{"vulnerability": "cve-2024-4528", "sightings": [{"uuid": "74b2e0c6-0b6d-4b3c-936f-54ada3894dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45289", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470679716254564", "content": "", "creation_timestamp": "2024-11-12T15:26:07.049967Z"}, {"uuid": "25831dde-5e50-4c1f-bbc1-0eed09f186de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45287", "type": "seen", "source": "https://t.me/cvedetector/4880", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45287 - Apache Packed Libnv Integer Overflow Buffer Underflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45287 \nPublished : Sept. 5, 2024, 4:15 a.m. | 34\u00a0minutes ago \nDescription : A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T07:09:14.000000Z"}, {"uuid": "7503eab7-504c-40ab-88bf-7d86d31bb01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45289", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1138", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45289\n\ud83d\udd39 Description: The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname.  The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.\n\ud83d\udccf Published: 2024-11-12T15:06:08.435Z\n\ud83d\udccf Modified: 2025-01-10T13:06:48.187Z\n\ud83d\udd17 References:\n1. https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc", "creation_timestamp": "2025-01-10T14:06:15.000000Z"}, {"uuid": "70eae709-f0ec-4da0-bf04-d817e4bdeb65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45289", "type": "seen", "source": "https://t.me/cvedetector/10620", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45289 - OpenSSL Fetch CERTNAME CERT Verification Ard jclass\", \n  \"Content\": \"CVE ID : CVE-2024-45289 \nPublished : Nov. 12, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname.  The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.  \n  \nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T17:12:39.000000Z"}, {"uuid": "f7b83ad7-2a4d-4b17-b58f-d78605101206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45282", "type": "seen", "source": "https://t.me/cvedetector/7306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45282 - Citibank Statement OData Write-Anywhere Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45282 \nPublished : Oct. 8, 2024, 4:15 a.m. | 37\u00a0minutes ago \nDescription : Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T07:01:04.000000Z"}, {"uuid": "145710fa-b78c-4786-9cc6-cf7fc61cdeff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45281", "type": "seen", "source": "https://t.me/cvedetector/5166", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45281 - SAP BusinessObjects Business Intelligence Local Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45281 \nPublished : Sept. 10, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T07:32:24.000000Z"}, {"uuid": "d908deab-aea9-4ccd-b162-0906bfa39ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45284", "type": "seen", "source": "https://t.me/cvedetector/5165", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45284 - Cisco SLCM Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45284 \nPublished : Sept. 10, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T07:32:20.000000Z"}, {"uuid": "babf5db3-5a61-49f0-9dbd-1807512631ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45283", "type": "seen", "source": "https://t.me/cvedetector/5163", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45283 - SAP NetWeaver AS for Java Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-45283 \nPublished : Sept. 10, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T07:32:18.000000Z"}, {"uuid": "1752a9d4-0e41-41fb-a2f1-f0aa6784ef1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45285", "type": "seen", "source": "https://t.me/cvedetector/5161", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45285 - SAP RFC Denial of Service and Persistence Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45285 \nPublished : Sept. 10, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T07:32:17.000000Z"}, {"uuid": "7fac1260-8cfd-4afc-8790-5d7631038925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45286", "type": "seen", "source": "https://t.me/cvedetector/5158", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45286 - SAP Production and Revenue Accounting Unauthorized Data Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-45286 \nPublished : Sept. 10, 2024, 4:15 a.m. | 22\u00a0minutes ago \nDescription : Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T06:42:06.000000Z"}, {"uuid": "68c0be49-4e67-4d17-8584-9252b767be7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45288", "type": "seen", "source": "https://t.me/cvedetector/4879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45288 - Apache Nevow Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45288 \nPublished : Sept. 5, 2024, 4:15 a.m. | 34\u00a0minutes ago \nDescription : A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T07:09:13.000000Z"}, {"uuid": "5f4c7120-1254-4720-934b-d434593e8113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45280", "type": "seen", "source": "https://t.me/cvedetector/5170", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45280 - SAP NetWeaver AS Java Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-45280 \nPublished : Sept. 10, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T07:32:27.000000Z"}]}