diff --git a/mapping.csv b/mapping.csv index d85f674b62..2de1da1a4e 100644 --- a/mapping.csv +++ b/mapping.csv @@ -254540,3 +254540,11 @@ vulnerability,CVE-2024-50528,vulnerability--ea5e0e56-4bdd-4f3e-bb15-a75d982df393 vulnerability,CVE-2024-10765,vulnerability--4ae5cf57-edc7-4fa3-8d0a-5db8afa59a3b vulnerability,CVE-2024-10764,vulnerability--e924c203-1ca8-45d4-b4ab-fc57cff9e6c6 vulnerability,CVE-2024-48809,vulnerability--7d8f5b2a-6bae-49f5-888b-9376f4024463 +vulnerability,CVE-2024-51136,vulnerability--6bccca80-2499-47ef-810b-fc29945e90c7 +vulnerability,CVE-2024-51327,vulnerability--6a83a3c0-4be6-400a-aa11-39fa2059f7aa +vulnerability,CVE-2024-51329,vulnerability--7233ad59-1054-420d-a319-fbb299268e3c +vulnerability,CVE-2024-51127,vulnerability--6395cd91-e334-46ce-9ab0-9531aa8fb538 +vulnerability,CVE-2024-51328,vulnerability--84ae5468-ef95-4530-975b-8c635ede218b +vulnerability,CVE-2024-51326,vulnerability--ef41793b-463b-4a15-9c40-d7e70774b5ba +vulnerability,CVE-2024-48336,vulnerability--0dd30562-3917-4458-84af-0c64854879de +vulnerability,CVE-2024-10766,vulnerability--1ed4317e-7533-4f23-9a60-d321dbea0865 diff --git a/objects/vulnerability/vulnerability--0dd30562-3917-4458-84af-0c64854879de.json b/objects/vulnerability/vulnerability--0dd30562-3917-4458-84af-0c64854879de.json new file mode 100644 index 0000000000..73cfe819bc --- /dev/null +++ b/objects/vulnerability/vulnerability--0dd30562-3917-4458-84af-0c64854879de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f12fcdb7-63f7-4965-9e1f-00a52921ec29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0dd30562-3917-4458-84af-0c64854879de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.673248Z", + "modified": "2024-11-04T18:25:51.673248Z", + "name": "CVE-2024-48336", + "description": "The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ed4317e-7533-4f23-9a60-d321dbea0865.json b/objects/vulnerability/vulnerability--1ed4317e-7533-4f23-9a60-d321dbea0865.json new file mode 100644 index 0000000000..0512a7f022 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ed4317e-7533-4f23-9a60-d321dbea0865.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cae2d757-f760-448c-927b-ff473a3ddf87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ed4317e-7533-4f23-9a60-d321dbea0865", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.87447Z", + "modified": "2024-11-04T18:25:51.87447Z", + "name": "CVE-2024-10766", + "description": "A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6395cd91-e334-46ce-9ab0-9531aa8fb538.json b/objects/vulnerability/vulnerability--6395cd91-e334-46ce-9ab0-9531aa8fb538.json new file mode 100644 index 0000000000..ac4bc4a309 --- /dev/null +++ b/objects/vulnerability/vulnerability--6395cd91-e334-46ce-9ab0-9531aa8fb538.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c7090a9-bc35-41ce-b140-f1258edb5aca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6395cd91-e334-46ce-9ab0-9531aa8fb538", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.614774Z", + "modified": "2024-11-04T18:25:51.614774Z", + "name": "CVE-2024-51127", + "description": "An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51127" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a83a3c0-4be6-400a-aa11-39fa2059f7aa.json b/objects/vulnerability/vulnerability--6a83a3c0-4be6-400a-aa11-39fa2059f7aa.json new file mode 100644 index 0000000000..75f6bc3a80 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a83a3c0-4be6-400a-aa11-39fa2059f7aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bef1eed6-95e3-48e7-b116-698522afd67e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a83a3c0-4be6-400a-aa11-39fa2059f7aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.577736Z", + "modified": "2024-11-04T18:25:51.577736Z", + "name": "CVE-2024-51327", + "description": "SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6bccca80-2499-47ef-810b-fc29945e90c7.json b/objects/vulnerability/vulnerability--6bccca80-2499-47ef-810b-fc29945e90c7.json new file mode 100644 index 0000000000..a4d32501f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--6bccca80-2499-47ef-810b-fc29945e90c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2de9514b-6d91-45eb-9915-a5433cf06e5a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6bccca80-2499-47ef-810b-fc29945e90c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.575025Z", + "modified": "2024-11-04T18:25:51.575025Z", + "name": "CVE-2024-51136", + "description": "An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7233ad59-1054-420d-a319-fbb299268e3c.json b/objects/vulnerability/vulnerability--7233ad59-1054-420d-a319-fbb299268e3c.json new file mode 100644 index 0000000000..ff9c3ec103 --- /dev/null +++ b/objects/vulnerability/vulnerability--7233ad59-1054-420d-a319-fbb299268e3c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a65ba783-3f9f-4731-a586-c11b885886e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7233ad59-1054-420d-a319-fbb299268e3c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.597433Z", + "modified": "2024-11-04T18:25:51.597433Z", + "name": "CVE-2024-51329", + "description": "A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84ae5468-ef95-4530-975b-8c635ede218b.json b/objects/vulnerability/vulnerability--84ae5468-ef95-4530-975b-8c635ede218b.json new file mode 100644 index 0000000000..1a0260945f --- /dev/null +++ b/objects/vulnerability/vulnerability--84ae5468-ef95-4530-975b-8c635ede218b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0bd304f4-f6ae-445c-9625-4ab87ffe18a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84ae5468-ef95-4530-975b-8c635ede218b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.618448Z", + "modified": "2024-11-04T18:25:51.618448Z", + "name": "CVE-2024-51328", + "description": "Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef41793b-463b-4a15-9c40-d7e70774b5ba.json b/objects/vulnerability/vulnerability--ef41793b-463b-4a15-9c40-d7e70774b5ba.json new file mode 100644 index 0000000000..7e51fa1c98 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef41793b-463b-4a15-9c40-d7e70774b5ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59e7c32e-965d-4887-bef3-4a7c082d6c25", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef41793b-463b-4a15-9c40-d7e70774b5ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-11-04T18:25:51.623757Z", + "modified": "2024-11-04T18:25:51.623757Z", + "name": "CVE-2024-51326", + "description": "SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51326" + } + ] + } + ] +} \ No newline at end of file