generated content from 2023-11-30

mapping.csv

@@ -218597,3 +218597,59 @@ vulnerability,CVE-2023-46589,vulnerability--b49d0b76-19cb-43eb-9299-44f57c77b9a0
 vulnerability,CVE-2023-30590,vulnerability--715fca85-86d0-453c-abe9-27f8be1b5a35
 vulnerability,CVE-2023-30588,vulnerability--b158d5f1-0327-44ae-8767-01ff60caf078
 vulnerability,CVE-2023-30585,vulnerability--e93766b1-6c7a-4b1f-928a-84900717a52c
+vulnerability,CVE-2022-42540,vulnerability--41805af0-34ba-489f-8207-792e4ddc3461
+vulnerability,CVE-2022-42538,vulnerability--7cd32ac4-5a3b-4ee0-8d4f-218beb938d2c
+vulnerability,CVE-2022-42536,vulnerability--d453d380-a4cd-4f47-864a-0d7cd37836cd
+vulnerability,CVE-2022-42541,vulnerability--2a56a163-58d8-4d0f-a558-5ba6c0243c61
+vulnerability,CVE-2022-42539,vulnerability--97e98894-426f-4426-8d76-84367a659f81
+vulnerability,CVE-2022-42537,vulnerability--36be76db-ee35-49a8-871d-46c0451a98c4
+vulnerability,CVE-2023-24294,vulnerability--c8a7e62c-8602-4a98-a85d-0c216544ba75
+vulnerability,CVE-2023-40626,vulnerability--9cad3b70-29d3-4bb1-a0ee-8863bb24166e
+vulnerability,CVE-2023-40458,vulnerability--7137addf-9d28-481a-9d9e-32016818f900
+vulnerability,CVE-2023-47462,vulnerability--18341c0b-aaff-44d3-9dd7-e03d6360d0d1
+vulnerability,CVE-2023-49652,vulnerability--a38ef7f0-20e4-4b88-9940-af32cd58de83
+vulnerability,CVE-2023-49656,vulnerability--c6c54e37-49bb-4f3f-a2b4-efc86de24153
+vulnerability,CVE-2023-49674,vulnerability--5e5e61fd-ef73-4485-b7f5-ca7854ad4df7
+vulnerability,CVE-2023-49694,vulnerability--55230d1b-e176-4378-95bd-1b409b2acf6d
+vulnerability,CVE-2023-49673,vulnerability--4956168b-3736-4539-8ee5-1b79d6bc21e0
+vulnerability,CVE-2023-49693,vulnerability--417de8b2-c03e-4f33-bc85-4c4f5e64ef73
+vulnerability,CVE-2023-49653,vulnerability--f2516ef7-d3ed-41bb-90ae-d42496be6855
+vulnerability,CVE-2023-49082,vulnerability--7aabb3d0-05ad-4472-acda-a0fa4d90fab4
+vulnerability,CVE-2023-49655,vulnerability--96524fb5-67a0-4e5c-bcc0-003e8c603d17
+vulnerability,CVE-2023-49090,vulnerability--7a11e355-3541-4824-8bdb-28b1618544fe
+vulnerability,CVE-2023-49079,vulnerability--328caa8c-9d9a-467d-a3d9-82bd94d3d5ec
+vulnerability,CVE-2023-49083,vulnerability--25dde0a7-52c1-4f17-8456-9a9d821e1e7a
+vulnerability,CVE-2023-49091,vulnerability--f3b444db-c619-43a5-aa89-fa1447d41d80
+vulnerability,CVE-2023-49654,vulnerability--5670186e-bf67-4e79-8848-873997da4f13
+vulnerability,CVE-2023-48952,vulnerability--3508b53e-c9ed-4939-b39e-f2abeac106c9
+vulnerability,CVE-2023-48948,vulnerability--cf3d6c69-792b-4aeb-bb9f-ed1ba2331348
+vulnerability,CVE-2023-48946,vulnerability--d745748c-626a-437a-98db-4601dd68cced
+vulnerability,CVE-2023-48949,vulnerability--e8a35958-b8ef-452d-b300-9087ffe78f76
+vulnerability,CVE-2023-48950,vulnerability--73e52547-8b38-42a9-81c8-2476ba56234c
+vulnerability,CVE-2023-48945,vulnerability--6db4fcf4-d457-46a6-97c8-a34598666c52
+vulnerability,CVE-2023-48881,vulnerability--4fb6e2a4-714e-429f-9dba-1dcd257f7bb3
+vulnerability,CVE-2023-48951,vulnerability--d28a1f50-1dc8-4f0d-8428-8438ef5e0a50
+vulnerability,CVE-2023-48880,vulnerability--de0d9e91-8ea3-40d8-a1c3-f1124d12701f
+vulnerability,CVE-2023-48947,vulnerability--e2311b38-3aee-465a-b51b-593b91be2dc6
+vulnerability,CVE-2023-48882,vulnerability--2d78f47f-62f2-43d2-9f22-7b49d52c9f8a
+vulnerability,CVE-2023-23324,vulnerability--b415e2e9-d649-4fbb-a9d1-835c214b6683
+vulnerability,CVE-2023-23325,vulnerability--c8c9320c-2812-4c87-9b47-4f27c9d34fd0
+vulnerability,CVE-2023-6378,vulnerability--13393ea7-f65d-4fe7-a3ab-4c2cf948ab5c
+vulnerability,CVE-2023-6218,vulnerability--27137432-06cf-4cbd-aafc-216ba42ffb97
+vulnerability,CVE-2023-6347,vulnerability--6f430cb1-d730-49a0-ad89-d3a68b0e4d1d
+vulnerability,CVE-2023-6217,vulnerability--3520832a-733f-491c-b39f-07f9027f37a2
+vulnerability,CVE-2023-6346,vulnerability--13eb6220-d959-4d02-a281-cab068d39619
+vulnerability,CVE-2023-6351,vulnerability--2d4bce95-9ac4-46ff-b5c1-fb3d0dc55469
+vulnerability,CVE-2023-6070,vulnerability--ac8bcf2e-8ec5-482e-bb00-211d139d8981
+vulnerability,CVE-2023-6350,vulnerability--69f4a0b8-f599-45a1-b6e0-ee3a1c08eaaf
+vulnerability,CVE-2023-6345,vulnerability--14820f42-5b34-4dc3-994d-b42ccf19f2d1
