{"vulnerability": "cve-2024-5288", "sightings": [{"uuid": "8a00aeaf-0641-4c79-9032-b196651e32ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52882", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113963372037009451", "content": "", "creation_timestamp": "2025-02-07T15:44:15.464871Z"}, {"uuid": "276b520d-19bc-4791-bf9b-2b878807c999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52884", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113963372051487409", "content": "", "creation_timestamp": "2025-02-07T15:44:15.666196Z"}, {"uuid": "b9dc73fc-caa0-455a-b546-f0785d9349eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52881", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113963399038614634", "content": "", "creation_timestamp": "2025-02-07T15:51:07.261387Z"}, {"uuid": "f57a8f04-3896-4a53-a679-f3fb442c3542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52887", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lns564rwbto2", "content": "", "creation_timestamp": "2025-04-27T11:23:48.243191Z"}, {"uuid": "a4d43c9f-1d12-48b2-8bbe-9923c942039c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52888", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lns563a62sp2", "content": "", "creation_timestamp": "2025-04-27T11:23:48.905369Z"}, {"uuid": "a6c0641b-aa54-480e-921b-e3fb5d5eb1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52887", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lns5uaah2t2l", "content": "", "creation_timestamp": "2025-04-27T11:34:47.862393Z"}, {"uuid": "06a81a47-110e-4db2-b9f6-161127651ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52888", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lns5uau4rl2b", "content": "", "creation_timestamp": "2025-04-27T11:34:50.237155Z"}, {"uuid": "da897b82-7744-4f05-bebe-23d502270ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52888", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13608", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52888\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.\n\ud83d\udccf Published: 2025-04-27T07:46:53.542Z\n\ud83d\udccf Modified: 2025-04-27T07:46:53.542Z\n\ud83d\udd17 References:\n1. https://support.checkpoint.com/results/sk/sk183055", "creation_timestamp": "2025-04-27T08:08:54.000000Z"}, {"uuid": "50f2ecc3-d422-4860-a668-cd2e6d905c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52887", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13609", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52887\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.\n\ud83d\udccf Published: 2025-04-27T07:46:23.027Z\n\ud83d\udccf Modified: 2025-04-27T07:46:23.027Z\n\ud83d\udd17 References:\n1. https://support.checkpoint.com/results/sk/sk183054", "creation_timestamp": "2025-04-27T08:08:55.000000Z"}, {"uuid": "588787eb-79e1-4d1c-ae8e-167c2069012e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52884", "type": "seen", "source": "https://t.me/cvedetector/17504", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52884 - AudioCodes Mediant SBC Weak Password Decryption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52884 \nPublished : Feb. 7, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T18:50:23.000000Z"}, {"uuid": "a34a765b-c4db-4e71-85d0-eb310857ab29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52883", "type": "seen", "source": "https://t.me/cvedetector/17503", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52883 - AudioCodes One Voice Operations Center (OVOC) Path Traversal Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-52883 \nPublished : Feb. 7, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T18:50:22.000000Z"}, {"uuid": "0cb7bfb9-9a87-4c28-88dc-3d81d5600f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52882", "type": "seen", "source": "https://t.me/cvedetector/17502", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52882 - AudioCodes One Voice Operations Center XSS\", \n  \"Content\": \"CVE ID : CVE-2024-52882 \nPublished : Feb. 7, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T18:50:18.000000Z"}, {"uuid": "c92f18d0-a76c-40a1-b281-250a2a67cf08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52881", "type": "seen", "source": "https://t.me/cvedetector/17501", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52881 - AudioCodes One Voice Operations Center (OVOC) Decryption Key Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-52881 \nPublished : Feb. 7, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T18:50:18.000000Z"}, {"uuid": "861d9180-e9dc-4611-85f0-fec88bdc6a29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52882", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3819", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52882\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.\n\ud83d\udccf Published: 2025-02-07T18:31:21Z\n\ud83d\udccf Modified: 2025-02-07T18:31:21Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-52882\n2. https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-076.txt", "creation_timestamp": "2025-02-07T19:04:15.000000Z"}, {"uuid": "4c31c2bf-461b-4b4d-a479-76fdce535b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52881", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3818", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52881\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.\n\ud83d\udccf Published: 2025-02-07T18:31:21Z\n\ud83d\udccf Modified: 2025-02-07T18:31:21Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-52881\n2. https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-079.txt", "creation_timestamp": "2025-02-07T19:04:15.000000Z"}, {"uuid": "d82d5191-1726-4ef5-9e73-58ce18cd36a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52883", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3817", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52883\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.\n\ud83d\udccf Published: 2025-02-07T18:31:21Z\n\ud83d\udccf Modified: 2025-02-07T18:31:21Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-52883\n2. https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-075.txt", "creation_timestamp": "2025-02-07T19:03:52.000000Z"}, {"uuid": "4542d7f1-458e-4d9a-a8eb-dd1ec16ac07b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52884", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52884\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.\n\ud83d\udccf Published: 2025-02-07T18:31:21Z\n\ud83d\udccf Modified: 2025-02-07T18:31:21Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-52884\n2. https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt", "creation_timestamp": "2025-02-07T19:03:52.000000Z"}, {"uuid": "68547e2a-d1f4-4f36-809e-9cabfc4c992f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52880", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16689", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52880\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.\n\ud83d\udccf Published: 2025-05-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-16T14:19:59.789Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/sa-2024016/", "creation_timestamp": "2025-05-16T14:39:39.000000Z"}, {"uuid": "1151baf4-196b-468d-88d9-46a13ef13025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52888", "type": "seen", "source": "https://t.me/cvedetector/23836", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52888 - Apache Struts Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-52888 \nPublished : April 27, 2025, 8:15 a.m. | 2\u00a0hours, 20\u00a0minutes ago \nDescription : For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T12:58:36.000000Z"}, {"uuid": "b65b5ac7-dbb3-4ae4-85fc-46966a283857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52887", "type": "seen", "source": "https://t.me/cvedetector/23835", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52887 - Shrew Soft VPN Bookmark Script Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52887 \nPublished : April 27, 2025, 8:15 a.m. | 2\u00a0hours, 20\u00a0minutes ago \nDescription : Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T12:58:35.000000Z"}, {"uuid": "05f3f5ce-59d9-438c-8197-80ea9e5fc89d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5288", "type": "seen", "source": "https://t.me/cvedetector/4272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5288 - WolfSSL ECDSA Key Disclosure via Rowhammer Attack\", \n  \"Content\": \"CVE ID : CVE-2024-5288 \nPublished : Aug. 27, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,  \n  \nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. \nSeverity: 5.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-27T22:24:49.000000Z"}]}