generated content from 2024-11-25

mapping.csv

@@ -257716,3 +257716,19 @@ vulnerability,CVE-2024-11632,vulnerability--a4f29bc9-7f42-46c2-a0f1-84e9a4a29b25
 vulnerability,CVE-2024-41761,vulnerability--819a3330-40e8-4f4e-9112-4fa418e83745
 vulnerability,CVE-2024-35160,vulnerability--f37566f6-d9c0-4164-a6a4-faef889c8e93
 vulnerability,CVE-2023-7299,vulnerability--947a9b40-7aa6-4e67-8c69-739f4085d862
+vulnerability,CVE-2024-11646,vulnerability--0360abfb-2619-4e8b-b3de-de4b5550d071
+vulnerability,CVE-2024-11666,vulnerability--5ba5b161-e0b0-4617-bb66-8852fb548356
+vulnerability,CVE-2024-11233,vulnerability--e73cebb1-5c9d-4a2d-888d-5bacb1b0f78c
+vulnerability,CVE-2024-11665,vulnerability--cce76075-d7d0-40d2-a439-268c7dcbb714
+vulnerability,CVE-2024-11234,vulnerability--b15a0f19-66fc-4049-849e-9ad815803495
+vulnerability,CVE-2024-11236,vulnerability--0d4ff7f3-7c5c-4e52-ad6f-8b188e99a0f7
+vulnerability,CVE-2024-53901,vulnerability--e1f96cef-279a-4d8b-a906-2765f8ceacd5
+vulnerability,CVE-2024-53910,vulnerability--426d3445-d16d-4002-ad49-83836e265045
+vulnerability,CVE-2024-53912,vulnerability--93ff5411-f7e9-46f3-b768-9c082b3cc9b2
+vulnerability,CVE-2024-53909,vulnerability--1ea81a0c-5d05-4f35-88ca-b455ec1022e7
+vulnerability,CVE-2024-53916,vulnerability--f99494a7-970a-450a-8a86-581d353a756a
+vulnerability,CVE-2024-53913,vulnerability--b1f09b60-fb0f-42bf-85c3-3279ee5c5847
+vulnerability,CVE-2024-53914,vulnerability--3d419a03-2a61-49e6-ae77-d17eba855d4e
+vulnerability,CVE-2024-53911,vulnerability--f784b659-0e66-4855-80d3-21c2c14c4e06
+vulnerability,CVE-2024-53915,vulnerability--cbd1cdd8-fb56-4767-a3fc-0b0d1bf0afdc
+vulnerability,CVE-2024-53899,vulnerability--7fb02c6d-69f2-4174-90e2-7a0cfd6e8845

