{"vulnerability": "cve-2024-5588", "sightings": [{"uuid": "e0284810-4eea-4854-bca3-8a9a63e1533b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55887", "type": "seen", "source": "https://t.me/cvedetector/12896", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55887 - Ucum-Java XML External Entity Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55887 \nPublished : Dec. 13, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T18:17:15.000000Z"}, {"uuid": "c5673bd2-2785-401c-a4c0-266f77753b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55889", "type": "seen", "source": "https://t.me/cvedetector/12871", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55889 - phpMyFAQ Reference Vulnerability - iframe-Triggered File Download\", \n  \"Content\": \"CVE ID : CVE-2024-55889 \nPublished : Dec. 13, 2024, 2:15 p.m. | 23\u00a0minutes ago \nDescription : phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T15:46:22.000000Z"}, {"uuid": "c922c5b6-8dfd-4f6e-8db6-76a76de27072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55886", "type": "seen", "source": "https://t.me/cvedetector/12814", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55886 - OpenSearch Data Prepper Unauthenticated Data Ingestion Through Custom Authentication Plugins\", \n  \"Content\": \"CVE ID : CVE-2024-55886 \nPublished : Dec. 12, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication plugins will not perform authentication. This allows unauthorized users to ingest OpenTelemetry Logs data under certain conditions. This vulnerability does not affect the built-in `http_basic` authentication provider in Data Prepper. Pipelines which use the `http_basic` authentication provider continue to require authentication. The vulnerability exists only for custom implementations of Data Prepper\u2019s `GrpcAuthenticationProvider` authentication plugin which implement the `getHttpAuthenticationService()` method instead of `getAuthenticationInterceptor()`. Data Prepper 2.10.2 contains a fix for this issue. For those unable to upgrade, one may use the built-in `http_basic` authentication provider in Data Prepper and/or add an authentication proxy in front of one's Data Prepper instances running the OpenTelemetry Logs source. \nSeverity: 6.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T22:12:17.000000Z"}, {"uuid": "f47de0b9-88bd-4232-9342-58adc326a357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55885", "type": "seen", "source": "https://t.me/cvedetector/12813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55885 - \"Beego MD5 Hashing Weakness\"\", \n  \"Content\": \"CVE ID : CVE-2024-55885 \nPublished : Dec. 12, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T22:12:13.000000Z"}, {"uuid": "b060dd03-6a7c-4a15-b89c-c04313efe39f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55884", "type": "seen", "source": "https://t.me/CyberBulletin/26818", "content": "\u26a1\ufe0fCVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN.\n\n#CyberBulletin", "creation_timestamp": "2024-12-16T05:51:19.000000Z"}, {"uuid": "f362d431-9bda-48cf-9d30-95784af65ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55881", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhs5rvfru25", "content": "", "creation_timestamp": "2025-01-11T13:17:13.486700Z"}, {"uuid": "ccc25f70-4272-4cb9-aa4e-92e0faf813c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55889", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvzbvee2u", "content": "", "creation_timestamp": "2025-04-17T21:02:37.104935Z"}, {"uuid": "5b53bf4a-2d26-46c0-a2b2-9f5325203e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5588", "type": "seen", "source": "Telegram/646mn707z2aukIdMIE8y42TevM_HCExiW9LUaPOyfXFp40gm", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "d1befeaa-c79e-49cc-9608-a3e819b09b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55884", "type": "seen", "source": "https://t.me/CyberBulletin/10688", "content": "Unlike the Ivanti vulnerabilities, exploitation here requires valid user credentials. By submitting specially crafted session attributes during SSL VPN establishment, an authenticated attacker could repeatedly crash the VPN server, disrupting service for legitimate users.\n\nWhile the server automatically recovers after each crash, sustained exploitation could render VPN services effectively unusable for extended periods.\n\n\n---\n\nCVE-2024-55884: Critical Vulnerability in Mullvad VPN Applications\n\nIn an independent white-box security review conducted by X41 D-Sec GmbH, several serious vulnerabilities were discovered in Mullvad VPN across all platforms. The most severe, CVE-2024-55884 (CVSS 9.0), involved an out-of-bounds memory write caused by insufficiently sized alternate signal stacks in exception handlers.\n\nImpact:\n\nUnder carefully engineered conditions, an attacker could remotely trigger signals causing memory corruption, potentially leading to heap overflows and application compromise. The underlying issue stemmed from poor management of Unix signal handling (exception_logging/unix.rs).\n\n\n---\n\nConclusion\n\nThe vulnerabilities revealed over the past six months provide a stark reminder: VPNs, while often marketed as silver bullets for privacy and security, can themselves introduce significant risks. As sophisticated threat actors continue targeting VPN infrastructures, organizations and individuals must remain vigilant \u2014 promptly applying patches, retiring unsupported systems, and reassessing their dependency on VPN technologies as a cornerstone of security strategies.\n\nSecurity through obscurity is no longer sufficient. Zero-trust principles, segmentation, and layered defenses must complement traditional VPN deployments to effectively mitigate modern threats.