{"vulnerability": "cve-2024-4580", "sightings": [{"uuid": "d5446455-9848-4eab-ba9b-1ca472b69bdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45805", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113721289101442411", "content": "", "creation_timestamp": "2024-12-26T21:39:22.868174Z"}, {"uuid": "127a77e6-7e47-4174-ac59-e5869c1089a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45802", "type": "seen", "source": "https://t.me/cvedetector/9136", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45802 - Squid Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45802 \nPublished : Oct. 28, 2024, 3:15 p.m. | 44\u00a0minutes ago \nDescription : Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T17:00:14.000000Z"}, {"uuid": "e8c1f6cb-1288-492c-9d49-cf73ae639b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45806", "type": "seen", "source": "https://gist.github.com/ferasdour/504aa49686f8e64564249de44cd5eab2", "content": "", "creation_timestamp": "2025-07-25T01:12:22.000000Z"}, {"uuid": "b5459af4-b7cd-416e-ba41-c6a7c3b29ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45800", "type": "seen", "source": "https://gist.github.com/ABartelt/3b53780c272d06c4063cad9330eb4f50", "content": "", "creation_timestamp": "2025-11-12T15:46:39.000000Z"}, {"uuid": "b6263abe-6fba-4034-8d24-140b87a6b895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45805", "type": "seen", "source": "https://t.me/cvedetector/13700", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45805 - Apache OpenCTI Unauthenticated Access to Restricted Support Information\", \n  \"Content\": \"CVE ID : CVE-2024-45805 \nPublished : Dec. 26, 2024, 10:15 p.m. | 44\u00a0minutes ago \nDescription : OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http:///storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T00:05:55.000000Z"}, {"uuid": "8b556e44-4887-4823-ae65-7133b9984c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45803", "type": "seen", "source": "https://t.me/cvedetector/5841", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45803 - \"Wire UI Button Label Query Parameter Cross-Site Scripting (XSS) Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45803 \nPublished : Sept. 17, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T22:18:17.000000Z"}, {"uuid": "8f91ff85-c9f9-40f7-95a3-3ce81c353562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45801", "type": "seen", "source": "https://t.me/cvedetector/5754", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45801 - \"DOMPurify Cross-Site Scripting (XSS) Bypass Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45801 \nPublished : Sept. 16, 2024, 7:16 p.m. | 39\u00a0minutes ago \nDescription : DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T22:03:08.000000Z"}, {"uuid": "284f5952-ac4b-4c5a-a4da-59b0c89958d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45800", "type": "seen", "source": "https://t.me/cvedetector/5759", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45800 - Snappymail MXSS \u092a\u0936*)( Troy\", \n  \"Content\": \"CVE ID : CVE-2024-45800 \nPublished : Sept. 16, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to \"fix\" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript. However, due to the default Content Security Policy the impact of the exploit is minimal. It could be possible to create an attack which leaks some data when loading images through the proxy.  \nThis way it might be possible to use the proxy to attack the local system, like with `http://localhost:5000/leak`. Another attack could be to load a JavaScript attachment of the email. This is very tricky as the email must link to every possible UID as each email has a unique UID which has a value between 1 and 18446744073709551615 **v2.38.0** and up now remove unsupported HTML elements which mitigates the issue. Users are advised to upgrade. Older versions can install an extension named \"Security mXSS\" as a mitigation. This will be available at the administration area at `/?admin#/packages`. **NOTE:** this extension can not \"fix\" malicious code in encrypted messages or (html) attachments as it can't manipulate the JavaScript code for this. It only protects normal message HTML. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T22:53:19.000000Z"}, {"uuid": "c1603024-89d3-4970-9961-b9b4bc01f4a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-45803", "type": "published-proof-of-concept", "source": "https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877", "content": "", "creation_timestamp": "2024-09-17T05:45:52.000000Z"}, {"uuid": "6dc62697-5b13-4deb-96ce-fe55faf316c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45809", "type": "seen", "source": "https://t.me/cvedetector/6097", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45809 - Envoy Jwt Filter nullptr Reference Crash Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45809 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:02:04.000000Z"}, {"uuid": "1448982a-c377-43b5-aa7a-edc43ec52280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45808", "type": "seen", "source": "https://t.me/cvedetector/6096", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45808 - Envoy Access Logger Server Name Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45808 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:02:03.000000Z"}, {"uuid": "d12ba567-42ec-4572-9d58-adc583515302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45807", "type": "seen", "source": "https://t.me/cvedetector/6095", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45807 - Envoy Oghttp2 Stream Management Crash Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45807 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:02:02.000000Z"}, {"uuid": "316ac94c-f331-4605-af62-11290702e4c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45806", "type": "seen", "source": "https://t.me/cvedetector/6094", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45806 - \"Envoy Untrusted Internal Address Header Manipulation\"\", \n  \"Content\": \"CVE ID : CVE-2024-45806 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty.  The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:02:02.000000Z"}]}