{"vulnerability": "cve-2024-3141", "sightings": [{"uuid": "ec666a5d-f8d2-46ec-828a-1a59a37f7580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-31416", "type": "seen", "source": "https://t.me/cvedetector/5627", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-31416 - Eaton Foreseer - Input Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-31416 \nPublished : Sept. 13, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T19:38:22.000000Z"}, {"uuid": "3acfc614-3590-4b5b-93fe-36cdb971342e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-31415", "type": "seen", "source": "https://t.me/cvedetector/5631", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-31415 - Eaton Foreseer Insecure Key Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-31415 \nPublished : Sept. 13, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T19:38:29.000000Z"}, {"uuid": "96e379a6-7ff5-428b-8a48-76c25167bb2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-31414", "type": "seen", "source": "https://t.me/cvedetector/5630", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-31414 - Eaton Foreseer Server-Side Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-31414 \nPublished : Sept. 13, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T19:38:28.000000Z"}, {"uuid": "62d48f38-a926-47b7-a147-34910a126c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-31411", "type": "seen", "source": "https://t.me/cvedetector/1076", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-31411 - Apache StreamPipes Unrestricted File Upload RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-31411 \nPublished : July 17, 2024, 10:15 a.m. | 43\u00a0minutes ago \nDescription : Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.  \nSuch a dangerous type might be an executable file that may lead to a remote code execution (RCE).  \nThe unrestricted upload is only possible for authenticated and authorized users.  \nThis issue affects Apache StreamPipes: through 0.93.0.  \n  \nUsers are recommended to upgrade to version 0.95.0, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T13:12:22.000000Z"}, {"uuid": "1308e228-d026-4217-8281-6f4d2e573e84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-31419", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-31419\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.\n\ud83d\udccf Published: 2024-04-03T14:00:04.329Z\n\ud83d\udccf Modified: 2025-02-27T20:09:03.574Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-31419\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2272948", "creation_timestamp": "2025-02-27T20:25:44.000000Z"}, {"uuid": "87c30197-2e62-4586-84ab-998f12a44732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3141", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3141\n\ud83d\udd25 CVSS Score: 2.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.\n\ud83d\udccf Published: 2024-04-01T23:00:06.054Z\n\ud83d\udccf Modified: 2025-03-12T16:41:36.487Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.258916\n2. https://vuldb.com/?ctiid.258916\n3. https://vuldb.com/?submit.303451\n4. https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md\n5. https://docs.clavister.com/repo/cos-core-release-notes/doc/index.html#d0e2260\n6. https://my.clavister.com/downloads/?sid=1", "creation_timestamp": "2025-03-12T17:41:46.000000Z"}]}