{"vulnerability": "CVE-2024-2394", "sightings": [{"uuid": "abf96725-5754-404c-aeee-65c8e5d1fc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://t.me/CyberBulletin/1827", "content": "\u26a1\ufe0fCVE-2024-23945: Serious Vulnerability in Apache Hive and Spark Could Lead to Exploitation.\n\n#CyberBulletin", "creation_timestamp": "2024-12-26T04:49:46.000000Z"}, {"uuid": "5077f7af-3338-40e1-919b-ec58b0be1a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23942", "type": "seen", "source": "https://t.me/cvedetector/20564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23942 - Cisco AnyConnect Unencrypted Configuration File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-23942 \nPublished : March 18, 2025, 11:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T13:33:36.000000Z"}, {"uuid": "4cae8e52-1937-4c90-8b01-6e79bda64594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://t.me/cvedetector/20561", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23943 - Citrix Cloud API Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-23943 \nPublished : March 18, 2025, 11:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T13:33:33.000000Z"}, {"uuid": "3a0f52d2-8225-471e-8c69-75d52835b661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "Telegram/hBMa1EjJGne6T94RJpH8G635WGWHME0ukrAes0xobqvlZ3V4", "content": "", "creation_timestamp": "2025-02-18T23:42:23.000000Z"}, {"uuid": "c855c373-3835-4383-bf96-a3e08d167a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://t.me/CyberBulletin/2746", "content": "\u26a1CVE-2024-23943 (CVSS 9.1): Critical Flaw Found in Industrial Communication Devices.\n\n#CyberBulletin", "creation_timestamp": "2025-03-21T13:34:47.000000Z"}, {"uuid": "8deb946e-822b-435c-aa15-de1302572e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2394", "type": "seen", "source": "https://t.me/ctinow/205829", "content": "https://ift.tt/mEYMCpW\nCVE-2024-2394", "creation_timestamp": "2024-03-12T16:32:15.000000Z"}, {"uuid": "a855eb32-469a-4f60-a48c-421a79040629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkoritwlcq2d", "content": "", "creation_timestamp": "2025-03-18T23:00:07.713905Z"}, {"uuid": "0d6685e8-e57e-446c-909a-e0c6e9b3d3cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114183275961019139", "content": "", "creation_timestamp": "2025-03-18T11:48:43.074598Z"}, {"uuid": "f513bc39-8cc7-460f-8561-2d7da5eb7081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://t.me/cvedetector/13542", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23945 - Apache Hive Cookie Signature Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-23945 \nPublished : Dec. 23, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.  \n  \nThe vulnerable CookieSigner logic was introduced in Apache Hive by\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:  \n* org.apache.hive:hive-service  \n* org.apache.spark:spark-hive-thriftserver_2.11  \n* org.apache.spark:spark-hive-thriftserver_2.12 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-23T18:20:07.000000Z"}, {"uuid": "f927bb4b-7dc0-4dd1-aba1-c0c824a48505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23946", "type": "seen", "source": "https://t.me/arpsyndicate/3968", "content": "#ExploitObserverAlert\n\nZDI-24-183\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.", "creation_timestamp": "2024-02-22T10:12:18.000000Z"}, {"uuid": "f9ea9939-790c-4663-919e-f06c51643643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23940", "type": "seen", "source": "https://t.me/ctinow/180385", "content": "https://ift.tt/kCwmgv6\nCVE-2024-23940 Exploit", "creation_timestamp": "2024-02-06T23:16:53.000000Z"}, {"uuid": "8fc184dc-a67c-47c4-a6f3-322a4b368b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23941", "type": "seen", "source": "https://t.me/ctinow/177322", "content": "https://ift.tt/EukjBCp\nCVE-2024-23941", "creation_timestamp": "2024-02-01T05:21:47.000000Z"}, {"uuid": "97769da2-0dbe-469c-9f1b-1f3d91185265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23940", "type": "seen", "source": "https://t.me/ctinow/175516", "content": "https://ift.tt/u5Jlvbe\nCVE-2024-23940", "creation_timestamp": "2024-01-29T20:26:12.000000Z"}, {"uuid": "a9081aff-ee5d-45c9-bae0-58bc4d6965f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113702851117565346", "content": "", "creation_timestamp": "2024-12-23T15:30:21.789294Z"}, {"uuid": "0d7ace30-37ef-4258-831a-3c1dc004af99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkntru5wc72h", "content": "", "creation_timestamp": "2025-03-18T14:08:18.454573Z"}, {"uuid": "dae0ca4f-323a-45b2-816c-1d6dcc672572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23942", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkntrtzwaw2e", "content": "", "creation_timestamp": "2025-03-18T14:08:17.870801Z"}, {"uuid": "ea05bb93-c519-43fc-8fc5-d1cec51ce16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lknoukaeuq2s", "content": "", "creation_timestamp": "2025-03-18T12:40:18.389061Z"}, {"uuid": "1b9336c5-d400-4d2c-be61-24114b90f3e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lmxxfusmby2l", "content": "", "creation_timestamp": "2025-04-17T01:30:11.333256Z"}, {"uuid": "d1e98ef8-3e79-4650-81ed-9d79d1b7225a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "c6de56a2-611d-4d10-9641-ea1d12876988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23944", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23944\n\ud83d\udd25 CVSS Score: 5.2 (CVSS_V3)\n\ud83d\udd39 Description: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.