{"vulnerability": "CVE-2024-4578", "sightings": [{"uuid": "512c24be-d2e4-422a-b711-5b720b503f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45780", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114099140291395742", "content": "", "creation_timestamp": "2025-03-03T15:11:54.762708Z"}, {"uuid": "991e1038-683e-41f5-adae-adc7f34957f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45781", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii3brveg32y", "content": "", "creation_timestamp": "2025-02-18T20:16:05.894718Z"}, {"uuid": "647a9d59-d043-4688-8323-cd36c035476e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45783", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii3bu6jlo2i", "content": "", "creation_timestamp": "2025-02-18T20:16:08.603993Z"}, {"uuid": "05b5423a-f479-4bdd-94c4-70e8d0e90c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45780", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "43c544ba-d6a7-446b-9d88-701462b5a8e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45782", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "bb8d1101-891d-462a-a51b-a6d13274a94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-45782", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "4bdc29c9-333b-4edb-b7b7-e11b822532f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-45780", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "eff18cfc-44ad-4ff5-ab00-256d4553c4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-45783", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "4f81c631-6973-4443-8b3e-2061912b9f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-45781", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e1586cb3-4625-4700-9c40-081c1c0a4eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45780", "type": "seen", "source": "https://t.me/cvedetector/19358", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45780 - Grub2 Tar File Integer Overflow Heap Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45780 \nPublished : March 3, 2025, 3:15 p.m. | 59\u00a0minutes ago \nDescription : A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T18:03:35.000000Z"}, {"uuid": "f33d7e44-f159-4f69-8aa2-291fb2383f83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45781", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45781\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.\n\ud83d\udccf Published: 2025-02-18T19:25:57.168Z\n\ud83d\udccf Modified: 2025-02-24T18:58:12.136Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45781\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345857", "creation_timestamp": "2025-02-24T19:22:26.000000Z"}, {"uuid": "e7f98233-a156-4ec4-a638-e3fe83383da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45780", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6204", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45780\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.\n\ud83d\udccf Published: 2025-03-03T14:18:50.957Z\n\ud83d\udccf Modified: 2025-03-03T14:18:50.957Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45780\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "creation_timestamp": "2025-03-03T14:29:54.000000Z"}, {"uuid": "e226e03f-7ff4-4cd0-a071-474693206b90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45782", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6242", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45782\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.\n\ud83d\udccf Published: 2025-03-03T17:05:25.397Z\n\ud83d\udccf Modified: 2025-03-03T17:25:35.467Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45782\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345858", "creation_timestamp": "2025-03-03T17:31:25.000000Z"}, {"uuid": "894c2bd5-8d77-4dc4-acf7-f073dd252a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45782", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8594", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45782\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.\n\ud83d\udccf Published: 2025-03-03T17:05:25.397Z\n\ud83d\udccf Modified: 2025-03-25T04:58:13.528Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45782\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345858", "creation_timestamp": "2025-03-25T05:23:34.000000Z"}, {"uuid": "b4d551aa-cab0-43bc-b077-9d353fd32f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45784", "type": "seen", "source": "https://t.me/CyberBulletin/1488", "content": "\u26a1\ufe0fCVE-2024-45784: Apache Airflow Vulnerability Exposes Sensitive Data in Logs.\n\n#CyberBulletin", "creation_timestamp": "2024-11-17T06:16:46.000000Z"}, {"uuid": "9644ff09-8e2a-496d-8ffb-e1e3534c70a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45784", "type": "seen", "source": "https://t.me/cvedetector/11050", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45784 - Apache Airflow Sensitive Configuration Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-45784 \nPublished : Nov. 15, 2024, 9:15 a.m. | 46\u00a0minutes ago \nDescription : Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability.\u00a0If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T11:04:07.000000Z"}, {"uuid": "87b4bb25-94c9-4e72-bd26-251617c40004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45785", "type": "seen", "source": "https://t.me/cvedetector/8912", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45785 - MUSASI Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-45785 \nPublished : Oct. 25, 2024, 8:15 a.m. | 42\u00a0minutes ago \nDescription : MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T11:13:52.000000Z"}, {"uuid": "79e834d5-3a26-49c0-9181-dc52ef387e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45788", "type": "seen", "source": "https://t.me/cvedetector/5344", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45788 - Reedos aiM-Star OTP Bombing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45788 \nPublished : Sept. 11, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T15:20:22.000000Z"}, {"uuid": "674c1a42-04ed-4f8d-a262-be5cec4aef06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45786", "type": "seen", "source": "https://t.me/cvedetector/5349", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45786 - Reedos aiM-Star Information Disclosure\u0432\u0430\u043c\u0438\", \n  \"Content\": \"CVE ID : CVE-2024-45786 \nPublished : Sept. 11, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T15:20:30.000000Z"}, {"uuid": "4f62d1ef-a18b-46e2-b3dd-1c360bf019ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45787", "type": "seen", "source": "https://t.me/cvedetector/5348", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45787 - Reedos aiM-Star Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45787 \nPublished : Sept. 11, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T15:20:26.000000Z"}, {"uuid": "e6c1c47b-ffae-49e8-9594-c68fd59e5dd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45789", "type": "seen", "source": "https://t.me/cvedetector/5347", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45789 - VMware aiM-Star Infinite Account Registration Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-45789 \nPublished : Sept. 11, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T15:20:25.000000Z"}, {"uuid": "859ed77f-e48d-49e4-8f68-dd0fc2dfb6c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45784", "type": "seen", "source": "https://t.me/CyberBulletin/26461", "content": "\u26a1\ufe0fCVE-2024-45784: Apache Airflow Vulnerability Exposes Sensitive Data in Logs.\n\n#CyberBulletin", "creation_timestamp": "2024-11-17T06:16:46.000000Z"}, {"uuid": "7b091580-9b18-4f17-879d-54c712070eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45781", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15176", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45781\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.\n\ud83d\udccf Published: 2025-02-18T19:25:57.168Z\n\ud83d\udccf Modified: 2025-05-06T17:50:49.021Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45781\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345857", "creation_timestamp": "2025-05-06T18:21:32.000000Z"}, {"uuid": "8c7ea731-795c-4ebb-bc2d-83fa7557c00d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45783", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15175", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45783\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.\n\ud83d\udccf Published: 2025-02-18T19:26:07.767Z\n\ud83d\udccf Modified: 2025-05-06T17:51:14.496Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45783\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345863", "creation_timestamp": "2025-05-06T18:21:31.000000Z"}, {"uuid": "983d5a08-9ca0-439c-94f3-78463ac0276c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45782", "type": "seen", "source": "https://t.me/cvedetector/19390", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45782 - Grub HFS Heap-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45782 \nPublished : March 3, 2025, 5:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-03T19:44:22.000000Z"}, {"uuid": "422ea93c-f4b9-4a7b-bbae-c3c92105c05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45783", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7646", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45783\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.\n\ud83d\udccf Published: 2025-02-18T19:26:07.767Z\n\ud83d\udccf Modified: 2025-03-15T00:19:01.926Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-45783\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2345863", "creation_timestamp": "2025-03-15T00:45:38.000000Z"}, {"uuid": "808441ae-649d-4579-a17c-019b898e9af6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45784", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486020195398173", "content": "", "creation_timestamp": "2024-11-15T08:27:24.382631Z"}]}