{"vulnerability": "cve-2024-1317", "sightings": [{"uuid": "001eb644-64d7-4aa5-b671-6c9a305320d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13179", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpquvqa6v2r", "content": "", "creation_timestamp": "2025-01-14T17:15:39.374382Z"}, {"uuid": "7fac42d2-e912-4cd1-b55c-01e47f65d58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13170", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827918671138881", "content": "", "creation_timestamp": "2025-01-14T17:36:41.134954Z"}, {"uuid": "b21a1676-b17d-4fd2-a814-9f3f380bd392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13171", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827977672601993", "content": "", "creation_timestamp": "2025-01-14T17:51:41.231478Z"}, {"uuid": "93eb42ba-b9ea-4eff-ad36-3a094b98317b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13172", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827977687754174", "content": "", "creation_timestamp": "2025-01-14T17:51:41.553395Z"}, {"uuid": "620a380e-ccbd-4428-b9ea-21f2f8912a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13172", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpubvmysy2t", "content": "", "creation_timestamp": "2025-01-14T18:16:36.548322Z"}, {"uuid": "6639d9c4-c219-4e77-af4a-fa8f49fefc13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13170", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpubqcwi42b", "content": "", "creation_timestamp": "2025-01-14T18:16:31.155851Z"}, {"uuid": "d99cbd23-61ff-42e0-88e6-1a5831c73e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13171", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpubsqiua2t", "content": "", "creation_timestamp": "2025-01-14T18:16:33.559376Z"}, {"uuid": "cbea9d32-daef-406a-8189-9e99a7dc791c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13173", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791627046243424", "content": "", "creation_timestamp": "2025-01-08T07:47:14.802570Z"}, {"uuid": "676ffaeb-e67c-4830-9729-430a923997e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13173", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7pvzpx622f", "content": "", "creation_timestamp": "2025-01-08T08:15:47.392027Z"}, {"uuid": "43ba6304-8969-4fbb-88ed-d1f45390e0c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13173", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7rqr27r62i", "content": "", "creation_timestamp": "2025-01-08T08:48:41.344175Z"}, {"uuid": "9122f651-9f22-4e9e-b5d0-5f911bf1903f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13172", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-032/", "content": "", "creation_timestamp": "2025-01-19T05:00:00.000000Z"}, {"uuid": "bce4cc36-fcb9-4909-9608-77ba4a9184d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13179", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-044/", "content": "", "creation_timestamp": "2025-01-19T05:00:00.000000Z"}, {"uuid": "e8d374f4-d609-40a0-918f-85832b604b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13170", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-033/", "content": "", "creation_timestamp": "2025-01-19T05:00:00.000000Z"}, {"uuid": "38d4a1b0-a3ba-4aef-ad00-a75b1f8d6a8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113860948101305997", "content": "", "creation_timestamp": "2025-01-20T13:36:30.023050Z"}, {"uuid": "2a71017a-1eb8-4fb0-a11d-d6c0fadcff91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6jmwz6eq2t", "content": "", "creation_timestamp": "2025-01-20T14:15:52.133400Z"}, {"uuid": "b7c78dfc-e282-487f-9eab-777dd3a68a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6liqdxy62k", "content": "", "creation_timestamp": "2025-01-20T14:49:19.554534Z"}, {"uuid": "26870cfa-97ce-4080-ba28-a4e867924897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lg6mazkb7g2x", "content": "", "creation_timestamp": "2025-01-20T15:02:53.167454Z"}, {"uuid": "1bd9b952-65ed-4de8-8891-cfddbc7622e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgg2fkyuvc2p", "content": "", "creation_timestamp": "2025-01-23T14:04:37.617181Z"}, {"uuid": "24b9ff3a-5006-4289-b274-58e6feb00b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lhwnp4zdxc2n", "content": "", "creation_timestamp": "2025-02-11T21:57:48.664597Z"}, {"uuid": "fbee709d-73f4-459a-bb75-fca9f4962467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lp7zkwcsss26", "content": "", "creation_timestamp": "2025-05-15T17:20:30.497767Z"}, {"uuid": "214187da-3aa5-46ee-8a3f-3ce29f4c1976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loqwnir3mc2c", "content": "", "creation_timestamp": "2025-05-09T17:18:22.767923Z"}, {"uuid": "b9643339-083d-4cdb-88df-f70f29bd6280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13171", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-114/", "content": "", "creation_timestamp": "2025-03-10T04:00:00.000000Z"}, {"uuid": "5cc8a040-3b2b-4b14-a28b-f0ea937344d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13175", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3luapdr32rp2w", "content": "", "creation_timestamp": "2025-07-18T14:56:08.998524Z"}, {"uuid": "0c4a74c6-38c9-4095-b05d-8f10cba5cdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13178", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5kuvahi5k2n", "content": "", "creation_timestamp": "2025-11-14T04:48:46.128418Z"}, {"uuid": "55356364-6eeb-4a6e-988d-15f305781abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3m326cbeeek25", "content": "", "creation_timestamp": "2025-10-13T02:31:28.725674Z"}, {"uuid": "b9584cb4-b493-4161-b9bd-3c328e98543a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "9062b62d-6625-4762-ba1a-2c68b586c9c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13179", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1534", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13179\n\ud83d\udd39 Description: Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.\n\ud83d\udccf Published: 2025-01-14T16:51:57.334Z\n\ud83d\udccf Modified: 2025-01-14T16:51:57.334Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs", "creation_timestamp": "2025-01-14T17:21:19.000000Z"}, {"uuid": "30eec73f-6980-4276-96f0-0948dee5d8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13172", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2868", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13172\n\ud83d\udd39 Description: Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.\n\ud83d\udccf Published: 2025-01-14T17:16:17.218Z\n\ud83d\udccf Modified: 2025-01-24T04:55:51.479Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6", "creation_timestamp": "2025-01-24T05:03:28.000000Z"}, {"uuid": "b40617d3-2e32-4f2f-8323-82d4f9439c64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13173", "type": "seen", "source": "https://t.me/cvedetector/14670", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13173 - HP Health Module URL Loading Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-13173 \nPublished : Jan. 8, 2025, 8:15 a.m. | 40\u00a0minutes ago \nDescription : The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T09:57:43.000000Z"}, {"uuid": "a0f6151e-e10d-4f35-980c-5c41f6cd0d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13173", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/677", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13173\n\ud83d\udd39 Description: The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.\n\ud83d\udccf Published: 2025-01-08T07:44:48.592Z\n\ud83d\udccf Modified: 2025-01-08T07:44:48.592Z\n\ud83d\udd17 References:\n1. https://www.vivo.com/en/support/security-advisory-detail?id=14", "creation_timestamp": "2025-01-08T08:12:22.000000Z"}, {"uuid": "82a0facc-fd62-40d4-aa80-b36044b17dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13179", "type": "seen", "source": "https://t.me/cvedetector/15306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13179 - Ivanti Avalanche Path Traversal Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13179 \nPublished : Jan. 14, 2025, 5:15 p.m. | 36\u00a0minutes ago \nDescription : Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T19:01:18.000000Z"}, {"uuid": "87ce4c21-7b1a-4411-80ed-bc73e8c7127c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13176\n\ud83d\udd39 Description: Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\ud83d\udccf Published: 2025-01-20T13:29:57.047Z\n\ud83d\udccf Modified: 2025-01-20T13:29:57.047Z\n\ud83d\udd17 References:\n1. https://openssl-library.org/news/secadv/20250120.txt\n2. https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f\n3. https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902\n4. https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65\n5. https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467\n6. https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844\n7. https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86\n8. https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "creation_timestamp": "2025-01-20T13:59:24.000000Z"}, {"uuid": "2853a928-c4c4-4e4e-9896-ac9fe4d64a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13171", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13171\n\ud83d\udd39 Description: Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.