+vulnerability,CVE-2023-6348,vulnerability--057b27de-3eb9-4ada-a57e-1aca875e7a13
+vulnerability,CVE-2023-45480,vulnerability--a03f4469-6211-4013-8b11-92ac05755f37
+vulnerability,CVE-2023-45483,vulnerability--f90fd882-31ab-4c67-bf56-4c304d1f321d
+vulnerability,CVE-2023-45479,vulnerability--4e460e59-ae5f-495e-9f3e-9d8168dbed23
+vulnerability,CVE-2023-45482,vulnerability--551109aa-c225-41b6-b9a4-498c28db2be1
+vulnerability,CVE-2023-45481,vulnerability--56df9f73-8513-46ca-961e-70ed4201ad38
+vulnerability,CVE-2023-45484,vulnerability--d8019560-63d4-47ea-9eb7-9c59e4940c71
+vulnerability,CVE-2023-44383,vulnerability--821d810b-3967-49f7-8da4-8208e78227dd
+vulnerability,CVE-2023-46887,vulnerability--a39dd459-1262-4722-bcd2-1549359b1c02
+vulnerability,CVE-2023-46886,vulnerability--6cd750f7-1b9c-46f0-9a9f-332bf734314d

objects/vulnerability/vulnerability--057b27de-3eb9-4ada-a57e-1aca875e7a13.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--d2d5ef20-63e5-451d-a633-09e553e28bf4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--057b27de-3eb9-4ada-a57e-1aca875e7a13",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.164847Z",
+            "modified": "2023-11-30T00:16:48.164847Z",
+            "name": "CVE-2023-6348",
+            "description": "Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6348"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--13393ea7-f65d-4fe7-a3ab-4c2cf948ab5c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--3588849e-9b92-485f-86ad-59ea96657ab6",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--13393ea7-f65d-4fe7-a3ab-4c2cf948ab5c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.138766Z",
+            "modified": "2023-11-30T00:16:48.138766Z",
+            "name": "CVE-2023-6378",
+            "description": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6378"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--13eb6220-d959-4d02-a281-cab068d39619.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--cea9f549-0891-4640-8d68-0db1ea0a5534",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--13eb6220-d959-4d02-a281-cab068d39619",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.154459Z",
+            "modified": "2023-11-30T00:16:48.154459Z",
+            "name": "CVE-2023-6346",
+            "description": "Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6346"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--14820f42-5b34-4dc3-994d-b42ccf19f2d1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--7df92214-4973-4731-ac4f-394f1a92e753",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--14820f42-5b34-4dc3-994d-b42ccf19f2d1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.162082Z",
+            "modified": "2023-11-30T00:16:48.162082Z",
+            "name": "CVE-2023-6345",
+            "description": "Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6345"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--18341c0b-aaff-44d3-9dd7-e03d6360d0d1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--8f8336a9-fcef-4fd2-95cd-6d126079a6af",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--18341c0b-aaff-44d3-9dd7-e03d6360d0d1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:47.460329Z",
+            "modified": "2023-11-30T00:16:47.460329Z",
+            "name": "CVE-2023-47462",
+            "description": "Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-47462"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--25dde0a7-52c1-4f17-8456-9a9d821e1e7a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--0aef970f-234d-4acb-a17a-07d72d2c5cee",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--25dde0a7-52c1-4f17-8456-9a9d821e1e7a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:47.692991Z",
+            "modified": "2023-11-30T00:16:47.692991Z",
+            "name": "CVE-2023-49083",
+            "description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-49083"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--27137432-06cf-4cbd-aafc-216ba42ffb97.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--696f68e9-5de6-4c65-a170-7c329bc35bef",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--27137432-06cf-4cbd-aafc-216ba42ffb97",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.141723Z",
