{"vulnerability": "CVE-2024-2907", "sightings": [{"uuid": "edf0410c-7574-48b1-8093-920db096f9eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29075", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113468345118480536", "content": "", "creation_timestamp": "2024-11-12T05:32:23.991736Z"}, {"uuid": "ea5f8a53-0ec9-496e-be59-476c2e4e12a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29076", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113477542875132271", "content": "", "creation_timestamp": "2024-11-13T20:31:30.515035Z"}, {"uuid": "1a34bc8c-aa6e-44e3-bac3-91e4507612c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29077", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113478000895413469", "content": "", "creation_timestamp": "2024-11-13T22:27:59.346019Z"}, {"uuid": "8a78a7c9-ffe6-48b6-b7a7-92caa18f28bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29079", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113478000908963818", "content": "", "creation_timestamp": "2024-11-13T22:27:59.778211Z"}, {"uuid": "e2950ce6-47b5-4718-9431-b9990bd95d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29074", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7324", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29074\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.\n\ud83d\udccf Published: 2024-04-02T06:22:52.042Z\n\ud83d\udccf Modified: 2025-03-12T16:36:06.271Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md", "creation_timestamp": "2025-03-12T16:40:59.000000Z"}, {"uuid": "32a71003-de1e-428b-af1c-80d54a891f91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29078", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29078\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.\n\ud83d\udccf Published: 2024-05-27T23:52:11.993Z\n\ud83d\udccf Modified: 2025-03-28T19:17:46.889Z\n\ud83d\udd17 References:\n1. https://www.e-s-mind.com/2024-02-20/\n2. https://jvn.jp/en/jp/JVN97751842/", "creation_timestamp": "2025-03-28T19:29:07.000000Z"}, {"uuid": "6f632353-056a-4b63-842f-006d3bb3e8ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29071", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9289", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29071\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.\n\ud83d\udccf Published: 2024-03-25T03:42:31.070Z\n\ud83d\udccf Modified: 2025-03-28T07:38:42.105Z\n\ud83d\udd17 References:\n1. https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f\n2. https://jvn.jp/en/vu/JVNVU93546510/", "creation_timestamp": "2025-03-28T08:27:33.000000Z"}, {"uuid": "366f3296-bdb1-42b4-830b-e6b95a7e17c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29075", "type": "seen", "source": "https://t.me/cvedetector/10590", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29075 - Mesh Wi-Fi Router RP562B Privilege Escalation Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-29075 \nPublished : Nov. 12, 2024, 6:15 a.m. | 37\u00a0minutes ago \nDescription : Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device . \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T08:00:15.000000Z"}, {"uuid": "5a5a98da-c628-4c78-98d4-4512fea95fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29073", "type": "seen", "source": "https://t.me/cvedetector/1460", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29073 - Anki Latex File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29073 \nPublished : July 22, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T17:50:05.000000Z"}, {"uuid": "2aca1349-ca85-4710-8112-ea64e36da2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29070", "type": "seen", "source": "https://t.me/cvedetector/1499", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29070 - Apache Backend Unauthenticated Session Reuse\", \n  \"Content\": \"CVE ID : CVE-2024-29070 \nPublished : July 23, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : On versions before 2.1.4,\u00a0session is not invalidated after logout. When the user logged in successfully, the Backend service returns \"Authorization\" as the front-end authentication credential. \"Authorization\" can still initiate requests and access data even after logout.  \n  \nMitigation:  \n  \nall users should upgrade to 2.1.4 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-23T12:13:21.000000Z"}]}