{"vulnerability": "CVE-2024-5174", "sightings": [{"uuid": "e36a54e9-18b9-4ba4-8ca9-34151b201b6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51740", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431810262179634", "content": "", "creation_timestamp": "2024-11-05T18:41:06.255061Z"}, {"uuid": "884c1c29-c6c6-4803-a4ad-67face33004c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51745", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113432431807385293", "content": "", "creation_timestamp": "2024-11-05T21:19:10.377364Z"}, {"uuid": "e0f5844f-147c-46eb-874a-010df8c54aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51743", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505769920267707", "content": "", "creation_timestamp": "2024-11-18T20:10:01.089161Z"}, {"uuid": "bd6346e9-5103-418e-9aa4-eff82dbbaa4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf4ro72pqy2t", "content": "", "creation_timestamp": "2025-01-07T04:09:13.278999Z"}, {"uuid": "80259627-d20a-40a2-9108-515f2a89ceb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lf4spabgz22y", "content": "", "creation_timestamp": "2025-01-07T04:27:43.944261Z"}, {"uuid": "f4d66d7e-6833-46e6-ad10-5395fc136678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf5zeycli62x", "content": "", "creation_timestamp": "2025-01-07T15:59:53.539565Z"}, {"uuid": "99ee4826-2bb7-4806-8c1f-b3cfac8cdff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-51741", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf4yaiur4226", "content": "", "creation_timestamp": "2025-01-07T06:06:50.189613Z"}, {"uuid": "6d88e68c-f0d8-4bae-bcbb-e5c0369645f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51744", "type": "seen", "source": "https://gist.github.com/superbrothers/2bc399f6833ec0af8609d73d5266015d", "content": "", "creation_timestamp": "2025-04-23T23:38:33.000000Z"}, {"uuid": "f37e2788-e66a-4ba1-be70-91b283df1e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51741\n\ud83d\udd39 Description: Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.\n\ud83d\udccf Published: 2025-01-06T21:20:19.772Z\n\ud83d\udccf Modified: 2025-01-06T21:20:19.772Z\n\ud83d\udd17 References:\n1. https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", "creation_timestamp": "2025-01-06T21:36:45.000000Z"}, {"uuid": "1e87805c-0ca3-4051-9583-132c2b9b1604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51749", "type": "seen", "source": "https://t.me/cvedetector/10666", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51749 - Element Matrix File Download Vulnerability (Arbitrary File Upload)\", \n  \"Content\": \"CVE ID : CVE-2024-51749 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:53:50.000000Z"}, {"uuid": "6ccc6902-f9a7-4af8-a9b7-a32b14ffdcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51744", "type": "seen", "source": "https://t.me/cvedetector/9791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51744 - Go\u03c3lang-JWT Signature Validation Error Handling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51744 \nPublished : Nov. 4, 2024, 10:15 p.m. | 18\u00a0minutes ago \nDescription : golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T23:38:43.000000Z"}, {"uuid": "29575106-d8e9-49fe-b00c-a36cc05b3a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3lfdmhuxyyc26", "content": "", "creation_timestamp": "2025-01-09T21:24:50.875171Z"}, {"uuid": "6b4c958b-d442-41e3-99f9-ec7da092d6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783511538746501", "content": "", "creation_timestamp": "2025-01-06T21:23:21.929332Z"}, {"uuid": "f20ba638-d7f1-4ce2-b0a2-6320794e6c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf45vznojb2i", "content": "", "creation_timestamp": "2025-01-06T22:15:56.368665Z"}, {"uuid": "433f0349-3efd-4366-b211-e518ea9bb4ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5174", "type": "seen", "source": "https://t.me/cvedetector/18794", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5174 - Gliffy Broken Authentication Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-5174 \nPublished : Feb. 24, 2025, 2:15 p.m. | 35\u00a0minutes ago \nDescription : A flaw in Gliffy results in broken authentication through the reset functionality of the application. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-24T16:17:15.000000Z"}, {"uuid": "be49fa5f-adaa-4889-b65b-8e4b208fecb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://t.me/cvedetector/14420", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51741 - Redis Access Control List (ACL) SERVER PANIC Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51741 \nPublished : Jan. 6, 2025, 10:15 p.m. | 42\u00a0minutes ago \nDescription : Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T00:28:36.000000Z"}, {"uuid": "2edbd549-c51f-4fe4-9c20-6154fae0dc1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51743", "type": "seen", "source": "https://t.me/cvedetector/11377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51743 - MarkUs File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51743 \nPublished : Nov. 18, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T21:34:10.000000Z"}, {"uuid": "c4bd1df3-fce5-4012-aa6b-864b2fbad3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51748", "type": "seen", "source": "https://t.me/cvedetector/10526", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51748 - Kanboard File Path Traversal Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-51748 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:41.000000Z"}, {"uuid": "f07ed1e8-a1f4-4290-91d8-3da4397f9b11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51747", "type": "seen", "source": "https://t.me/cvedetector/10525", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51747 - Kanboard File Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51747 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files`  SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:37.000000Z"}, {"uuid": "b94e7c79-3823-43c8-b34a-c34a33756951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lf5kdzznb72a", "content": "", "creation_timestamp": "2025-01-07T11:30:56.368277Z"}, {"uuid": "e51118a4-baf9-4142-ae7b-676f6bc3692e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lf5nk5t7xb27", "content": "", "creation_timestamp": "2025-01-07T12:28:02.431920Z"}, {"uuid": "8a880e26-0fc7-4129-8d7e-14d4a13dda23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51745", "type": "seen", "source": "https://t.me/cvedetector/9954", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51745 - Wasmtime Windows Special Device Filenames Supervisory Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51745 \nPublished : Nov. 5, 2024, 10:15 p.m. | 33\u00a0minutes ago \nDescription : Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT\u2070\", \"LPT\u00b9\", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T23:56:26.000000Z"}, {"uuid": "ac456d8a-f7ce-4207-9b52-119a9fa89d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51740", "type": "seen", "source": "https://t.me/cvedetector/9934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51740 - iTop HTTP Request Forgery (RCE)\", \n  \"Content\": \"CVE ID : CVE-2024-51740 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:34.000000Z"}, {"uuid": "fca08e3a-d9a1-4eff-9613-428fa8e04130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51746", "type": "seen", "source": "https://t.me/cvedetector/9933", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51746 - GitHub OIDC Gitsign Incorrect Rekor Entry Selection\", \n  \"Content\": \"CVE ID : CVE-2024-51746 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payload. The search API returns entries that match either condition rather than both. When gitsign's credential cache is used, there can be multiple entries that use the same ephemeral keypair / signing certificate. As gitsign assumes both conditions are matched by Rekor, there is no additional validation that the entry's hash matches the payload being verified, meaning that the wrong entry can be used to successfully pass verification. Impact is minimal as while gitsign does not match the payload against the entry, it does ensure that the certificate matches. This would need to be exploited during the certificate validity window (10 minutes) by the key holder. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:33.000000Z"}, {"uuid": "e830d62f-f9a2-46ac-8413-9096bfc57e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51741", "type": "seen", "source": "https://t.me/CyberBulletin/1991", "content": "\u26a1\ufe0fCVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks.\n\n#CyberBulletin", "creation_timestamp": "2025-01-07T08:15:41.000000Z"}]}