generated content from 2024-10-10

mapping.csv

@@ -251639,3 +251639,7 @@ vulnerability,CVE-2024-9787,vulnerability--9ed2da60-a1c2-48a5-b621-eb889ac7f792
 vulnerability,CVE-2024-4658,vulnerability--b9b81c1e-9e92-4de9-be60-2863c38e7063
 vulnerability,CVE-2024-9788,vulnerability--8060ba73-1673-46a4-af71-d2b3bde855a5
 vulnerability,CVE-2024-9789,vulnerability--2462ed10-c170-48dc-a049-2307c3670b41
+vulnerability,CVE-2024-9793,vulnerability--bba64a8f-98fb-4c68-97b2-06dd95b42cd9
+vulnerability,CVE-2024-9792,vulnerability--320ef687-0b60-4bc0-aa38-92eeacd81ab5
+vulnerability,CVE-2024-9790,vulnerability--92245c2f-5f0b-4d96-bbe5-1334b04d09b6
+vulnerability,CVE-2023-25581,vulnerability--9d93c90e-e563-4d9b-b495-c93ee693880b

objects/vulnerability/vulnerability--320ef687-0b60-4bc0-aa38-92eeacd81ab5.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--01bbb696-1a06-4432-9b7e-81b67474e5f3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--320ef687-0b60-4bc0-aa38-92eeacd81ab5",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-10T16:23:53.302074Z",
+            "modified": "2024-10-10T16:23:53.302074Z",
+            "name": "CVE-2024-9792",
+            "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9792"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--92245c2f-5f0b-4d96-bbe5-1334b04d09b6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--914c3637-2a52-44a2-a62b-853b1b5eea38",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--92245c2f-5f0b-4d96-bbe5-1334b04d09b6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-10T16:23:53.306977Z",
+            "modified": "2024-10-10T16:23:53.306977Z",
+            "name": "CVE-2024-9790",
+            "description": "A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9790"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--9d93c90e-e563-4d9b-b495-c93ee693880b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e35915e9-9a11-4247-8958-4b589dd2c3d0",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--9d93c90e-e563-4d9b-b495-c93ee693880b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-10T16:24:03.042447Z",
+            "modified": "2024-10-10T16:24:03.042447Z",
+            "name": "CVE-2023-25581",
+            "description": "pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-25581"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--bba64a8f-98fb-4c68-97b2-06dd95b42cd9.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2932bbea-8c72-4354-b347-28abf6ccfa0a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--bba64a8f-98fb-4c68-97b2-06dd95b42cd9",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-10-10T16:23:53.240317Z",
+            "modified": "2024-10-10T16:23:53.240317Z",
+            "name": "CVE-2024-9793",
+            "description": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-9793"
+                }
+            ]
+        }
+    ]
+}