{"vulnerability": "CVE-2024-1102", "sightings": [{"uuid": "db32661a-d10d-4787-afeb-7011148f22d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11028", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113474963817226469", "content": "", "creation_timestamp": "2024-11-13T09:35:37.309095Z"}, {"uuid": "5a9cd464-3b7a-4a6f-95a1-bb64e9f91a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11026", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113449489292278157", "content": "", "creation_timestamp": "2024-11-08T21:37:06.913640Z"}, {"uuid": "89db8c6d-f4ba-45b6-bac9-473077d2869f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11020", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113463133588611618", "content": "", "creation_timestamp": "2024-11-11T07:27:02.285675Z"}, {"uuid": "ced24b59-3ee2-43b3-97f8-20dac869558e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11021", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113463133603609393", "content": "", "creation_timestamp": "2024-11-11T07:27:02.550167Z"}, {"uuid": "e5fe2e3c-9e7c-4633-832b-2d9b72e01a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11023", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113503493348466581", "content": "", "creation_timestamp": "2024-11-18T10:31:03.302105Z"}, {"uuid": "f8601da0-bf5d-4fe2-8890-83be86343cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11022", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605876577227936", "content": "", "creation_timestamp": "2024-12-06T12:28:27.577345Z"}, {"uuid": "58060b17-acf5-4b84-9111-d7c764186c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11025", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554465403282510", "content": "", "creation_timestamp": "2024-11-27T10:33:55.699598Z"}, {"uuid": "e5c7a3cb-f05c-477d-b054-3ab7b2579b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11024", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113548955816830247", "content": "", "creation_timestamp": "2024-11-26T11:12:45.821730Z"}, {"uuid": "3557df79-0848-4747-b9eb-b642baac0475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11029", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113832498635151875", "content": "", "creation_timestamp": "2025-01-15T13:01:25.590906Z"}, {"uuid": "2b5e792c-1ea5-43f3-be2f-80ece1820f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11029", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtx7642j2b", "content": "", "creation_timestamp": "2025-01-15T13:15:57.109233Z"}, {"uuid": "201fa2bc-62ba-41e3-a38f-4d135e7a7f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11029", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1739", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11029\n\ud83d\udd39 Description: A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.\n\ud83d\udccf Published: 2025-01-15T12:55:30.964Z\n\ud83d\udccf Modified: 2025-01-15T12:55:30.964Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-11029\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2325557", "creation_timestamp": "2025-01-15T13:11:10.000000Z"}, {"uuid": "d2203db3-5ccb-49e7-9156-9d6086210ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11029", "type": "seen", "source": "https://gist.github.com/rcy/48e679544bf1de403b110aa208fb64b0", "content": "", "creation_timestamp": "2025-07-19T21:19:23.000000Z"}, {"uuid": "80551020-d062-459e-a7f6-750bbb9473b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11023", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:29.000000Z"}, {"uuid": "08d2d0d0-2645-4b46-892e-ef9471960b16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11022", "type": "seen", "source": "https://t.me/cvedetector/12208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11022 - The authentication process to the web server uses\", \n  \"Content\": \"CVE ID : CVE-2024-11022 \nPublished : Dec. 6, 2024, 1:15 p.m. | 1\u00a0hour ago \nDescription : The authentication process to the web server uses a challenge response procedure which  \ninludes the nonce and additional information. This challenge can be used several times for login and is  \ntherefore vulnerable for a replay attack. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T15:37:07.000000Z"}, {"uuid": "2565530c-d546-479b-b668-82b33a1c01a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11029", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7898", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11029\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.\n\ud83d\udccf Published: 2025-01-15T12:55:30.964Z\n\ud83d\udccf Modified: 2025-03-18T09:19:42.287Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:0334\n2. https://access.redhat.com/security/cve/CVE-2024-11029\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2325557", "creation_timestamp": "2025-03-18T09:50:41.000000Z"}, {"uuid": "24006ff9-d22a-40d7-971f-093e135b0e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11023", "type": "seen", "source": "https://t.me/cvedetector/11325", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11023 - Firebase JavaScript SDK Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-11023 \nPublished : Nov. 18, 2024, 11:15 a.m. | 37\u00a0minutes ago \nDescription : Firebase JavaScript SDK utilizes a \"FIREBASE_DEFAULTS\" cookie to store configuration data, including an \"_authTokenSyncURL\" field used for session synchronization.  If this cookie field is preset via an attacker by any other method, the attacker can manipulate the \"_authTokenSyncURL\" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T13:12:21.000000Z"}, {"uuid": "715564c0-e421-4cfe-a396-a2e18af69551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11026", "type": "seen", "source": "https://t.me/cvedetector/10241", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11026 - Freenow App Keystore Handler SSL Default Password Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11026 \nPublished : Nov. 8, 2024, 10:15 p.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T23:54:15.000000Z"}, {"uuid": "950314fb-a1a3-493d-bb44-dd5e9fd5681d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11020", "type": "seen", "source": "https://t.me/cvedetector/10489", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11020 - Grand Vice Webopac SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11020 \nPublished : Nov. 11, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T10:15:10.000000Z"}, {"uuid": "2ce1887c-6bb8-4716-bac6-d9ba98a72840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11021", "type": "seen", "source": "https://t.me/cvedetector/10488", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11021 - Webopac from Grand Vice info Stored Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-11021 \nPublished : Nov. 11, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T10:15:09.000000Z"}, {"uuid": "7fb032c9-1b7e-422e-b20a-a1af5a9ec074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11028", "type": "seen", "source": "https://t.me/cvedetector/10813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11028 - MultiManager WP Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-11028 \nPublished : Nov. 13, 2024, 10:15 a.m. | 38\u00a0minutes ago \nDescription : The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T12:11:29.000000Z"}, {"uuid": "d2f14eae-0454-4f5d-9fd2-623c50fb11da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1102", "type": "seen", "source": "https://t.me/ctinow/176605", "content": "https://ift.tt/aVNkuqH\nCVE-2024-1102", "creation_timestamp": "2024-01-31T10:07:05.000000Z"}]}