{"vulnerability": "cve-2024-3970", "sightings": [{"uuid": "30e79c56-5389-4a89-9724-cfc6250f052f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39709", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473613624305094", "content": "", "creation_timestamp": "2024-11-13T03:52:14.954567Z"}, {"uuid": "e984c76e-32d4-4a14-8473-10733cb570b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39707", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113483478211035601", "content": "", "creation_timestamp": "2024-11-14T21:40:56.571756Z"}, {"uuid": "15470059-2581-4eec-b8fe-f6818b844496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39703", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-01", "content": "", "creation_timestamp": "2024-12-17T11:00:00.000000Z"}, {"uuid": "79ffd6e2-31c6-4134-b770-a12b30fc6e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39704", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lktrd6wot32v", "content": "", "creation_timestamp": "2025-03-20T22:40:15.747980Z"}, {"uuid": "919ffa6d-f9c0-4b40-8127-f5038e03036f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39704", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39704\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.\n\ud83d\udccf Published: 2024-06-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T21:00:50.416Z\n\ud83d\udd17 References:\n1. https://github.com/MikeIsAStar/Melty-Blood-Actress-Again-Current-Code-Remote-Code-Execution\n2. https://pastebin.com/agpnQmhu", "creation_timestamp": "2025-03-20T21:18:37.000000Z"}, {"uuid": "16075935-efae-4938-989f-bfa4e1e324bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39700", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8133", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-39700 Proof of Concept\nURL\uff1ahttps://github.com/LOURC0D3/CVE-2024-39700-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-31T05:00:38.000000Z"}, {"uuid": "7906ec3b-1a59-4172-aad1-f65e3b11d6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39703", "type": "seen", "source": "https://t.me/cvedetector/13173", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39703 - ThreatQuotient ThreatQ Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-39703 \nPublished : Dec. 18, 2024, 7:15 a.m. | 24\u00a0minutes ago \nDescription : In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T08:40:33.000000Z"}, {"uuid": "68aac68d-6cf0-4335-bd6b-6b57fcec3343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39700", "type": "seen", "source": "https://t.me/cvedetector/989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39700 - JupyterLab RCE via GitHub Actions Workflow Configuration File\", \n  \"Content\": \"CVE ID : CVE-2024-39700 \nPublished : July 16, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : JupyterLab extension template is a  `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T21:18:17.000000Z"}, {"uuid": "9febcb91-18e0-4a04-998d-844620858875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39709", "type": "seen", "source": "https://t.me/cvedetector/10776", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39709 - Ivanti Connect Secure Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39709 \nPublished : Nov. 13, 2024, 2:15 a.m. | 43\u00a0minutes ago \nDescription : Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T04:07:23.000000Z"}, {"uuid": "7887b30d-409a-4836-b2f9-836cb1bbaf02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39707", "type": "seen", "source": "https://t.me/cvedetector/11024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39707 - Insyde IHISI UEFI Rollback Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39707 \nPublished : Nov. 14, 2024, 10:15 p.m. | 38\u00a0minutes ago \nDescription : Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T00:11:43.000000Z"}, {"uuid": "4526d850-beee-4e37-b5d4-d2d5da11513a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39702", "type": "seen", "source": "https://t.me/cvedetector/1518", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39702 - OpenResty LuaJIT HashDoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39702 \nPublished : July 23, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT epository. is unaffected/ \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-23T18:54:38.000000Z"}, {"uuid": "772cc726-774d-4a8e-81bf-44bcd0283c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-39701", "type": "published-proof-of-concept", "source": "https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm", "content": "", "creation_timestamp": "2024-07-08T15:47:55.000000Z"}, {"uuid": "e7e3e157-5f12-4e64-a640-cab8e86686f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39701", "type": "seen", "source": "https://t.me/cvedetector/208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39701 - Directus is a real-time API and App dashboard for\", \n  \"Content\": \"CVE ID : CVE-2024-39701 \nPublished : July 8, 2024, 5:15 p.m. | 34\u00a0minutes ago \nDescription : Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, Severity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-08T19:56:02.000000Z"}, {"uuid": "98764ceb-13f1-4d3b-ae24-736dd9854785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39700", "type": "seen", "source": "https://t.me/HackingInsights/7313", "content": "\u200aCVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered\n\nhttps://securityonline.info/cve-2024-39700-cvss-9-9-severe-flaw-in-jupyterlab-template-discovered/", "creation_timestamp": "2024-07-25T09:37:51.000000Z"}, {"uuid": "9176e1dd-e907-4cd6-8f4f-3b57a49e4db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39708", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/1122", "content": "https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability:\n\n1. Analyzing CVE-2024-39708 Delinea Privilege Manager for Windows prior to version 12.0.1096 is susceptible to a dynamic-link library (DLL) search order hijacking vulnerability, which allows an unprivileged user to execute arbitrary code as SYSTEM.\n2. Delinea Privilege Manager for Windows prior to version 12.0.1096 is susceptible to a dynamic-link library (DLL) search order hijacking vulnerability, which allows an unprivileged user to execute arbitrary code as SYSTEM.\n3. Web Race Conditions \u2013 Success and Failure \u2013 a Keycloak Case Study In today\u2019s connected world, many organizations\u2019 \u201ckeys to the kingdom\u201d are held in identity and access management (IAM) solutions;... Who doesn\u2019t like a good bedtime story from Grandma?", "creation_timestamp": "2024-07-19T21:46:01.000000Z"}]}