+            "modified": "2023-11-30T00:16:48.141723Z",
+            "name": "CVE-2023-6218",
+            "description": "\nIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.\n",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6218"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2a56a163-58d8-4d0f-a558-5ba6c0243c61.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--564ec77d-c386-428c-8d34-4d8e8372dd88",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2a56a163-58d8-4d0f-a558-5ba6c0243c61",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:46.398146Z",
+            "modified": "2023-11-30T00:16:46.398146Z",
+            "name": "CVE-2022-42541",
+            "description": "Remote code execution",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-42541"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2d4bce95-9ac4-46ff-b5c1-fb3d0dc55469.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--38e671f0-139b-45ad-9317-3da9376747d9",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2d4bce95-9ac4-46ff-b5c1-fb3d0dc55469",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.157249Z",
+            "modified": "2023-11-30T00:16:48.157249Z",
+            "name": "CVE-2023-6351",
+            "description": "Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6351"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2d78f47f-62f2-43d2-9f22-7b49d52c9f8a.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--456ccd4b-84cd-4424-b40f-c3ed607f32d0",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2d78f47f-62f2-43d2-9f22-7b49d52c9f8a",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.027269Z",
+            "modified": "2023-11-30T00:16:48.027269Z",
+            "name": "CVE-2023-48882",
+            "description": "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-48882"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--328caa8c-9d9a-467d-a3d9-82bd94d3d5ec.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--30ab121b-48ac-4ccf-be2a-aedc6d2dc68d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--328caa8c-9d9a-467d-a3d9-82bd94d3d5ec",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:47.688338Z",
+            "modified": "2023-11-30T00:16:47.688338Z",
+            "name": "CVE-2023-49079",
+            "description": "Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-49079"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3508b53e-c9ed-4939-b39e-f2abeac106c9.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--243051e0-8ea3-4e7e-9a5b-064279487d4a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3508b53e-c9ed-4939-b39e-f2abeac106c9",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:47.810692Z",
+            "modified": "2023-11-30T00:16:47.810692Z",
+            "name": "CVE-2023-48952",
+            "description": "An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-48952"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3520832a-733f-491c-b39f-07f9027f37a2.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--013cd7f8-35fd-4cb0-aa48-8fef61d873f4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3520832a-733f-491c-b39f-07f9027f37a2",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:48.149801Z",
+            "modified": "2023-11-30T00:16:48.149801Z",
+            "name": "CVE-2023-6217",
+            "description": "\nIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  \n\nAn attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser.\n",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-6217"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--36be76db-ee35-49a8-871d-46c0451a98c4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b3409dbe-ebc3-40a6-bffb-0be42c28240a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--36be76db-ee35-49a8-871d-46c0451a98c4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-11-30T00:16:46.403462Z",
+            "modified": "2023-11-30T00:16:46.403462Z",
+            "name": "CVE-2022-42537",
+            "description": "Remote code execution",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2022-42537"
+                }
+            ]
+        }
+    ]
+}