824e1a537
+vulnerability,CVE-2024-8505,vulnerability--42436c30-a9b7-4e4b-826a-f5950b880151
+vulnerability,CVE-2024-8037,vulnerability--cab4ef73-ed19-40c0-8832-045d4173fa0b
+vulnerability,CVE-2024-8800,vulnerability--45bf07cd-620c-4f19-8601-63011fe5ea92
+vulnerability,CVE-2024-8282,vulnerability--56b7391d-64b1-46ba-a066-7173f65c2118
+vulnerability,CVE-2024-8885,vulnerability--fb8444b1-bdad-4ff7-9fb1-10e96128d523
+vulnerability,CVE-2024-8254,vulnerability--f1a57214-4430-4d0a-8bc8-72cfc39edfab
+vulnerability,CVE-2024-8038,vulnerability--55e04b42-864d-4707-aef9-607ed6ca86ad
+vulnerability,CVE-2024-8733,vulnerability--08555ed5-b4ef-4b90-8971-13eadd305be7
+vulnerability,CVE-2024-8967,vulnerability--ade550b8-5b6c-4089-acff-474661517577
+vulnerability,CVE-2024-46626,vulnerability--9f311880-72ad-4c61-a152-910f9a7b84e8
+vulnerability,CVE-2024-46977,vulnerability--fe3e7a0b-089a-4fac-8440-44a00a23c0cd
+vulnerability,CVE-2024-6360,vulnerability--27a522c9-a62f-4677-87c4-e09eeb538e9d
+vulnerability,CVE-2024-20393,vulnerability--55e932a0-520c-41d3-ae74-841abe895f14
+vulnerability,CVE-2024-20365,vulnerability--88ec20e2-ab2b-462c-b360-9ccffc2bfe48
+vulnerability,CVE-2024-20491,vulnerability--ae90eee4-f3f0-4b2e-9132-ed8972111f83
+vulnerability,CVE-2024-20509,vulnerability--23bc4543-74d4-4419-85ed-1aff8cdb2a7b
+vulnerability,CVE-2024-20444,vulnerability--ace59fdc-cb05-4c8f-b20a-34c5757f9260
+vulnerability,CVE-2024-20516,vulnerability--f30682e9-30d7-49ed-9ea1-e796c06092dd
+vulnerability,CVE-2024-20524,vulnerability--1fee9aad-98de-4c9e-b806-c7c88af7467d
+vulnerability,CVE-2024-20515,vulnerability--1f0651f9-d80e-40b3-86d6-4014113168d5
+vulnerability,CVE-2024-20522,vulnerability--d50d2b0f-1b41-436c-af7f-6e273aaa2cae
+vulnerability,CVE-2024-20432,vulnerability--c7080e0b-495e-491c-8eeb-f62d58c21f42
+vulnerability,CVE-2024-20477,vulnerability--3cdac1d9-7969-46aa-b5d7-c4bf32b3b836
+vulnerability,CVE-2024-20438,vulnerability--04c7e905-a738-4d97-97a8-abe433853240
+vulnerability,CVE-2024-20492,vulnerability--47303264-23d6-4c69-b7c7-201460293dd9
+vulnerability,CVE-2024-20500,vulnerability--539de102-4bce-4e03-9937-94fb2ae97e1f
+vulnerability,CVE-2024-20517,vulnerability--d112a272-eed2-4fc7-8369-e34e51fbf09c
+vulnerability,CVE-2024-20498,vulnerability--92281be8-cd4a-4bf2-98ed-1899c3ada560
+vulnerability,CVE-2024-20490,vulnerability--eb1efb62-0932-4ffc-9c50-bf627f59c19e
+vulnerability,CVE-2024-20448,vulnerability--96e04f1c-6a11-4b2b-91bf-91e42d0fca46
+vulnerability,CVE-2024-20519,vulnerability--6313971d-0c5c-48cb-9ae3-7fb578977440
+vulnerability,CVE-2024-20502,vulnerability--07291b9d-1e37-4f2a-b97c-7d662cc5e0d0
+vulnerability,CVE-2024-20501,vulnerability--2f4a184c-09f6-4094-8bb2-521ac4c786a8
+vulnerability,CVE-2024-20441,vulnerability--88be6ac2-f9d1-4853-9f6c-09d6118dd10c
+vulnerability,CVE-2024-20513,vulnerability--6ca61c12-4848-4df7-b65f-3fb87d0d25b3
+vulnerability,CVE-2024-20520,vulnerability--8f0491da-12e1-4060-9848-cbea384fb434
+vulnerability,CVE-2024-20523,vulnerability--dc6f755d-c697-41fb-b3cb-cb82788e50e6
+vulnerability,CVE-2024-20470,vulnerability--70709749-0938-48ba-a7c1-2c8f0a8fc366
+vulnerability,CVE-2024-20449,vulnerability--b2208151-fcb4-424a-881e-52e4c569552a
+vulnerability,CVE-2024-20499,vulnerability--8378bb0a-9218-4507-9d3c-e03b30962902
+vulnerability,CVE-2024-20521,vulnerability--524254a5-93be-4112-a0c4-6190c6c50ebd
+vulnerability,CVE-2024-20385,vulnerability--1977f413-a182-4902-8411-f7727964dd0a
