generated content from 2024-11-04

mapping.csv

@@ -254555,3 +254555,9 @@ vulnerability,CVE-2024-34885,vulnerability--8520aded-36c6-433e-aa19-6c804b9e5ce3
 vulnerability,CVE-2024-34891,vulnerability--b12e8f97-cee5-4100-848d-45531b1f0db9
 vulnerability,CVE-2024-34887,vulnerability--d876033b-ebe4-4fde-8716-2e9e6740d5bd
 vulnerability,CVE-2024-34882,vulnerability--bce2e7be-1301-410b-a0b8-7a547704920d
+vulnerability,CVE-2024-30617,vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda
+vulnerability,CVE-2024-30619,vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369
+vulnerability,CVE-2024-30618,vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6
+vulnerability,CVE-2024-45185,vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a
+vulnerability,CVE-2024-45086,vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541
+vulnerability,CVE-2024-10791,vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4

objects/vulnerability/vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--34f4ffd2-fc44-454d-8a07-3bb0f184c2fa",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.18849Z",
+            "modified": "2024-11-04T20:20:21.18849Z",
+            "name": "CVE-2024-45086",
+            "description": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45086"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b2d21ba8-4bd6-48ed-9892-88755012cf72",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.177337Z",
+            "modified": "2024-11-04T20:20:21.177337Z",
+            "name": "CVE-2024-45185",
+            "description": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-45185"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--51bf2513-9b7c-4b76-93ee-ff73a8aa4fca",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.059902Z",
+            "modified": "2024-11-04T20:20:21.059902Z",
+            "name": "CVE-2024-30617",
+            "description": "A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 \"/main/social/home.php,\" allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-30617"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--32162409-f628-4b70-b395-5dce4d3a9852",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.089598Z",
+            "modified": "2024-11-04T20:20:21.089598Z",
+            "name": "CVE-2024-30619",
+            "description": "Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via \"/main/inc/ajax/message.ajax.php?a=get_count_message\" AND \"/main/inc/ajax/online.ajax.php?a=get_users_online.\"",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-30619"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f18550dc-650b-494f-9881-7c1b79194bff",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.09755Z",
+            "modified": "2024-11-04T20:20:21.09755Z",
+            "name": "CVE-2024-30618",
+            "description": "A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-30618"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--33b433b5-54e9-4219-8a8f-375db07f4c43",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-04T20:20:21.222969Z",
+            "modified": "2024-11-04T20:20:21.222969Z",
+            "name": "CVE-2024-10791",
+            "description": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-10791"
+                }
+            ]
+        }
+    ]
+}