{"vulnerability": "CVE-2024-3988", "sightings": [{"uuid": "5f258e77-9af6-492b-bee4-91ed0c1168f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39887", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-39887.yaml", "content": "", "creation_timestamp": "2024-12-11T15:19:16.000000Z"}, {"uuid": "2cf38473-15f5-4934-b871-90a39066ed82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39881", "type": "seen", "source": "https://t.me/cvedetector/484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39881 - Delta Electronics CNCSoft-G2 lacks proper validati\", \n  \"Content\": \"CVE ID : CVE-2024-39881 \nPublished : July 9, 2024, 10:15 p.m. | 28\u00a0minutes ago \nDescription : Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T00:52:18.000000Z"}, {"uuid": "c5e850f7-77f8-44f1-9eab-46f556cee424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39884", "type": "seen", "source": "https://t.me/HackingInsights/4965", "content": "\u200aApache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884)\n\nhttps://securityonline.info/apache-http-server-update-patches-critical-source-code-disclosure-flaw-cve-2024-39884/", "creation_timestamp": "2024-07-06T09:56:09.000000Z"}, {"uuid": "685287c0-6ad6-4906-b1f7-a00d7f54173f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39884", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7604", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-40725\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n\n\ud83d\udccf Published: 2024-07-18T09:32:43.929Z\n\ud83d\udccf Modified: 2025-03-14T17:27:57.926Z\n\ud83d\udd17 References:\n1. https://httpd.apache.org/security/vulnerabilities_24.html", "creation_timestamp": "2025-03-14T17:48:46.000000Z"}, {"uuid": "d56e7a2f-5d78-4763-be05-788d104fa602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39887", "type": "seen", "source": "https://t.me/cvedetector/12393", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53947 - Apache Superset SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53947 \nPublished : Dec. 9, 2024, 2:15 p.m. | 43\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to\u00a0CVE-2024-39887 with additional disallowed PostgreSQL functions now included:\u00a0query_to_xml_and_xmlschema,\u00a0table_to_xml,\u00a0table_to_xml_and_xmlschema.  \n  \nThis issue affects Apache Superset: <4.1.0.\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T16:22:14.000000Z"}, {"uuid": "0a9c988f-10d6-4e33-9938-de806d2e9877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39880", "type": "seen", "source": "https://t.me/cvedetector/482", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39880 - Delta Electronics CNCSoft-G2 lacks proper validati\", \n  \"Content\": \"CVE ID : CVE-2024-39880 \nPublished : July 9, 2024, 10:15 p.m. | 28\u00a0minutes ago \nDescription : Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T00:52:16.000000Z"}, {"uuid": "124a9138-3b51-41fc-a2cf-2bb3e74752fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39882", "type": "seen", "source": "https://t.me/cvedetector/480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39882 - Delta Electronics CNCSoft-G2 lacks proper validati\", \n  \"Content\": \"CVE ID : CVE-2024-39882 \nPublished : July 9, 2024, 10:15 p.m. | 28\u00a0minutes ago \nDescription : Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T00:52:11.000000Z"}, {"uuid": "36c0c19d-1ea3-48e1-b756-aca78ed11928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39883", "type": "seen", "source": "https://t.me/cvedetector/479", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39883 - Delta Electronics CNCSoft-G2 lacks proper validati\", \n  \"Content\": \"CVE ID : CVE-2024-39883 \nPublished : July 9, 2024, 10:15 p.m. | 28\u00a0minutes ago \nDescription : Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T00:52:11.000000Z"}, {"uuid": "030e6762-d45f-4ea8-b0e6-05fdf3ac11fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39886", "type": "seen", "source": "https://t.me/cvedetector/518", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39886 - TONE store App version 3.4.2 and earlier contains\", \n  \"Content\": \"CVE ID : CVE-2024-39886 \nPublished : July 10, 2024, 7:15 a.m. | 18\u00a0minutes ago \nDescription : TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T09:39:21.000000Z"}, {"uuid": "ff56c92c-0e13-4671-be92-280058bb95f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39887", "type": "seen", "source": "https://t.me/cvedetector/926", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39887 - Apache Superset SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39887 \nPublished : July 16, 2024, 10:15 a.m. | 32\u00a0minutes ago \nDescription : An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.  \n  \nThis issue affects Apache Superset: before 4.0.2.  \n  \nUsers are recommended to upgrade to version 4.0.2, which fixes the issue. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T12:55:40.000000Z"}, {"uuid": "eaf03497-ff26-4fd9-913b-b5d71cc1def9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39888", "type": "seen", "source": "https://t.me/cvedetector/327", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39888 - A vulnerability has been identified in Mendix Encr\", \n  \"Content\": \"CVE ID : CVE-2024-39888 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 Severity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:17.000000Z"}, {"uuid": "b7b6c758-b243-4c94-9ee0-54fae8442f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39884", "type": "seen", "source": "https://t.me/cvedetector/1150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40725 - Apache HTTP Server PHP Source Code Disclosure Handler Configuration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40725 \nPublished : July 18, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.  \n  \nUsers are recommended to upgrade to version 2.4.62, which fixes this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T13:27:13.000000Z"}]}