{"vulnerability": "cve-2024-5286", "sightings": [{"uuid": "2919e4cf-506c-40f6-a2cb-efff80222e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52867", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113495897827907922", "content": "", "creation_timestamp": "2024-11-17T02:19:24.938995Z"}, {"uuid": "f563418e-f4bb-4896-8aec-19fc3a91ac30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-52869", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794654232626713", "content": "", "creation_timestamp": "2025-01-08T20:37:05.858964Z"}, {"uuid": "6150f0ca-9535-4704-a247-f0168e9753b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52869", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfb3ikkvyh2x", "content": "", "creation_timestamp": "2025-01-08T21:15:39.979555Z"}, {"uuid": "6072ba2b-a07a-449f-9a81-5b23d03d8e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52864", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "46cd29a7-797c-4762-bd3d-a99bf90311e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52864", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:33.000000Z"}, {"uuid": "ea286751-8c79-4640-8076-88de5e72c45b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52862", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "343fcfc5-b090-4664-89da-a36f777cddbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52860", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "deac34ad-758d-49a1-b988-decd6e423de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52862", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:34.000000Z"}, {"uuid": "b7636a9e-7cb2-43c0-a2c6-1bc7a01492c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52860", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:34.000000Z"}, {"uuid": "712e69d3-721e-4efc-b8f7-ee3429f5259f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52867", "type": "seen", "source": "https://t.me/cvedetector/11251", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52867 - Guix-daemon Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52867 \nPublished : Nov. 17, 2024, 3:15 a.m. | 40\u00a0minutes ago \nDescription : guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-17T05:26:07.000000Z"}, {"uuid": "c84069e1-31f3-4fef-963c-73185db0d88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52869", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/845", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52869\n\ud83d\udd39 Description: Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise.\n\ud83d\udccf Published: 2025-01-08T00:00:00\n\ud83d\udccf Modified: 2025-01-08T20:32:24.052642\n\ud83d\udd17 References:\n1. https://www.teradata.com/trust-security-center/data-security\n2. https://chrismanson.com/CVE/cve-2024-52869.html", "creation_timestamp": "2025-01-08T21:14:30.000000Z"}, {"uuid": "349a635d-7bd0-4034-b74b-4e762cb697a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52865", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/518", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52865\n\ud83d\udd39 Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.\n\ud83d\udccf Published: 2024-12-10T22:05:04.425Z\n\ud83d\udccf Modified: 2025-01-07T18:05:41.515Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html", "creation_timestamp": "2025-01-07T18:39:31.000000Z"}, {"uuid": "cb449bde-ca1f-4f15-9f77-9f29f9ea5c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52869", "type": "seen", "source": "https://t.me/cvedetector/14739", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52869 - Teradata SUSE Enterprise Linux Server Elevated Privilege Group Misassignment\", \n  \"Content\": \"CVE ID : CVE-2024-52869 \nPublished : Jan. 8, 2025, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T23:21:22.000000Z"}, {"uuid": "4cc6f3d0-3af9-4621-9851-06b7e93e749f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52864", "type": "seen", "source": "https://t.me/cvedetector/12610", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52864 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-52864 \nPublished : Dec. 10, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T00:11:26.000000Z"}, {"uuid": "b42ac4e4-b7f3-4c35-bdc9-86d21f30762c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52862", "type": "seen", "source": "https://t.me/cvedetector/12609", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52862 - Adobe Experience Manager Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52862 \nPublished : Dec. 10, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T00:11:25.000000Z"}, {"uuid": "a0b08336-b22e-46ed-b3ec-ba1d2c506c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52861", "type": "seen", "source": "https://t.me/cvedetector/12608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52861 - Adobe Experience Manager Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52861 \nPublished : Dec. 10, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T00:11:25.000000Z"}, {"uuid": "befa9e1d-fcca-42b3-94a3-a4d5e0f28fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52860", "type": "seen", "source": "https://t.me/cvedetector/12607", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52860 - Adobe Experience Manager DOM-Based Cross-Site Scripting XSS\", \n  \"Content\": \"CVE ID : CVE-2024-52860 \nPublished : Dec. 10, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. User interaction is required for exploitation, as a victim must visit a malicious link or input data into a vulnerable web application. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T00:11:24.000000Z"}]}