{"vulnerability": "cve-2024-4236", "sightings": [{"uuid": "4ff68c7b-fae1-4138-a0eb-b16f7ab449ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42366", "type": "seen", "source": "https://bsky.app/profile/fluffy.plush.city.ap.brid.gy/post/3lgmqvjtaqmr2", "content": "", "creation_timestamp": "2025-01-26T06:03:25.087317Z"}, {"uuid": "c801a2e7-d9a2-439c-a1fa-921419c77d27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42365", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "5c04b5df-4f98-493e-931a-c508862a56ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42365", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb", "content": "", "creation_timestamp": "2024-12-02T16:27:49.000000Z"}, {"uuid": "fe4aeea2-97cd-4b01-8a27-cd8b5e36c84e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42365", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "91fce728-f2cf-4bc9-93cd-68219a572c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42365", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "90320bfd-a29f-4f7a-873b-1a4d976e6c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42368", "type": "seen", "source": "https://t.me/cvedetector/3080", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42368 - OpenTelemetry Bearertokenauth Constant Time Comparison Timing Attack\", \n  \"Content\": \"CVE ID : CVE-2024-42368 \nPublished : Aug. 13, 2024, 8:15 p.m. | 35\u00a0minutes ago \nDescription : OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the `bearertokenauth` server authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline. The observable timing vulnerability was fixed by using constant-time comparison in  0.107.0 \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T22:59:10.000000Z"}, {"uuid": "25e1fef9-de5d-4c98-89a3-01dff99fa8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42362", "type": "seen", "source": "https://t.me/cvedetector/3689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42362 - Hertzbeat Deserialization RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42362 \nPublished : Aug. 20, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T23:49:38.000000Z"}, {"uuid": "363df191-28b5-449f-98c5-056f5cc59706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42363", "type": "seen", "source": "https://t.me/cvedetector/3687", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42363 - Kubernetes Deserialization of User-Controlled YAML Data Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42363 \nPublished : Aug. 20, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T23:49:37.000000Z"}, {"uuid": "1a6896d4-79f9-4eaf-8c75-e5cec2ec0fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42369", "type": "seen", "source": "https://t.me/cvedetector/3664", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42369 - Matrix-js-sdk Infinite Recursion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42369 \nPublished : Aug. 20, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T17:58:38.000000Z"}, {"uuid": "02b02e4f-baf7-4f0d-a2c0-ad8dc9c9182d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42364", "type": "seen", "source": "https://t.me/cvedetector/4013", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42364 - Docker Homepage DNS Rebinding Credentials Theft Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42364 \nPublished : Aug. 23, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit his/her website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the homepage instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the webserver after the IP address has changed. When the attacker domain is fetched, the response will be from the homepage instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, a user\u2019s private information such as API keys (fixed after first report) and other private information can then be extracted by the attacker website. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T18:48:33.000000Z"}, {"uuid": "37ecfd73-1412-4918-accc-218f04cd1218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42361", "type": "seen", "source": "https://t.me/cvedetector/3686", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42361 - Hertzbeat SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42361 \nPublished : Aug. 20, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T23:49:36.000000Z"}, {"uuid": "023dc47a-07d5-4c6d-b5fc-0314d17188b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42365", "type": "seen", "source": "https://t.me/cvedetector/2804", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42365 - Asterisk Remote File Editing and Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42365 \nPublished : Aug. 8, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T19:44:54.000000Z"}, {"uuid": "9b393027-aad5-41e3-9b22-929c33d0c8d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42366", "type": "seen", "source": "https://t.me/cvedetector/2803", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42366 - \"VRChat VRCX Remote Command Execution and Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-42366 \nPublished : Aug. 8, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T19:44:53.000000Z"}, {"uuid": "86f1bfee-2804-473a-aca6-29e580d08c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42360", "type": "seen", "source": "https://t.me/cvedetector/3202", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42360 - SequenceServer Remote Code Execution (RCE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42360 \nPublished : Aug. 14, 2024, 8:15 p.m. | 40\u00a0minutes ago \nDescription : SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T23:15:04.000000Z"}, {"uuid": "4ea0c896-4971-4a99-8786-2af0d184f597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4236", "type": "seen", "source": "https://t.me/darkcommunityofficial/458", "content": "\ud83d\udea8 CVE-2024-4236\nA vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2024-04-26T21:23:06.000000Z"}]}