\n\n#HackersFactory", "creation_timestamp": "2025-04-27T03:42:30.000000Z"}, {"uuid": "bfd267df-df21-4769-a55b-417b2e7c92f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55884", "type": "seen", "source": "https://t.me/CyberBulletin/3125", "content": "Unlike the Ivanti vulnerabilities, exploitation here requires valid user credentials. By submitting specially crafted session attributes during SSL VPN establishment, an authenticated attacker could repeatedly crash the VPN server, disrupting service for legitimate users.\n\nWhile the server automatically recovers after each crash, sustained exploitation could render VPN services effectively unusable for extended periods.\n\n\n---\n\nCVE-2024-55884: Critical Vulnerability in Mullvad VPN Applications\n\nIn an independent white-box security review conducted by X41 D-Sec GmbH, several serious vulnerabilities were discovered in Mullvad VPN across all platforms. The most severe, CVE-2024-55884 (CVSS 9.0), involved an out-of-bounds memory write caused by insufficiently sized alternate signal stacks in exception handlers.\n\nImpact:\n\nUnder carefully engineered conditions, an attacker could remotely trigger signals causing memory corruption, potentially leading to heap overflows and application compromise. The underlying issue stemmed from poor management of Unix signal handling (exception_logging/unix.rs).\n\n\n---\n\nConclusion\n\nThe vulnerabilities revealed over the past six months provide a stark reminder: VPNs, while often marketed as silver bullets for privacy and security, can themselves introduce significant risks. As sophisticated threat actors continue targeting VPN infrastructures, organizations and individuals must remain vigilant \u2014 promptly applying patches, retiring unsupported systems, and reassessing their dependency on VPN technologies as a cornerstone of security strategies.\n\nSecurity through obscurity is no longer sufficient. Zero-trust principles, segmentation, and layered defenses must complement traditional VPN deployments to effectively mitigate modern threats.\n\n#HackersFactory", "creation_timestamp": "2025-04-27T05:42:31.000000Z"}, {"uuid": "6dd18b8e-49a3-42d3-bc7d-efa69ef0187f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55884", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113636359963593496", "content": "", "creation_timestamp": "2024-12-11T21:40:47.124246Z"}, {"uuid": "75d1dff3-2844-425f-93a1-24c475f8c989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55884", "type": "seen", "source": "https://t.me/CyberBulletin/1756", "content": "\u26a1\ufe0fCVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN.\n\n#CyberBulletin", "creation_timestamp": "2024-12-16T05:51:19.000000Z"}, {"uuid": "ae11f292-5865-42b4-a833-70c1ecf0d87a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55881", "type": "seen", "source": "https://t.me/cvedetector/15072", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55881 - \"KVM AMD x86 Hypercall Detection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-55881 \nPublished : Jan. 11, 2025, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nKVM: x86: Play nice with protected guests in complete_hypercall_exit()  \n  \nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit  \nhypercall when completing said hypercall.  For guests with protected state,  \ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit  \nmode as the vCPU state needed to detect 64-bit mode is unavailable.  \n  \nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE  \nhypercall via VMGEXIT trips the WARN:  \n  \n  ------------[ cut here ]------------  \n  WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]  \n  Modules linked in: kvm_amd kvm ... [last unloaded: kvm]  \n  CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470  \n  Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024  \n  RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]  \n  Call Trace:  \n     \n   kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]  \n   kvm_vcpu_ioctl+0x54f/0x630 [kvm]  \n   __se_sys_ioctl+0x6b/0xc0  \n   do_syscall_64+0x83/0x160  \n   entry_SYSCALL_64_after_hwframe+0x76/0x7e  \n     \n  ---[ end trace 0000000000000000 ]--- \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T14:55:25.000000Z"}, {"uuid": "a9b800ee-d43d-4de8-8a52-faea3681b5b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55888", "type": "seen", "source": "https://t.me/cvedetector/12809", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55888 - Hush Line XSS (Miscconfigured Server)\", \n  \"Content\": \"CVE ID : CVE-2024-55888 \nPublished : Dec. 12, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T22:12:11.000000Z"}, {"uuid": "282a8f44-ddab-435e-96aa-0144b70be44c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55885", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113641505474577906", "content": "", "creation_timestamp": "2024-12-12T19:29:21.316905Z"}, {"uuid": "cfa943e0-3483-4440-a99a-b70d4e13128f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55886", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113641505490165741", "content": "", "creation_timestamp": "2024-12-12T19:29:21.625849Z"}, {"uuid": "5b8a08ef-8642-44b2-b9cd-cd9155d13fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55888", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113641528492308277", "content": "", "creation_timestamp": "2024-12-12T19:35:12.445400Z"}, {"uuid": "db2844d7-4955-4150-82bc-76fb4e5c7155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55889", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113645827432960822", "content": "", "creation_timestamp": "2024-12-13T13:48:29.101227Z"}, {"uuid": "6f892d7a-23e5-40ad-bfe2-c12a21f569fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfhtoclm4m2h", "content": "", "creation_timestamp": "2025-01-11T13:44:22.507493Z"}]}