+vulnerability,CVE-2024-20442,vulnerability--052f0ede-436d-45a6-a543-f2bbd59ecb45
+vulnerability,CVE-2024-20518,vulnerability--8587b0ab-0424-49db-9948-9a999c9d9461
+vulnerability,CVE-2024-28888,vulnerability--084c1b90-79a0-44e8-b99e-a74b1fa92935
+vulnerability,CVE-2024-44097,vulnerability--910f3efb-eb33-40d4-956c-9d803a8c0582
+vulnerability,CVE-2024-44030,vulnerability--c346426a-2ebb-4612-929f-e9c5d35a230f
+vulnerability,CVE-2024-44193,vulnerability--ffdf16b5-60ba-4586-9b08-9e72e7a4273f
+vulnerability,CVE-2024-44017,vulnerability--38052608-7e3e-4883-affc-cae839da56eb
+vulnerability,CVE-2024-7855,vulnerability--053ad03d-6530-47d8-b216-da79d2a09409
+vulnerability,CVE-2024-7558,vulnerability--45819d4b-02d1-4318-b61f-992897742cb4
+vulnerability,CVE-2024-7315,vulnerability--5d0e5228-fbf0-406a-b907-b78d23755f56
+vulnerability,CVE-2024-21530,vulnerability--4d2d31b6-467f-425d-be55-cb8ae6be2025
+vulnerability,CVE-2024-41290,vulnerability--adb12f32-e78b-4c59-8a45-68253666d0fe
+vulnerability,CVE-2024-47616,vulnerability--bf8d2a32-ba32-440a-94c9-a013e3de9ad1
+vulnerability,CVE-2024-47803,vulnerability--626c68b0-3d24-43c9-9261-245a76b416b1
+vulnerability,CVE-2024-47806,vulnerability--62b6eeb6-7bcb-4bfd-a6cf-1cfa9fb9ed32
+vulnerability,CVE-2024-47612,vulnerability--e13343df-f25b-4d0a-a469-9d34fbf8b2eb
+vulnerability,CVE-2024-47611,vulnerability--f15deb09-5e6e-4f97-a53c-1da031f2fcad
+vulnerability,CVE-2024-47805,vulnerability--3e6e75fc-7e14-4c8c-96bf-0895d2a5b932
+vulnerability,CVE-2024-47529,vulnerability--e0175a96-caee-4225-bf5e-a97eaae6e2a6
+vulnerability,CVE-2024-47807,vulnerability--b25f9cb7-8e08-47b9-b96a-94e71a78a0db
+vulnerability,CVE-2024-47804,vulnerability--c39d8dbe-742f-42ac-a3b5-0060c3ba7370

objects/vulnerability/vulnerability--0181e338-e5ea-4181-b53c-606bf39c9dfc.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--46f82923-b2fd-41c1-a35e-3a9d8dc31b0d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0181e338-e5ea-4181-b53c-606bf39c9dfc",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:15.702781Z",
+            "modified": "2024-10-03T00:20:15.702781Z",
+            "name": "CVE-2024-9344",
+            "description": "The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9344"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--04c7e905-a738-4d97-97a8-abe433853240.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9a4fdb1b-b0b7-4426-b8cc-7762eeda7dac",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--04c7e905-a738-4d97-97a8-abe433853240",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:16.134754Z",
+            "modified": "2024-10-03T00:20:16.134754Z",
+            "name": "CVE-2024-20438",
+            "description": "A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files.\r\nNote: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-20438"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--052f0ede-436d-45a6-a543-f2bbd59ecb45.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b7e16a13-bc47-467d-8990-dd1df477e628",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--052f0ede-436d-45a6-a543-f2bbd59ecb45",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:16.18333Z",
+            "modified": "2024-10-03T00:20:16.18333Z",
+            "name": "CVE-2024-20442",
+            "description": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-20442"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--053ad03d-6530-47d8-b216-da79d2a09409.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--160b8ba7-5407-45b0-8c7a-c34c756ae400",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--053ad03d-6530-47d8-b216-da79d2a09409",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:16.491193Z",
