{"vulnerability": "CVE-2024-1060", "sightings": [{"uuid": "e39a948c-5fda-4e0c-a722-8ae1f399ba75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10606", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530416344121690", "content": "", "creation_timestamp": "2024-11-23T04:37:55.646468Z"}, {"uuid": "463efbef-186b-41fe-a2eb-0795eed8b4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10603", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918915636789212", "content": "", "creation_timestamp": "2025-01-30T19:18:24.474258Z"}, {"uuid": "874c25d7-54e2-4f35-bca6-a21767464f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10604", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918915650734751", "content": "", "creation_timestamp": "2025-01-30T19:18:24.641098Z"}, {"uuid": "6a8a9086-c73d-4306-907e-2cefd21da5db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10603", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgycfunxjy2h", "content": "", "creation_timestamp": "2025-01-30T20:15:51.844004Z"}, {"uuid": "a65be83d-2b29-4a6b-b4ee-fac49a8064bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10604", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgycfxdvmk2t", "content": "", "creation_timestamp": "2025-01-30T20:15:55.102868Z"}, {"uuid": "75baa08b-567c-457d-ac4a-a078c290ebca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10603", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5135", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10603\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.\n\ud83d\udccf Published: 2025-01-30T19:14:38.619Z\n\ud83d\udccf Modified: 2025-02-24T11:59:44.637Z\n\ud83d\udd17 References:\n1. https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2\n2. https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52\n3. https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205\n4. https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf", "creation_timestamp": "2025-02-24T12:22:03.000000Z"}, {"uuid": "bf5d7f21-2f02-4f46-82fa-b8ec88fee2dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10604", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5134", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10604\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances\n\ud83d\udccf Published: 2025-01-30T19:17:10.012Z\n\ud83d\udccf Modified: 2025-02-24T12:00:19.548Z\n\ud83d\udd17 References:\n1. https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8\n2. https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc\n3. https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf", "creation_timestamp": "2025-02-24T12:22:02.000000Z"}, {"uuid": "17699141-839a-48e3-b394-ad624508b730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10604", "type": "seen", "source": "Telegram/jp6lvs7tk03xYjSSqyNRAuLmxVLHpvBp1aBjzFzdaBkhATmX", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "5cf9109c-2664-4b79-aa5c-43b1df68574f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10603", "type": "seen", "source": "Telegram/QZfiqEC-Q_syT_s77L6u3-JCFBhPfYtFHxjSXJVFkBhRkqTo", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "e235b65e-243f-4f4a-b0bd-121d6a97c52a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10603", "type": "seen", "source": "https://t.me/cvedetector/16824", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10603 - Google gVisor TCP/UDP Predictable Header Values\", \n  \"Content\": \"CVE ID : CVE-2024-10603 \nPublished : Jan. 30, 2025, 8:15 p.m. | 59\u00a0minutes ago \nDescription : Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T22:38:20.000000Z"}, {"uuid": "56e9a0f4-963b-446f-ade8-86240a8a2f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10604", "type": "seen", "source": "https://t.me/cvedetector/16821", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10604 - Fuchsia Network Protocol Header Field Guessing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10604 \nPublished : Jan. 30, 2025, 8:15 p.m. | 59\u00a0minutes ago \nDescription : Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T22:38:18.000000Z"}, {"uuid": "a919096c-1b41-484a-b048-fbf034bb47ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10607", "type": "seen", "source": "https://t.me/cvedetector/9551", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10607 - Courier Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10607 \nPublished : Nov. 1, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T02:58:35.000000Z"}, {"uuid": "a9795ceb-bd2d-4593-8138-bcd941232850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10602", "type": "seen", "source": "https://t.me/cvedetector/9550", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10602 - Tongda OA Sql Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10602 \nPublished : Nov. 1, 2024, 12:15 a.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T02:08:25.000000Z"}, {"uuid": "5c488a58-1c57-454b-8ddd-1950942f80bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10605", "type": "seen", "source": "https://t.me/cvedetector/9549", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10605 - Blood Bank Management System Cross-Site Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10605 \nPublished : Nov. 1, 2024, 12:15 a.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T02:08:25.000000Z"}, {"uuid": "b4ddbf0a-621e-4124-a2c4-ac1e8e694fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10601", "type": "seen", "source": "https://t.me/cvedetector/9548", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10601 - Tongda OA SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10601 \nPublished : Oct. 31, 2024, 11:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T01:18:14.000000Z"}, {"uuid": "b2d379a9-821d-4a4c-ad3f-b7a4958c9a6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10600", "type": "seen", "source": "https://t.me/cvedetector/9547", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10600 - \"Tongda OA SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10600 \nPublished : Oct. 31, 2024, 11:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T01:18:13.000000Z"}, {"uuid": "6a07c30b-711f-4e9e-a528-79df8570cb04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1060", "type": "seen", "source": "https://t.me/ctinow/190577", "content": "https://ift.tt/1wWilhf\nCVE-2024-1060 | Google Chrome prior 121.0.6167.139 Canvas use after free (FEDORA-2024-87e0baecb6)", "creation_timestamp": "2024-02-22T10:06:36.000000Z"}, {"uuid": "0667c0ad-3964-4007-8a2d-bbacba383696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1060", "type": "seen", "source": "https://t.me/ctinow/176344", "content": "https://ift.tt/7V3v6cT\nCVE-2024-1060", "creation_timestamp": "2024-01-30T23:26:26.000000Z"}, {"uuid": "0188706a-4fee-4999-a5da-b4e40badcdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10609", "type": "seen", "source": "https://t.me/cvedetector/9553", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10609 - \"Isourcecode Tailoring Management System SQL Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-10609 \nPublished : Nov. 1, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T02:58:37.000000Z"}, {"uuid": "4f12688c-c90c-48cc-a54f-0b1f3f861112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10608", "type": "seen", "source": "https://t.me/cvedetector/9552", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10608 - \"Courier Management System Sql Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-10608 \nPublished : Nov. 1, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T02:58:36.000000Z"}, {"uuid": "15571857-d215-4f6f-98d3-380a3dbebf94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10606", "type": "seen", "source": "Telegram/jqZMUQ9Xfri0aBVZR_kEsySPOPTtuc0bT4ARWTDsQ2E4vecx", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}, {"uuid": "17460a02-e98a-434a-b80f-3428e317cf10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1060", "type": "seen", "source": "https://t.me/ctinow/177857", "content": "https://ift.tt/LOKEcxW\nChromium: CVE-2024-1060 Use after free in Canvas", "creation_timestamp": "2024-02-02T01:16:37.000000Z"}]}