\n\nUsers are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.\n\ud83d\udccf Published: 2024-03-15T12:30:37Z\n\ud83d\udccf Modified: 2025-02-13T19:07:37Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23944\n2. https://github.com/apache/zookeeper/commit/29c7b9462681f47c2ac12e609341cf9f52abac5c\n3. https://github.com/apache/zookeeper/commit/65b91d2d9a56157285c2a86b106e67c26520b01d\n4. https://github.com/apache/zookeeper/commit/daf7cfd04005cff1a4f7cab5ab13d41db88d0cd8\n5. https://github.com/apache/zookeeper\n6. https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k\n7. http://www.openwall.com/lists/oss-security/2024/03/14/2", "creation_timestamp": "2025-02-13T19:13:47.000000Z"}, {"uuid": "25635caf-bf31-43ef-bacf-0382c8ccc92a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2394", "type": "seen", "source": "https://t.me/ctinow/205813", "content": "https://ift.tt/mEYMCpW\nCVE-2024-2394", "creation_timestamp": "2024-03-12T16:26:46.000000Z"}, {"uuid": "ac7af163-10fd-412f-a92d-36dfe9946c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23946", "type": "seen", "source": "https://t.me/ctinow/206538", "content": "https://ift.tt/PyC9cqh\nCVE-2024-23946 | Apache OFBiz createRegister information exposure", "creation_timestamp": "2024-03-13T10:41:10.000000Z"}, {"uuid": "1c4419e9-409e-40a0-8968-ddc1b064d738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23944", "type": "seen", "source": "https://t.me/ctinow/208694", "content": "https://ift.tt/8ScMIr1\nCVE-2024-23944", "creation_timestamp": "2024-03-15T12:31:29.000000Z"}, {"uuid": "dd555c8d-2d84-4705-b391-7fd185623c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23944", "type": "seen", "source": "https://t.me/ctinow/208691", "content": "https://ift.tt/8ScMIr1\nCVE-2024-23944", "creation_timestamp": "2024-03-15T12:26:25.000000Z"}, {"uuid": "52b6a74a-1fe2-4984-9e09-6387818ec5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23946", "type": "seen", "source": "https://t.me/ctinow/196130", "content": "https://ift.tt/hMlcpzr\nCVE-2024-23946", "creation_timestamp": "2024-02-29T03:03:01.000000Z"}, {"uuid": "ee4b5b4f-de1c-4e7a-9495-34d59c373f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23946", "type": "seen", "source": "https://t.me/ctinow/196113", "content": "https://ift.tt/hMlcpzr\nCVE-2024-23946", "creation_timestamp": "2024-02-29T02:56:29.000000Z"}, {"uuid": "2b9e2777-8f12-4d6a-a826-dc4ef74ad247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23940", "type": "seen", "source": "https://t.me/ctinow/189831", "content": "https://ift.tt/regJcKf\nCVE-2024-23940 | Trend Micro Security uiAirSupport up to 6.0.2092 uncontrolled search path", "creation_timestamp": "2024-02-21T17:36:45.000000Z"}, {"uuid": "40fac198-bc5a-43bb-a7c7-eb519b1d62b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://t.me/CyberBulletin/26916", "content": "\u26a1\ufe0fCVE-2024-23945: Serious Vulnerability in Apache Hive and Spark Could Lead to Exploitation.\n\n#CyberBulletin", "creation_timestamp": "2024-12-26T04:49:47.000000Z"}, {"uuid": "28efc866-4bf3-47f6-a769-3ea9f145bddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23944", "type": "seen", "source": "MISP/f4803911-728e-4215-a51e-448bbc408f7a", "content": "", "creation_timestamp": "2024-03-15T14:31:32.000000Z"}, {"uuid": "fc579219-e690-47ab-a075-4d56984af267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-23945", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3le46ogc7nk25", "content": "", "creation_timestamp": "2024-12-25T05:04:08.162489Z"}, {"uuid": "2d9936df-3d81-4220-b8c4-c6a76605ca71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3le4l2jzwzo2a", "content": "", "creation_timestamp": "2024-12-25T08:45:40.750672Z"}, {"uuid": "b8261471-8ac3-4b85-bcaa-81032dd007ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23945", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3le5mz6oga22u", "content": "", "creation_timestamp": "2024-12-25T18:53:28.006154Z"}, {"uuid": "1994709b-761f-4d04-922c-6903b5ff9ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkpzqbkexh2t", "content": "", "creation_timestamp": "2025-03-19T11:00:06.520186Z"}, {"uuid": "3676cda0-75c6-4ebf-b829-c74a61b92491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23943", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkv3lny3q22q", "content": "", "creation_timestamp": "2025-03-21T11:16:40.165637Z"}]}