objects/vulnerability/vulnerability--0360abfb-2619-4e8b-b3de-de4b5550d071.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1d69ba97-b4f4-4be3-ad3b-48cee69cc95d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0360abfb-2619-4e8b-b3de-de4b5550d071",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.546099Z",
+            "modified": "2024-11-25T00:40:14.546099Z",
+            "name": "CVE-2024-11646",
+            "description": "A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11646"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0d4ff7f3-7c5c-4e52-ad6f-8b188e99a0f7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d050fca5-b3f1-454a-939e-0da974942227",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0d4ff7f3-7c5c-4e52-ad6f-8b188e99a0f7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.579453Z",
+            "modified": "2024-11-25T00:40:14.579453Z",
+            "name": "CVE-2024-11236",
+            "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11236"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--1ea81a0c-5d05-4f35-88ca-b455ec1022e7.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2379be87-a772-4054-9a15-568c7e358938",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--1ea81a0c-5d05-4f35-88ca-b455ec1022e7",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.844175Z",
+            "modified": "2024-11-25T00:40:14.844175Z",
+            "name": "CVE-2024-53909",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53909"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3d419a03-2a61-49e6-ae77-d17eba855d4e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4a290ac2-f2a2-4033-bcaa-6acd977ea601",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3d419a03-2a61-49e6-ae77-d17eba855d4e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.861772Z",
+            "modified": "2024-11-25T00:40:14.861772Z",
+            "name": "CVE-2024-53914",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53914"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--426d3445-d16d-4002-ad49-83836e265045.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2cbb4905-531a-4f14-bc1d-998d4b3fddd7",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--426d3445-d16d-4002-ad49-83836e265045",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.832775Z",
+            "modified": "2024-11-25T00:40:14.832775Z",
+            "name": "CVE-2024-53910",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53910"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--5ba5b161-e0b0-4617-bb66-8852fb548356.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--24294d8f-65a0-4b4b-a905-fa55c5f640fc",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--5ba5b161-e0b0-4617-bb66-8852fb548356",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.554854Z",
+            "modified": "2024-11-25T00:40:14.554854Z",
+            "name": "CVE-2024-11666",
+            "description": "Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users  suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.\n\nThis issue affects cph2_echarge_firmware: through 2.0.4.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11666"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--7fb02c6d-69f2-4174-90e2-7a0cfd6e8845.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fc372283-21a9-49c5-8c0c-d4e497e5c0d6",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--7fb02c6d-69f2-4174-90e2-7a0cfd6e8845",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.866122Z",
+            "modified": "2024-11-25T00:40:14.866122Z",
+            "name": "CVE-2024-53899",
+            "description": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53899"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--93ff5411-f7e9-46f3-b768-9c082b3cc9b2.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c059c113-b066-4935-ad7c-f6f3d8a66631",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--93ff5411-f7e9-46f3-b768-9c082b3cc9b2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.834436Z",
+            "modified": "2024-11-25T00:40:14.834436Z",
+            "name": "CVE-2024-53912",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53912"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--b15a0f19-66fc-4049-849e-9ad815803495.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6a4bc187-8c9e-4376-812f-5afceb05c96c",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b15a0f19-66fc-4049-849e-9ad815803495",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.577748Z",
+            "modified": "2024-11-25T00:40:14.577748Z",
+            "name": "CVE-2024-11234",
+            "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11234"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--b1f09b60-fb0f-42bf-85c3-3279ee5c5847.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f99b33e9-20e0-4536-ad89-fbab1add2cc9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b1f09b60-fb0f-42bf-85c3-3279ee5c5847",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.858357Z",
+            "modified": "2024-11-25T00:40:14.858357Z",
+            "name": "CVE-2024-53913",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53913"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--cbd1cdd8-fb56-4767-a3fc-0b0d1bf0afdc.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--7e604231-70fc-4cc6-af10-2dc7e6eb0518",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--cbd1cdd8-fb56-4767-a3fc-0b0d1bf0afdc",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.864857Z",
+            "modified": "2024-11-25T00:40:14.864857Z",
+            "name": "CVE-2024-53915",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53915"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--cce76075-d7d0-40d2-a439-268c7dcbb714.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--64952ba8-cbcc-46d4-bfb9-5977dad5e1bd",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--cce76075-d7d0-40d2-a439-268c7dcbb714",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.56976Z",
+            "modified": "2024-11-25T00:40:14.56976Z",
+            "name": "CVE-2024-11665",
+            "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11665"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--e1f96cef-279a-4d8b-a906-2765f8ceacd5.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--838513e5-ca1e-4b5b-8f15-be4241b86412",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--e1f96cef-279a-4d8b-a906-2765f8ceacd5",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.831355Z",
+            "modified": "2024-11-25T00:40:14.831355Z",
+            "name": "CVE-2024-53901",
+            "description": "The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53901"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--e73cebb1-5c9d-4a2d-888d-5bacb1b0f78c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--17316f15-cb23-406a-87e3-ac9eb6e0a669",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--e73cebb1-5c9d-4a2d-888d-5bacb1b0f78c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.56061Z",
+            "modified": "2024-11-25T00:40:14.56061Z",
+            "name": "CVE-2024-11233",
+            "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-11233"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--f784b659-0e66-4855-80d3-21c2c14c4e06.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e8d070c8-4ff0-4e1d-a873-7f60033bcabd",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--f784b659-0e66-4855-80d3-21c2c14c4e06",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-25T00:40:14.863114Z",
+            "modified": "2024-11-25T00:40:14.863114Z",
+            "name": "CVE-2024-53911",
+            "description": "An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-53911"
+                }
+            ]
+        }
+    ]
+}