{"vulnerability": "CVE-2024-5682", "sightings": [{"uuid": "d909ca9c-10be-492b-989a-3081c949745d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56825", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbpcnntmt32o", "content": "", "creation_timestamp": "2026-01-05T20:46:29.231893Z"}, {"uuid": "d7cea340-f164-4f72-a8d0-1312f2c31198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56826\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:24.613Z\n\ud83d\udccf Modified: 2025-01-09T03:40:24.613Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-56826\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2335172\n3. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n4. https://github.com/uclouvain/openjpeg/issues/1563", "creation_timestamp": "2025-01-09T04:14:27.000000Z"}, {"uuid": "350b330b-93ce-4be3-9cbf-f067aa59fc60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/883", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56827\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:30.512Z\n\ud83d\udccf Modified: 2025-01-09T03:40:30.512Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-56827\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2335174\n3. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n4. https://github.com/uclouvain/openjpeg/issues/1564", "creation_timestamp": "2025-01-09T04:14:17.000000Z"}, {"uuid": "82b9256c-99c1-4a1f-b1c6-72544cc75d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16088", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56827\n\ud83d\udd25 CVSS Score: 5.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:30.512Z\n\ud83d\udccf Modified: 2025-05-13T09:15:21.784Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:7309\n2. https://access.redhat.com/security/cve/CVE-2024-56827\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2335174\n4. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n5. https://github.com/uclouvain/openjpeg/issues/1564", "creation_timestamp": "2025-05-13T09:30:36.000000Z"}, {"uuid": "23f9bd6b-3c97-4d02-ac1d-b896a790ebad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56828", "type": "seen", "source": "https://t.me/cvedetector/14391", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56828 - ChestnutCMS File Upload Handler SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56828 \nPublished : Jan. 6, 2025, 6:15 p.m. | 44\u00a0minutes ago \nDescription : File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T20:17:29.000000Z"}, {"uuid": "8748df8c-651d-4fb9-af3e-69daeaec08a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56828", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782677540115579", "content": "", "creation_timestamp": "2025-01-06T17:51:16.031071Z"}, {"uuid": "5e9dbe62-61a6-421a-b16c-0a9762a8c44d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbuawtbad2e", "content": "", "creation_timestamp": "2025-01-09T04:38:49.347138Z"}, {"uuid": "001cf45c-5f8c-41bc-85db-804fae54593a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbuawwmje2k", "content": "", "creation_timestamp": "2025-01-09T04:38:49.940261Z"}, {"uuid": "46d3301a-30e5-4a91-9827-5e55b230f068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56826\n\ud83d\udd25 CVSS Score: 5.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:24.613Z\n\ud83d\udccf Modified: 2025-05-13T09:15:03.349Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:7309\n2. https://access.redhat.com/security/cve/CVE-2024-56826\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2335172\n4. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n5. https://github.com/uclouvain/openjpeg/issues/1563", "creation_timestamp": "2025-05-13T09:30:37.000000Z"}, {"uuid": "65cf3721-f0c6-4ede-92d5-ccf9d821c320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "seen", "source": "https://t.me/cvedetector/14774", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56826 - OpenJPEG Heap Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56826 \nPublished : Jan. 9, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T06:02:46.000000Z"}, {"uuid": "6fe6e728-d03a-47ea-b376-88a374aaf04e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "seen", "source": "https://t.me/cvedetector/14770", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56827 - OpenJPEG Heap Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-56827 \nPublished : Jan. 9, 2025, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T06:02:40.000000Z"}, {"uuid": "093f4cb3-d1d3-4f40-9a85-0c50151db44c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5682", "type": "seen", "source": "https://t.me/cvedetector/5951", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5682 - Yordam Library Automation System Excessive Authentication Attempt Denial of Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-5682 \nPublished : Sept. 18, 2024, 12:15 p.m. | 39\u00a0minutes ago \nDescription : Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T15:04:21.000000Z"}, {"uuid": "281707e9-7268-4b35-ba10-fa255691c56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796354746932468", "content": "", "creation_timestamp": "2025-01-09T03:49:33.670481Z"}, {"uuid": "cacdd3eb-37dd-4f62-805a-4fea0e5e69f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56828", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3s2o2hog2r", "content": "", "creation_timestamp": "2025-01-06T18:43:35.305811Z"}, {"uuid": "c7712136-e2d7-4274-a8b5-bfb0fbae3750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113796354761703507", "content": "", "creation_timestamp": "2025-01-09T03:49:34.446318Z"}, {"uuid": "0d56df39-6e45-4dc8-8084-feca6a1f9afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbsxt7zxk2a", "content": "", "creation_timestamp": "2025-01-09T04:15:48.433068Z"}, {"uuid": "cf6905f6-0657-48f4-b686-55e032d44082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbsxvlsvk2k", "content": "", "creation_timestamp": "2025-01-09T04:15:51.045914Z"}, {"uuid": "e0974324-2ea4-408e-995c-bf0147ff7dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8215", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56826\n\ud83d\udd25 CVSS Score: 5.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:24.613Z\n\ud83d\udccf Modified: 2025-03-20T14:34:56.286Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-56826\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2335172\n3. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n4. https://github.com/uclouvain/openjpeg/issues/1563", "creation_timestamp": "2025-03-20T15:18:30.000000Z"}, {"uuid": "83c6a6d7-4da1-4fd7-9493-c57a921b14b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56827", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8214", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56827\n\ud83d\udd25 CVSS Score: 5.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility.  This can lead to an application crash or other undefined behavior.\n\ud83d\udccf Published: 2025-01-09T03:40:30.512Z\n\ud83d\udccf Modified: 2025-03-20T14:35:03.672Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-56827\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2335174\n3. https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8\n4. https://github.com/uclouvain/openjpeg/issues/1564", "creation_timestamp": "2025-03-20T15:18:29.000000Z"}, {"uuid": "3c8e35c1-cffb-4990-8478-0df6c15fa245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56829", "type": "seen", "source": "https://t.me/cvedetector/14091", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56829 - Huang Yaoshi Pharmaceutical File Upload Vulnerability (Arbitrary File Write)\", \n  \"Content\": \"CVE ID : CVE-2024-56829 \nPublished : Jan. 2, 2025, 4:15 a.m. | 29\u00a0minutes ago \nDescription : Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T05:52:56.000000Z"}, {"uuid": "fbde6a2a-d822-4f17-957d-00b870a949a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56828", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3qjp5kue2a", "content": "", "creation_timestamp": "2025-01-06T18:16:08.415299Z"}, {"uuid": "e17c6dba-3f4d-42cc-8165-b07c2150da18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56829", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113756802151800670", "content": "", "creation_timestamp": "2025-01-02T04:10:48.861291Z"}, {"uuid": "dd10aafe-1e3b-4c36-8ec0-666c425937d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56829", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leq7omtng725", "content": "", "creation_timestamp": "2025-01-02T04:15:23.281038Z"}, {"uuid": "7bc3c994-3036-444c-9341-51f4c045f4b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56829", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqesw7jfg2y", "content": "", "creation_timestamp": "2025-01-02T05:47:16.147460Z"}, {"uuid": "91148d7e-cbd0-4be6-a43e-799f3f98c7da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56829", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqeswoocv2r", "content": "", "creation_timestamp": "2025-01-02T05:47:17.524844Z"}, {"uuid": "02cf032a-c310-45cb-8688-0ec6b9a8aca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56826", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lg3ofgj7ul2j", "content": "", "creation_timestamp": "2025-01-19T11:03:10.193856Z"}]}