{"vulnerability": "CVE-2024-4196", "sightings": [{"uuid": "47a576ed-142e-47c5-83e3-3a18dd45d4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41967", "type": "seen", "source": "https://t.me/cvedetector/11302", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41967 - Microsoft Edgecrafted Device Boot Mode Configuration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41967 \nPublished : Nov. 18, 2024, 9:15 a.m. | 25\u00a0minutes ago \nDescription : A low privileged remote attacker\u00a0may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T10:41:39.000000Z"}, {"uuid": "c199e9cf-bcbf-4eab-8c4b-e972510c5123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41969", "type": "seen", "source": "https://t.me/ics_cert/960", "content": "\u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0633\u0631\u0648\u06cc\u0633 CODESYS V3 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u06a9\u0646\u062a\u0631\u0644\u0631 WAGO \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0639\u062f\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0628\u0631\u0627\u06cc \u06cc\u06a9 \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u0647\u0645 \u0627\u0633\u062a. \n\n\u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06cc\u0627 \u0628\u0627\u0639\u062b \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0634\u0648\u062f.\n\nBDU: 2024-09889\nCVE-2024-41969\n\n\u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f\n\u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644\u0631.\n- \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646/\u062d\u0630\u0641 \u062d\u0633\u0627\u0628 \u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0634\u062f\u0647\u061b\n- \u062a\u0642\u0633\u06cc\u0645 \u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc \u0627\u0632 \u0632\u06cc\u0631\u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631.\n- \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0635\u0648\u0635\u06cc \u0645\u062c\u0627\u0632\u06cc \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (VPN).\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627:\n\u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0628\u0647 \u0646\u0633\u062e\u0647 28\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-22T08:15:19.000000Z"}, {"uuid": "3e8a0a79-6590-4eb9-aee2-d39fedcaec0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41967", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:29.000000Z"}, {"uuid": "f572737d-0869-4305-b828-97379cd4545a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41965", "type": "seen", "source": "https://t.me/cvedetector/2288", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41965 - Vim Double-Free Dialogue Changed Buffer Crafter\", \n  \"Content\": \"CVE ID : CVE-2024-41965 \nPublished : Aug. 1, 2024, 10:15 p.m. | 16\u00a0minutes ago \nDescription : Vim is an open source command line text editor. double-free in dialog_changed() in Vim Severity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-02T00:37:55.000000Z"}, {"uuid": "a39ba2b3-745f-4b8b-933a-d9bea954e33c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41964", "type": "seen", "source": "https://t.me/cvedetector/4433", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41964 - Kirby Language Permission Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-41964 \nPublished : Aug. 29, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-29T20:24:28.000000Z"}, {"uuid": "90876fa8-1de3-4044-b88b-a5821a88351d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41969", "type": "seen", "source": "https://t.me/cvedetector/11304", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41969 - CODESYS V3 Missing Authentication Remote Configuration Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-41969 \nPublished : Nov. 18, 2024, 9:15 a.m. | 25\u00a0minutes ago \nDescription : A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T10:41:44.000000Z"}, {"uuid": "0276d1ae-bf1f-4337-8022-bfca9b3e4af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41968", "type": "seen", "source": "https://t.me/cvedetector/11303", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41968 - Docker CVE: Unauthenticated DoS Via settings Modification\", \n  \"Content\": \"CVE ID : CVE-2024-41968 \nPublished : Nov. 18, 2024, 9:15 a.m. | 25\u00a0minutes ago \nDescription : A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T10:41:40.000000Z"}, {"uuid": "34b4714a-9d03-41cc-a34f-e94f4e086360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41962", "type": "seen", "source": "https://t.me/cvedetector/2254", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41962 - Bostr Unauthorized Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41962 \nPublished : Aug. 1, 2024, 5:16 p.m. | 14\u00a0minutes ago \nDescription : Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T19:36:31.000000Z"}, {"uuid": "ae48e2c2-ae93-40b1-a472-97d5013cd278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41960", "type": "seen", "source": "https://t.me/cvedetector/2488", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41960 - Mailcow: Dockerized Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-41960 \nPublished : Aug. 5, 2024, 8:15 p.m. | 38\u00a0minutes ago \nDescription : mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user's browser. This could lead to data theft, or further exploitation. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 3.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-05T23:06:42.000000Z"}, {"uuid": "261dc086-c135-454b-9df8-dac5cef09295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41961", "type": "seen", "source": "https://t.me/cvedetector/2235", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41961 - Elektra Ruby on Rails Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-41961 \nPublished : Aug. 1, 2024, 3:15 p.m. | 37\u00a0minutes ago \nDescription : Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T17:55:49.000000Z"}, {"uuid": "16326bce-065e-4806-86b6-47a6d5b767dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4196", "type": "seen", "source": "https://t.me/HackingInsights/4011", "content": "\u200aAvaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 &amp; CVE-2024-4197)\n\nhttps://securityonline.info/avaya-ip-office-users-urged-to-patch-critical-flaws-cve-2024-4196-cve-2024-4197/", "creation_timestamp": "2024-06-28T16:04:42.000000Z"}]}