{"vulnerability": "cve-2024-3737", "sightings": [{"uuid": "18621dfd-1844-4d15-a899-93be102afe21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37377", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635719722286476", "content": "", "creation_timestamp": "2024-12-11T18:57:57.872951Z"}, {"uuid": "3acc7597-a204-4d9a-a160-0b8fde1973b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37377", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635736531757259", "content": "", "creation_timestamp": "2024-12-11T19:02:14.133889Z"}, {"uuid": "69562763-53b5-440b-9e0b-bdbc34cc41ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbiwbeedn2d", "content": "", "creation_timestamp": "2025-01-09T01:15:58.671698Z"}, {"uuid": "f986b943-5cb6-420c-96de-adf419e23cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbk6pmpbj2q", "content": "", "creation_timestamp": "2025-01-09T01:38:38.406759Z"}, {"uuid": "2a3ccee7-5502-44a4-8283-7f0f7842e83a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37374", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/85f9fd3a-b2ef-443b-b091-2cad7418236f", "content": "", "creation_timestamp": "2025-02-11T19:05:13.397489Z"}, {"uuid": "8d4dc3ab-bb9b-4baf-a365-b11f6479e6a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37375", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/85f9fd3a-b2ef-443b-b091-2cad7418236f", "content": "", "creation_timestamp": "2025-02-11T19:05:13.397489Z"}, {"uuid": "249fb517-85de-41f7-a9f2-925f62aabd0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14196", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-37372\n\ud83d\udd25 CVSS Score: 3.6 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.\n\ud83d\udccf Published: 2025-01-09T00:33:47.662Z\n\ud83d\udccf Modified: 2025-04-30T22:25:21.566Z\n\ud83d\udd17 References:\n1. http://www.openwall.com/lists/oss-security/2024/07/11/6\n2. http://www.openwall.com/lists/oss-security/2024/07/19/3", "creation_timestamp": "2025-04-30T23:14:37.000000Z"}, {"uuid": "d81f9e02-6e88-433b-b385-89d21f0ed5bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://t.me/cvedetector/14755", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37372 - \"VMware Permission Model Inconsistent Path Prefix Handling Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-37372 \nPublished : Jan. 9, 2025, 1:15 a.m. | 21\u00a0minutes ago \nDescription : The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. \nSeverity: 3.6 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T02:41:57.000000Z"}, {"uuid": "fd1a193b-175a-4ce1-a896-bd1f0f9f50ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37376", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473495543964820", "content": "", "creation_timestamp": "2024-11-13T03:22:13.797864Z"}, {"uuid": "9c02affc-c605-48d3-98f0-0dc9417e3207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37376", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/66553903-f96d-485e-b1f9-0f25e2695b51", "content": "", "creation_timestamp": "2024-11-13T09:12:33.737749Z"}, {"uuid": "b70949e8-0f81-4203-90bd-a24525c89813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7504", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-37371\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.\n\ud83d\udccf Published: 2024-06-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-13T20:28:07.509Z\n\ud83d\udd17 References:\n1. https://web.mit.edu/kerberos/www/advisories/\n2. https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "creation_timestamp": "2025-03-13T20:43:13.000000Z"}, {"uuid": "e356cba7-b21d-4201-a61e-db70e42f8af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37373", "type": "seen", "source": "https://t.me/cvedetector/3094", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37373 - Ivanti Avalanche Filestore Deserialization Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37373 \nPublished : Aug. 14, 2024, 3:15 a.m. | 22\u00a0minutes ago \nDescription : Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T05:40:26.000000Z"}, {"uuid": "0cea541a-0b00-4936-bccc-388eca5baa31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37376", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1502/", "content": "", "creation_timestamp": "2024-11-13T06:00:00.000000Z"}, {"uuid": "63bbf797-404d-4312-9d21-c748e8176858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37373", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1695/", "content": "", "creation_timestamp": "2024-12-17T05:00:00.000000Z"}, {"uuid": "1ed25e78-0ebb-4634-b80d-5282dbcfdb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37377", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0484", "content": "", "creation_timestamp": "2024-12-24T12:43:37.000000Z"}, {"uuid": "1c9f4c7c-70fb-4178-8dcc-ba3717d3e9a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795734498923692", "content": "", "creation_timestamp": "2025-01-09T01:11:49.418879Z"}, {"uuid": "c23467e6-76dc-4838-a804-a6c1b91cbc9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37374", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li6k5u3ghf2y", "content": "", "creation_timestamp": "2025-02-15T01:15:42.836448Z"}, {"uuid": "46ba3c75-24d2-405a-ad54-705adeddc730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37375", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li6k5wjfmn2n", "content": "", "creation_timestamp": "2025-02-15T01:15:45.627045Z"}, {"uuid": "74a93f74-ee79-4574-8c68-54cc3311eee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37375", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6wypsk522v", "content": "", "creation_timestamp": "2025-02-15T05:05:29.265433Z"}, {"uuid": "ef0f9d91-c7f9-4bdc-806b-e9edb18fe94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6wyq4b432z", "content": "", "creation_timestamp": "2025-02-15T05:05:29.967761Z"}, {"uuid": "0fd0a29b-92f5-437a-9404-611ddcf42785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37370", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "77aefa0f-1059-4d41-b0d6-edbcc6050941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37371", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "03e959da-3023-4569-9310-aad8db16ded0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/870", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-37372\n\ud83d\udd39 Description: The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.\n\ud83d\udccf Published: 2025-01-09T00:33:47.662Z\n\ud83d\udccf Modified: 2025-01-09T00:33:47.662Z\n\ud83d\udd17 References:\n1. http://www.openwall.com/lists/oss-security/2024/07/11/6\n2. http://www.openwall.com/lists/oss-security/2024/07/19/3", "creation_timestamp": "2025-01-09T01:15:23.000000Z"}]}