{"vulnerability": "cve-2024-4523", "sightings": [{"uuid": "53353457-2e76-4ff7-8547-e6aa69adf9d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45231", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7815", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45231\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).\n\ud83d\udccf Published: 2024-10-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T17:30:18.301Z\n\ud83d\udd17 References:\n1. https://docs.djangoproject.com/en/dev/releases/security/\n2. https://groups.google.com/forum/#%21forum/django-announce\n3. https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "creation_timestamp": "2025-03-17T18:31:42.000000Z"}, {"uuid": "b7ea100b-f99f-43b9-8cc4-d2cf6d8080d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45239", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45239\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.\n\ud83d\udccf Published: 2024-08-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:00:52.703Z\n\ud83d\udd17 References:\n1. https://nicmx.github.io/FORT-validator/CVE.html", "creation_timestamp": "2025-03-19T14:16:38.000000Z"}, {"uuid": "d4d5ce0e-e268-4f4e-892d-445e3729ce11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45234", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8748", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45234\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.\n\ud83d\udccf Published: 2024-08-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T18:31:47.109Z\n\ud83d\udd17 References:\n1. https://nicmx.github.io/FORT-validator/CVE.html", "creation_timestamp": "2025-03-25T19:25:05.000000Z"}, {"uuid": "0955b55a-c18d-446f-a4e3-2b656f8c80ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45232", "type": "seen", "source": "https://t.me/cvedetector/4365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45232 - \"TYPO3 Powermail IDOR\"\", \n  \"Content\": \"CVE ID : CVE-2024-45232 \nPublished : Aug. 29, 2024, 12:15 a.m. | 34\u00a0minutes ago \nDescription : An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-29T02:50:14.000000Z"}, {"uuid": "3e1d53b1-f620-441e-b4b3-9eeed7324c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45239", "type": "seen", "source": "https://t.me/cvedetector/4069", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45239 - \"Fort RPKI Relying Party NULL Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2024-45239 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:47.000000Z"}, {"uuid": "503f07ba-7bf9-4758-b07d-cd2cfa7caeaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45238", "type": "seen", "source": "https://t.me/cvedetector/4066", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45238 - Fort RPKI Protocol Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-45238 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:45.000000Z"}, {"uuid": "ffc9353b-8bb8-4bf7-92e6-1f10d07f55a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45237", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/5340", "content": "#Threat_Research\n\"Poster: From Fort to Foe:\nThe Threat of RCE in RPKI (CVE-2024-45237)\", 2024.", "creation_timestamp": "2024-12-03T07:01:20.000000Z"}, {"uuid": "f1f9a54e-2b9b-44fb-b46c-5ddd1862a80a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45230", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lhhf344rf22v", "content": "", "creation_timestamp": "2025-02-05T20:13:27.920464Z"}, {"uuid": "2ddab9c0-ed68-4f53-bc3a-1a7e4a298473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45236", "type": "seen", "source": "https://t.me/cvedetector/4068", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45236 - Fort RPKI Relying Party Crash Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45236 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:47.000000Z"}, {"uuid": "0e34657f-b46f-4f1f-bb6e-7184853baaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45231", "type": "seen", "source": "https://t.me/cvedetector/7373", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45231 - Apache Django Email Enumeration\", \n  \"Content\": \"CVE ID : CVE-2024-45231 \nPublished : Oct. 8, 2024, 4:15 p.m. | 21\u00a0minutes ago \nDescription : An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T18:43:33.000000Z"}, {"uuid": "e17f6cbc-268d-4b19-83d2-d75b2d83ceb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45230", "type": "seen", "source": "https://t.me/cvedetector/7372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45230 - \"Apache Django URLize Denial of Service\"\", \n  \"Content\": \"CVE ID : CVE-2024-45230 \nPublished : Oct. 8, 2024, 4:15 p.m. | 21\u00a0minutes ago \nDescription : An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T18:43:32.000000Z"}, {"uuid": "252a2412-3f36-4cbf-88c2-f4433a7da585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45233", "type": "seen", "source": "https://t.me/cvedetector/4364", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45233 - TYPO3 Powermail Broken Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45233 \nPublished : Aug. 29, 2024, 12:15 a.m. | 34\u00a0minutes ago \nDescription : An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-29T02:50:13.000000Z"}, {"uuid": "eff562de-e98b-43bf-8fc2-0d4b67806160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45237", "type": "seen", "source": "https://t.me/cvedetector/4070", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45237 - Fort RPKI Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45237 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:48.000000Z"}, {"uuid": "7392dc33-3757-47cc-ba8c-fa6452005794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45234", "type": "seen", "source": "https://t.me/cvedetector/4073", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45234 - Fort Trust Anchor RPKI Signature Canonicalization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-45234 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:54.000000Z"}, {"uuid": "6514a7b1-c432-4da0-bb2f-1328d8d219d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45235", "type": "seen", "source": "https://t.me/cvedetector/4071", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45235 - Fort RPKI Relying Party Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45235 \nPublished : Aug. 24, 2024, 11:15 p.m. | 22\u00a0minutes ago \nDescription : An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-25T01:44:52.000000Z"}, {"uuid": "22b3eb28-9cd2-4ce2-a677-1a300f0ed99c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4523", "type": "seen", "source": "Telegram/okdTl6x7QRZlWGOuoxND0r2O-kwZLV7MI3QeaRp9Rk_z_x07", "content": "", "creation_timestamp": "2025-02-19T19:13:57.000000Z"}, {"uuid": "f4a65737-6677-4bbd-99ec-52ed024f80e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45237", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11511", "content": "#Threat_Research\n\"Poster: From Fort to Foe:\nThe Threat of RCE in RPKI (CVE-2024-45237)\", 2024.", "creation_timestamp": "2024-12-03T12:25:19.000000Z"}]}