{"vulnerability": "cve-2024-4249", "sightings": [{"uuid": "9611ccc2-ff9e-41f8-9a66-68056c59b28b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42499", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485392728667660", "content": "", "creation_timestamp": "2024-11-15T05:47:49.897878Z"}, {"uuid": "20e83bf2-eeb9-404d-a740-825a96fef20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42494", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01", "content": "", "creation_timestamp": "2024-12-03T11:00:00.000000Z"}, {"uuid": "0505fbec-c7da-47ef-968c-530e1c2aecbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42494", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113607238630527231", "content": "", "creation_timestamp": "2024-12-06T18:14:50.601456Z"}, {"uuid": "91efab1d-f3c5-471c-ac6f-ba9bdb892055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42492", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhz7dmjz232g", "content": "", "creation_timestamp": "2025-02-12T22:18:46.112339Z"}, {"uuid": "54eb2a41-4686-4823-9593-1470f6807b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42492", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113993862371331200", "content": "", "creation_timestamp": "2025-02-13T00:58:20.944257Z"}, {"uuid": "709e027d-9b83-4654-a3bd-4303da0e1b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42493", "type": "seen", "source": "https://t.me/Kelvinseccommunity/716", "content": "\u203c\ufe0f CVE-2024-42493 \u203c\ufe0f\n\nDorsett Controls InfoScan is vulnerable due to a leak of possible  sensitive information through the response headers and the rendered  JavaScript prior to user login.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"National Vulnerability Database\"", "creation_timestamp": "2024-08-11T00:41:44.000000Z"}, {"uuid": "723e8980-ca74-401d-bf6f-0cc6b4ca9384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42492", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4164", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-42492\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T22:15:38.923\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01237.html", "creation_timestamp": "2025-02-12T23:11:00.000000Z"}, {"uuid": "f115b7d3-76ca-40d6-bbb5-6e29195260ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42492", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4192", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-42492\n\ud83d\udd25 CVSS Score: 6.6 (CVSS_V3)\n\ud83d\udd39 Description: Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-02-13T00:33:07Z\n\ud83d\udccf Modified: 2025-02-13T00:33:07Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-42492\n2. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01237.html", "creation_timestamp": "2025-02-13T01:10:05.000000Z"}, {"uuid": "44470d50-f97d-4970-8b18-39be89466b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42497", "type": "seen", "source": "https://t.me/cvedetector/3930", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42497 - Mattermost Systems Manager Team Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42497 \nPublished : Aug. 22, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : Mattermost versions 9.9.x Severity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T19:23:08.000000Z"}, {"uuid": "319ebf0f-596f-4bee-9c4a-2709e5ce86e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42494", "type": "seen", "source": "https://t.me/cvedetector/12267", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42494 - Ruijie Reyee OS versions 2.206.x up to but not inc\", \n  \"Content\": \"CVE ID : CVE-2024-42494 \nPublished : Dec. 6, 2024, 6:15 p.m. | 28\u00a0minutes ago \nDescription : Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T19:48:44.000000Z"}, {"uuid": "e3a7f429-7349-4459-9a20-f8f0c72023fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42499", "type": "seen", "source": "https://t.me/cvedetector/11043", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42499 - FitNesse Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42499 \nPublished : Nov. 15, 2024, 6:15 a.m. | 21\u00a0minutes ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T07:43:32.000000Z"}, {"uuid": "a67b2675-d7e9-4e97-bfbd-b57f432a60a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42496", "type": "seen", "source": "https://t.me/cvedetector/6645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42496 - Smart-tab Android PlainText Password Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42496 \nPublished : Sept. 30, 2024, 8:15 a.m. | 29\u00a0minutes ago \nDescription : Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T10:48:23.000000Z"}, {"uuid": "1ddafe13-5a69-4a52-a065-b61c027d81d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42495", "type": "seen", "source": "https://t.me/cvedetector/4942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42495 - F5 BIG-IP Unencrypted Configuration Credentials Transmission\", \n  \"Content\": \"CVE ID : CVE-2024-42495 \nPublished : Sept. 5, 2024, 11:15 p.m. | 40\u00a0minutes ago \nDescription : Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-06T02:23:51.000000Z"}, {"uuid": "1c1636c2-608e-48ac-8426-590be833ead5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42491", "type": "seen", "source": "https://t.me/cvedetector/4937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42491 - Asterisk SEGV Crash Triggered by Malformed SIP URI with Unbound Resolver Load\", \n  \"Content\": \"CVE ID : CVE-2024-42491 \nPublished : Sept. 5, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. \nSeverity: 5.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T21:23:17.000000Z"}, {"uuid": "e26e58ea-bfa6-4bc2-859b-37b8dcfea527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42490", "type": "seen", "source": "https://t.me/cvedetector/3934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42490 - Authentik Unauthenticated Access to Confidential API Endpoints\", \n  \"Content\": \"CVE ID : CVE-2024-42490 \nPublished : Aug. 22, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//view_certificate/, /api/v3/crypto/certificatekeypairs//view_private_key/, and /api/v3/.../used_by/. Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable. authentik 2024.4.4, 2024.6.4 and 2024.8.0 fix this issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T19:23:15.000000Z"}, {"uuid": "affe7950-378e-4889-980d-bc2583d59779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42493", "type": "seen", "source": "https://t.me/cvedetector/2809", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42493 - Dorsett Controls InfoScan Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-42493 \nPublished : Aug. 8, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : Dorsett Controls InfoScan is vulnerable due to a leak of possible   \nsensitive information through the response headers and the rendered   \nJavaScript prior to user login. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T20:35:06.000000Z"}]}