{"vulnerability": "CVE-2024-2813", "sightings": [{"uuid": "aa79d7d1-6cd0-45ff-91bc-95ef77e9f51e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28138", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113627390966751285", "content": "", "creation_timestamp": "2024-12-10T07:39:51.018274Z"}, {"uuid": "0b1894c7-66e4-4f09-b45c-f7231cab3253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28139", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113634953097138000", "content": "", "creation_timestamp": "2024-12-11T15:43:00.023601Z"}, {"uuid": "de2b232e-0c66-4957-99a4-cf033d4e9254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28138", "type": "seen", "source": "https://t.me/cvedetector/12484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28138 - An unauthenticated attacker with network access to\", \n  \"Content\": \"CVE ID : CVE-2024-28138 \nPublished : Dec. 10, 2024, 8:15 a.m. | 41\u00a0minutes ago \nDescription : An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the \"msg_events.php\" script as the www-data user.\u00a0The HTTP GET parameter \"data\" is not properly sanitized. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T09:56:52.000000Z"}, {"uuid": "5afb1139-9590-410e-8f2d-4b96b4205f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28136", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2881", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-28136\n\ud83d\udd39 Description: A local attacker with low privileges can use a command injection vulnerability to gain root\nprivileges due to improper input validation using the OCPP Remote service.\n\ud83d\udccf Published: 2024-05-14T08:09:52.725Z\n\ud83d\udccf Modified: 2025-01-24T06:33:52.412Z\n\ud83d\udd17 References:\n1. https://cert.vde.com/en/advisories/VDE-2024-019", "creation_timestamp": "2025-01-24T07:04:13.000000Z"}, {"uuid": "d38d5c5c-6f40-4118-985d-d09c59617521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28135", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-28135\n\ud83d\udd39 Description: A low privileged remote attacker can use\u00a0a command injection vulnerability in the API which performs\nremote code execution as the user-app\u00a0user\u00a0due to improper input validation. The confidentiality is partly affected.\n\ud83d\udccf Published: 2024-05-14T08:09:39.703Z\n\ud83d\udccf Modified: 2025-01-24T06:35:03.912Z\n\ud83d\udd17 References:\n1. https://cert.vde.com/en/advisories/VDE-2024-019", "creation_timestamp": "2025-01-24T07:04:09.000000Z"}, {"uuid": "e9ccba7b-712b-439a-a203-94a2f7e7847b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28139", "type": "seen", "source": "https://t.me/cvedetector/12640", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28139 - Apache Sudo Elevated Privilege Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28139 \nPublished : Dec. 11, 2024, 4:15 p.m. | 25\u00a0minutes ago \nDescription : The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T17:44:51.000000Z"}]}