\n\ud83d\udccf Published: 2025-01-14T17:16:48.419Z\n\ud83d\udccf Modified: 2025-01-24T04:55:52.846Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6", "creation_timestamp": "2025-01-24T05:03:27.000000Z"}, {"uuid": "9b7934ae-7893-4ce5-9f73-ca92e2c8253a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13176\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\ud83d\udccf Published: 2025-01-20T13:29:57.047Z\n\ud83d\udccf Modified: 2025-04-19T00:11:03.767Z\n\ud83d\udd17 References:\n1. https://openssl-library.org/news/secadv/20250120.txt\n2. https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f\n3. https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902\n4. https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65\n5. https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467\n6. https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844\n7. https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86\n8. https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "creation_timestamp": "2025-04-19T00:59:50.000000Z"}, {"uuid": "1724d18f-5182-4b63-aab3-501f58a31d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13177", "type": "seen", "source": "https://t.me/cvedetector/22968", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13177 - Netskope Client Mac OS Privilege Escalation Symlink Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13177 \nPublished : April 15, 2025, 4:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system.   \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T19:57:09.000000Z"}, {"uuid": "9d36cfe2-0f94-4f64-bac4-eeafcfbe830c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13176", "type": "seen", "source": "https://t.me/cvedetector/15888", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13176 - \"Apache ECDSA Timing Key Disclosure Attack\"\", \n  \"Content\": \"CVE ID : CVE-2024-13176 \nPublished : Jan. 20, 2025, 2:15 p.m. | 31\u00a0minutes ago \nDescription : Issue summary: A timing side-channel which could potentially allow recovering  \nthe private key exists in the ECDSA signature computation.  \n  \nImpact summary: A timing side-channel in ECDSA signature computations  \ncould allow recovering the private key by an attacker. However, measuring  \nthe timing would require either local access to the signing application or  \na very fast network connection with low latency.  \n  \nThere is a timing signal of around 300 nanoseconds when the top word of  \nthe inverted ECDSA nonce value is zero. This can happen with significant  \nprobability only for some of the supported elliptic curves. In particular  \nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker  \nprocess must either be located in the same physical computer or must  \nhave a very fast network connection with low latency. For that reason  \nthe severity of this vulnerability is Low. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T15:52:50.000000Z"}, {"uuid": "4cee2c9d-4c54-4d87-bf17-52c6503719a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13179", "type": "seen", "source": "https://t.me/true_secator/6633", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Avalanche, Application Control Engine \u0438 EPM.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0447\u0435\u0442\u044b\u0440\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 Ivanti EPM, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\nCVE-2024-10811, CVE-2024-13159 - CVE-2024-13161 \u0438\u043c\u0435\u044e\u0442 9,8 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 EMP 2024 \u0438 2022 SU6 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u043d\u043e\u044f\u0431\u0440\u044c 2024.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 12 \u0432\u044b\u0441\u043e\u043a\u043e\u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, DoS \u0438 EoP \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u044b\u043f\u0443\u0449\u0435\u043d\u0430 Avalanche 6.4.7 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 CVE-2024-13179 - CVE-2024-13181 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u043c\u0438 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n\u0415\u0449\u0435 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e Ivanti \u0433\u043e\u0442\u043e\u0432\u0438\u0442 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u043a\u0441\u0435\u0441\u0441\u0443\u0430\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u0442\u044c\u0441\u044f \u0432\u043c\u0435\u0441\u0442\u0435 \u0441\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c (\u0444\u043e\u0442\u043e \u043f\u0440\u0438\u043b\u0430\u0433\u0430\u0435\u043c).", "creation_timestamp": "2025-01-17T18:40:05.000000Z"}, {"uuid": "70cf8328-c20b-4de9-a616-1c2c9d052067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1317", "type": "seen", "source": "https://t.me/ctinow/198647", "content": "https://ift.tt/t5CbHpk\nCVE-2024-1317 | Feedzy RSS Aggregator up to 4.4.2 on WordPress sql injection (ID 3033749)", "creation_timestamp": "2024-03-03T10:16:44.000000Z"}]}