diff --git a/mapping.csv b/mapping.csv index d09e5f6d38..5b15745b61 100644 --- a/mapping.csv +++ b/mapping.csv @@ -254555,3 +254555,9 @@ vulnerability,CVE-2024-34885,vulnerability--8520aded-36c6-433e-aa19-6c804b9e5ce3 vulnerability,CVE-2024-34891,vulnerability--b12e8f97-cee5-4100-848d-45531b1f0db9 vulnerability,CVE-2024-34887,vulnerability--d876033b-ebe4-4fde-8716-2e9e6740d5bd vulnerability,CVE-2024-34882,vulnerability--bce2e7be-1301-410b-a0b8-7a547704920d +vulnerability,CVE-2024-30617,vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda +vulnerability,CVE-2024-30619,vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369 +vulnerability,CVE-2024-30618,vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6 +vulnerability,CVE-2024-45185,vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a +vulnerability,CVE-2024-45086,vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541 +vulnerability,CVE-2024-10791,vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4 diff --git a/objects/vulnerability/vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541.json b/objects/vulnerability/vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541.json new file mode 100644 index 0000000000..ec2c9a21e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34f4ffd2-fc44-454d-8a07-3bb0f184c2fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e90a8a1-63be-4ff2-8471-26f63d512541", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.18849Z", + "modified": "2024-11-04T20:20:21.18849Z", + "name": "CVE-2024-45086", + "description": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45086" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a.json b/objects/vulnerability/vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a.json new file mode 100644 index 0000000000..7d106468f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2d21ba8-4bd6-48ed-9892-88755012cf72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ed9f618-0044-462a-b7a8-8b0a250a550a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.177337Z", + "modified": "2024-11-04T20:20:21.177337Z", + "name": "CVE-2024-45185", + "description": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45185" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda.json b/objects/vulnerability/vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda.json new file mode 100644 index 0000000000..086fc652c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51bf2513-9b7c-4b76-93ee-ff73a8aa4fca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a7d604c-4354-4626-ae3d-6f201c13efda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.059902Z", + "modified": "2024-11-04T20:20:21.059902Z", + "name": "CVE-2024-30617", + "description": "A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 \"/main/social/home.php,\" allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-30617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369.json b/objects/vulnerability/vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369.json new file mode 100644 index 0000000000..4dd52ffa17 --- /dev/null +++ b/objects/vulnerability/vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--32162409-f628-4b70-b395-5dce4d3a9852", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8017f870-15f5-41dd-99fa-3ac7f44b4369", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.089598Z", + "modified": "2024-11-04T20:20:21.089598Z", + "name": "CVE-2024-30619", + "description": "Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via \"/main/inc/ajax/message.ajax.php?a=get_count_message\" AND \"/main/inc/ajax/online.ajax.php?a=get_users_online.\"", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-30619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6.json b/objects/vulnerability/vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6.json new file mode 100644 index 0000000000..af98d66892 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f18550dc-650b-494f-9881-7c1b79194bff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb1e7314-93c9-41ca-a29c-a573efc329f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.09755Z", + "modified": "2024-11-04T20:20:21.09755Z", + "name": "CVE-2024-30618", + "description": "A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-30618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4.json b/objects/vulnerability/vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4.json new file mode 100644 index 0000000000..1b7c893b3a --- /dev/null +++ b/objects/vulnerability/vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33b433b5-54e9-4219-8a8f-375db07f4c43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f40590f5-a2ba-4aa9-90f1-938e7df9a2a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T20:20:21.222969Z", + "modified": "2024-11-04T20:20:21.222969Z", + "name": "CVE-2024-10791", + "description": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10791" + } + ] + } + ] +} \ No newline at end of file