{"vulnerability": "cve-2024-4704", "sightings": [{"uuid": "bcdf9844-b76f-498d-b87a-60ace06353f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47046", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-02", "content": "", "creation_timestamp": "2024-10-10T12:00:00.000000Z"}, {"uuid": "043f9c64-60b9-4c14-bbf3-285ac76d60cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47043", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113607238645282439", "content": "", "creation_timestamp": "2024-12-06T18:14:50.843433Z"}, {"uuid": "461b2dda-3232-4579-9704-c8801953e84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47040", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113675414301396811", "content": "", "creation_timestamp": "2024-12-18T19:12:48.923997Z"}, {"uuid": "9553f362-3383-4f8d-afa9-ca6f3d8602e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47046", "type": "seen", "source": "https://t.me/cvedetector/7343", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47046 - \"Simcenter Nastran BDF File Memory Corruption Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-47046 \nPublished : Oct. 8, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T12:02:21.000000Z"}, {"uuid": "dd41fc55-cf51-4637-b080-14332118eb51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47047", "type": "seen", "source": "https://t.me/cvedetector/5813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47047 - TYPO3 Powermail IDOR Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-47047 \nPublished : Sept. 17, 2024, 2:15 p.m. | 40\u00a0minutes ago \nDescription : An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T17:16:53.000000Z"}, {"uuid": "9b7450fa-9b9a-4bea-8601-1c6407d7ac2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47049", "type": "seen", "source": "https://t.me/cvedetector/5814", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47049 - Czim/File-Handling SSRF and Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47049 \nPublished : Sept. 17, 2024, 2:15 p.m. | 40\u00a0minutes ago \nDescription : The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T17:16:53.000000Z"}, {"uuid": "245f9f17-4c98-4c25-8e43-fdfdd864550e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47043", "type": "seen", "source": "https://t.me/cvedetector/12268", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47043 - Ruijie Reyee OS versions 2.206.x up to but not inc\", \n  \"Content\": \"CVE ID : CVE-2024-47043 \nPublished : Dec. 6, 2024, 6:15 p.m. | 28\u00a0minutes ago \nDescription : Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T19:48:45.000000Z"}, {"uuid": "bace406a-df54-4987-a062-13411083d9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47041", "type": "seen", "source": "https://t.me/cvedetector/8928", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47041 - \"Git LSM J.VALID_ADDRESS Buffer Overflow\"\", \n  \"Content\": \"CVE ID : CVE-2024-47041 \nPublished : Oct. 25, 2024, 11:15 a.m. | 24\u00a0minutes ago \nDescription : In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T13:44:25.000000Z"}, {"uuid": "d73dc3cc-cf72-447c-9a76-2b52a7c73981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47043", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01", "content": "", "creation_timestamp": "2024-12-03T11:00:00.000000Z"}, {"uuid": "806219f0-d0ce-4ec8-b5bb-7be1d9368416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47046", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-06", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "379ae3fb-d715-46a7-aab6-b82ea560d793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47049", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7973", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47049\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.\n\ud83d\udccf Published: 2024-09-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T19:37:41.688Z\n\ud83d\udd17 References:\n1. https://github.com/czim/file-handling/blob/2.3.0/SECURITY.md", "creation_timestamp": "2025-03-18T19:48:42.000000Z"}, {"uuid": "b417ab73-633c-4c1b-bce8-09544b61f3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47040", "type": "seen", "source": "https://t.me/cvedetector/13238", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47040 - Microsoft Edge Use-After-Free\", \n  \"Content\": \"CVE ID : CVE-2024-47040 \nPublished : Dec. 18, 2024, 7:15 p.m. | 37\u00a0minutes ago \nDescription : There is a possible UAF due to a logic error in the code.\u00a0This could lead to local escalation of privilege with no additional\u00a0execution privileges needed. User interaction is not needed for\u00a0exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T21:13:40.000000Z"}, {"uuid": "3ce7501b-c5ca-48f6-b864-bb76eb0aa9c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47045", "type": "seen", "source": "https://t.me/cvedetector/6368", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47045 - Nippon Telegraph and Telephone East Corporation Home GateWay/Hikari Denwa Router IPv6 WAN-Side Misrepresentation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47045 \nPublished : Sept. 26, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T07:05:52.000000Z"}, {"uuid": "440c7080-25eb-41c8-b2d0-a4c680a41849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47044", "type": "seen", "source": "https://t.me/cvedetector/6395", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47044 - \"NTT East Home Gateway/Wikari Denwa Router Weak Access Control\"\", \n  \"Content\": \"CVE ID : CVE-2024-47044 \nPublished : Sept. 26, 2024, 9:15 a.m. | 38\u00a0minutes ago \nDescription : Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T12:07:13.000000Z"}]}