{"vulnerability": "cve-2024-4697", "sightings": [{"uuid": "7dc0a3ab-ace8-46a0-95de-8cc317c1d09b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46972", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113728677913660600", "content": "", "creation_timestamp": "2024-12-28T04:58:27.185169Z"}, {"uuid": "4577941d-3d78-4beb-957c-3f202227a223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46973", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113728677929219189", "content": "", "creation_timestamp": "2024-12-28T04:58:27.573878Z"}, {"uuid": "5d7f7da1-655a-4c65-af98-6c9b2da62149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46972", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ledqpgblcy2i", "content": "", "creation_timestamp": "2024-12-28T05:15:27.033797Z"}, {"uuid": "f521a476-7874-473d-a250-a7763fcd9bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46973", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ledqpigxxp22", "content": "", "creation_timestamp": "2024-12-28T05:15:29.052116Z"}, {"uuid": "e3df7899-14e6-4272-9ddd-11efdda78cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46973", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113821648880947589", "content": "", "creation_timestamp": "2025-01-13T15:02:11.875226Z"}, {"uuid": "b528cb2e-8f73-46d8-9eef-3387ada15266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46974", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920767868508785", "content": "", "creation_timestamp": "2025-01-31T03:09:27.231680Z"}, {"uuid": "533dbc36-d791-472b-aa93-7c53b37fb853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46974", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgyzuglke22h", "content": "", "creation_timestamp": "2025-01-31T03:15:36.252696Z"}, {"uuid": "9870f028-ef3d-420c-a1df-218e484bcceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-46973", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "0d235e43-1ec9-4960-950f-f659ba0d1a46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46975", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lirvein6jq2t", "content": "", "creation_timestamp": "2025-02-22T17:56:53.314825Z"}, {"uuid": "52e37cd0-4076-4b01-a52a-04182811a306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46974", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46974\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.\n\ud83d\udccf Published: 2025-01-31T03:07:15.179Z\n\ud83d\udccf Modified: 2025-03-20T14:32:48.723Z\n\ud83d\udd17 References:\n1. https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "creation_timestamp": "2025-03-20T15:18:32.000000Z"}, {"uuid": "7527104f-1988-4e7f-9fb7-fd7d0fb747d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46975", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5031", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46975\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory.\n\ud83d\udccf Published: 2025-02-22T14:44:25.177Z\n\ud83d\udccf Modified: 2025-02-22T14:44:25.177Z\n\ud83d\udd17 References:\n1. https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "creation_timestamp": "2025-02-22T15:20:16.000000Z"}, {"uuid": "2c694196-9a99-49a9-97d8-33b1497dbb13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46975", "type": "seen", "source": "https://t.me/cvedetector/18734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46975 - VMware ESXi GPU Firmware Memory Corruption\", \n  \"Content\": \"CVE ID : CVE-2024-46975 \nPublished : Feb. 22, 2025, 3:15 p.m. | 2\u00a0hours, 16\u00a0minutes ago \nDescription : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T19:10:24.000000Z"}, {"uuid": "0b6d0f4d-8ac7-4f53-a328-cc368f93943c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46974", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3562", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46974\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.\n\ud83d\udccf Published: 2025-01-31T03:32:14Z\n\ud83d\udccf Modified: 2025-01-31T03:32:14Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-46974\n2. https://www.imaginationtech.com/gpu-driver-vulnerabilities", "creation_timestamp": "2025-01-31T04:12:50.000000Z"}, {"uuid": "2036a37a-d3a0-4cb9-8528-6b93f0a03f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46974", "type": "seen", "source": "https://t.me/cvedetector/16880", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46974 - VMware DMA Buffer Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-46974 \nPublished : Jan. 31, 2025, 3:15 a.m. | 2\u00a0hours, 24\u00a0minutes ago \nDescription : Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T07:00:21.000000Z"}, {"uuid": "76ec5f6d-f5e6-449a-a1a7-3dced0225fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46970", "type": "seen", "source": "https://t.me/cvedetector/5718", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46970 - JetBrains IntelliJ IDEA HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46970 \nPublished : Sept. 16, 2024, 11:15 a.m. | 23\u00a0minutes ago \nDescription : In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T13:41:06.000000Z"}, {"uuid": "8fee45e9-a2ca-4924-8fa3-d078f0e74c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46971", "type": "seen", "source": "https://t.me/cvedetector/12901", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46971 - Nvidia GPU Driver Physical Memory Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46971 \nPublished : Dec. 13, 2024, 6:15 p.m. | 35\u00a0minutes ago \nDescription : Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T19:57:37.000000Z"}, {"uuid": "ed650bcd-4e16-489e-99c1-fd700165e43c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46972", "type": "seen", "source": "https://t.me/cvedetector/13811", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46972 - Apache Hadoop Graphics Use-After-Free Local Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-46972 \nPublished : Dec. 28, 2024, 5:15 a.m. | 42\u00a0minutes ago \nDescription : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T07:04:43.000000Z"}, {"uuid": "fc6da2d1-df6c-4a0e-a068-7a0d4e98fecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46973", "type": "seen", "source": "https://t.me/cvedetector/13810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46973 - Microsoft Windows GPU.sys Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46973 \nPublished : Dec. 28, 2024, 5:15 a.m. | 42\u00a0minutes ago \nDescription : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-28T07:04:42.000000Z"}, {"uuid": "f9a4c5d6-75d5-44f7-afd5-bc390fff92b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46977", "type": "seen", "source": "https://t.me/cvedetector/6879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46977 - OpenC3 COSMOS Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46977 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:32.000000Z"}, {"uuid": "01ab846a-4443-4373-82ea-d688729be213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46978", "type": "seen", "source": "https://t.me/cvedetector/6012", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46978 - XWiki Platform Notification Filter Preference Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46978 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:56:04.000000Z"}, {"uuid": "4a9ad22b-bb42-4b91-8f63-0ee5319bb08b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46976", "type": "seen", "source": "https://t.me/cvedetector/5861", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46976 - \"Backstage Cross-Site Scripting (XSS)\"\", \n  \"Content\": \"CVE ID : CVE-2024-46976 \nPublished : Sept. 17, 2024, 9:15 p.m. | 33\u00a0minutes ago \nDescription : Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T23:58:56.000000Z"}, {"uuid": "db559d52-f11f-4f3a-8d3d-f5657a20add9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46979", "type": "seen", "source": "https://t.me/cvedetector/6004", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46979 - XWiki Platform Public User Notification Filter Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-46979 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1.  The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:55:54.000000Z"}]}