+            "modified": "2024-10-03T00:20:16.491193Z",
+            "name": "CVE-2024-7855",
+            "description": "The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7855"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--07291b9d-1e37-4f2a-b97c-7d662cc5e0d0.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0ca7cb1b-13a0-4b56-aa9c-c5393c738a6a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--07291b9d-1e37-4f2a-b97c-7d662cc5e0d0",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:16.15431Z",
+            "modified": "2024-10-03T00:20:16.15431Z",
+            "name": "CVE-2024-20502",
+            "description": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-20502"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--084c1b90-79a0-44e8-b99e-a74b1fa92935.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--ee0785bd-6ee5-4d1e-82d2-9e3d39636b37",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--084c1b90-79a0-44e8-b99e-a74b1fa92935",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:16.316502Z",
+            "modified": "2024-10-03T00:20:16.316502Z",
+            "name": "CVE-2024-28888",
+            "description": "A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox  field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-28888"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--08555ed5-b4ef-4b90-8971-13eadd305be7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0c1adc0b-4113-4986-ad7a-770c087eb90e",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--08555ed5-b4ef-4b90-8971-13eadd305be7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:15.771258Z",
+            "modified": "2024-10-03T00:20:15.771258Z",
+            "name": "CVE-2024-8733",
+            "description": "A potential security vulnerability\nhas been identified in the HP One Agent for certain HP PC products, which might\nallow for escalation of privilege. HP is releasing software updates to mitigate\nthis potential vulnerability.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-8733"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--093a6111-bea7-496d-b09f-0fa824e1a537.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--9b07e890-bc80-48b7-bc72-156475b6b0c9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--093a6111-bea7-496d-b09f-0fa824e1a537",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:15.719072Z",
+            "modified": "2024-10-03T00:20:15.719072Z",
+            "name": "CVE-2024-9429",
+            "description": "A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"from\" to be affected. But it must be assumed that parameter \"to\" is affected as well.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9429"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1910f2b4-27d6-4f3f-ac8c-7b6a8454a998.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--016af800-f408-4cec-b8e1-5550f36c24ea",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1910f2b4-27d6-4f3f-ac8c-7b6a8454a998",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-03T00:20:15.388768Z",
+            "modified": "2024-10-03T00:20:15.388768Z",
+            "name": "CVE-2024-24122",
+            "description": "A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-24122"
+                }
+            ]
+        }
+    ]
+}