{"vulnerability": "CVE-2024-4167", "sightings": [{"uuid": "962dfe9e-d4b9-4751-b245-5b6648d68f09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41678", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113488382438414219", "content": "", "creation_timestamp": "2024-11-15T18:28:09.134279Z"}, {"uuid": "c56bd0ed-18ba-49d2-83a6-73a653e9c467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41679", "type": "seen", "source": "https://t.me/cvedetector/11159", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41679 - GLPI SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41679 \nPublished : Nov. 15, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T20:48:47.000000Z"}, {"uuid": "c7ad5fbe-3e64-419f-9a19-b4a7a01e2170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41678", "type": "seen", "source": "https://t.me/cvedetector/11149", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41678 - GLPI Reflected Cross-Site Scripting Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-41678 \nPublished : Nov. 15, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T19:58:29.000000Z"}, {"uuid": "f5a074b8-b9ae-444a-a854-1b9bd913da28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41672", "type": "seen", "source": "https://t.me/cvedetector/1583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41672 - \"DuckDB External Access Weakness\"\", \n  \"Content\": \"CVE ID : CVE-2024-41672 \nPublished : July 24, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn't seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T20:49:55.000000Z"}, {"uuid": "f0a1494b-d384-4fa0-9a1b-278114b297cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41675", "type": "seen", "source": "https://t.me/cvedetector/3775", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41675 - CKAN Datatables View Plugin Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41675 \nPublished : Aug. 21, 2024, 3:15 p.m. | 37\u00a0minutes ago \nDescription : CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T18:14:48.000000Z"}, {"uuid": "d3345c22-7e4c-4c30-81b6-30616611fc25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41674", "type": "seen", "source": "https://t.me/cvedetector/3774", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41674 - CKAN Solr Server Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-41674 \nPublished : Aug. 21, 2024, 3:15 p.m. | 37\u00a0minutes ago \nDescription : CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T18:14:47.000000Z"}, {"uuid": "c0759923-7b94-43f2-b2a3-dca4c512f780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41670", "type": "seen", "source": "https://t.me/cvedetector/1689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41670 - PayPal PrestaShop Note Missing Payment Confirmation\", \n  \"Content\": \"CVE ID : CVE-2024-41670 \nPublished : July 26, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : In the module \"PayPal Official\" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T18:02:01.000000Z"}, {"uuid": "62437ebb-d338-4494-956b-23b12033dfcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41673", "type": "seen", "source": "https://t.me/cvedetector/6761", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41673 - Decidim XSS vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41673 \nPublished : Oct. 1, 2024, 3:15 p.m. | 21\u00a0minutes ago \nDescription : Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T17:45:53.000000Z"}, {"uuid": "f1532e03-c8dc-45b4-a9de-9f06254f6fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41677", "type": "seen", "source": "https://t.me/cvedetector/2625", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41677 - Qwik Mutation XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41677 \nPublished : Aug. 6, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-06T20:52:46.000000Z"}, {"uuid": "cb4f7feb-a70d-4d38-8349-b7a31aeb27ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41671", "type": "seen", "source": "https://t.me/cvedetector/1857", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41671 - Twisted Web HTTP Pipelining Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-41671 \nPublished : July 29, 2024, 3:15 p.m. | 35\u00a0minutes ago \nDescription : Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. \nSeverity: 8.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T17:58:01.000000Z"}, {"uuid": "e819ce6c-935d-484e-b3a2-3ee087bd967b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41676", "type": "seen", "source": "https://t.me/cvedetector/1852", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41676 - Magento-lts Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-41676 \nPublished : July 29, 2024, 3:15 p.m. | 35\u00a0minutes ago \nDescription : Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.  \nBut because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T18:53:11.000000Z"}]}