{"vulnerability": "cve-2024-4700", "sightings": [{"uuid": "7bcff5ea-1886-4aa8-b622-7d502fc30d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47009", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1325/", "content": "", "creation_timestamp": "2024-10-08T05:00:00.000000Z"}, {"uuid": "454dac66-c7da-413f-b2c6-05232b95dfa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47008", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1324/", "content": "", "creation_timestamp": "2024-10-08T05:00:00.000000Z"}, {"uuid": "85396a8f-6d0e-4108-b65b-3211a9144fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs2nlhiie2j", "content": "", "creation_timestamp": "2025-01-15T15:15:50.605596Z"}, {"uuid": "9cbeda58-9bd8-463f-83e8-855cac85466d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113833155363032627", "content": "", "creation_timestamp": "2025-01-15T15:48:29.681070Z"}, {"uuid": "e9163dc4-5e6f-45a7-b6c6-c46398f35c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfs4pwxkx52q", "content": "", "creation_timestamp": "2025-01-15T15:53:00.461533Z"}, {"uuid": "429e8e1c-1955-42bc-8064-5004ee1bcfde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfs4pwo36j2h", "content": "", "creation_timestamp": "2025-01-15T15:52:59.240529Z"}, {"uuid": "365ad18c-4fb5-49de-ac11-62e396c4a17e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113832984101239506", "content": "", "creation_timestamp": "2025-01-15T15:04:53.308111Z"}, {"uuid": "db776177-3ede-4bcc-aec4-1501bbefa0dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhz7dtrh7b2x", "content": "", "creation_timestamp": "2025-02-12T22:18:53.816333Z"}, {"uuid": "0a0f4594-dddd-4878-82e4-df8003aca3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113993921369561488", "content": "", "creation_timestamp": "2025-02-13T01:13:21.128751Z"}, {"uuid": "a1ba17ca-a507-4d93-9268-8ee00ee2ba0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhzn3zv62d2z", "content": "", "creation_timestamp": "2025-02-13T02:25:08.080870Z"}, {"uuid": "43cc1a23-063a-49be-81b6-ab5466254377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47006\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T22:15:39.453\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01240.html", "creation_timestamp": "2025-02-12T23:09:59.000000Z"}, {"uuid": "57932910-f574-4cd2-8964-f01347589c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1763", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47002\n\ud83d\udd39 Description: A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.\n\ud83d\udccf Published: 2025-01-15T14:59:29.089Z\n\ud83d\udccf Modified: 2025-01-15T14:59:29.089Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2024-2091", "creation_timestamp": "2025-01-15T15:10:33.000000Z"}, {"uuid": "ef4af3ba-a61d-4e44-b555-f61a0b20ad66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47005", "type": "seen", "source": "https://t.me/cvedetector/8894", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47005 - Sharp and Toshiba Tec MFPs Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47005 \nPublished : Oct. 25, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.  \nA non-administrative user may execute some configuration APIs. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T10:23:26.000000Z"}, {"uuid": "3ad4fed1-0c5e-49af-8f34-1f7c668c13e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4182", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47006\n\ud83d\udd25 CVSS Score: 6.6 (CVSS_V3)\n\ud83d\udd39 Description: Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-02-13T00:33:07Z\n\ud83d\udccf Modified: 2025-02-13T00:33:07Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-47006\n2. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01240.html", "creation_timestamp": "2025-02-13T01:09:05.000000Z"}, {"uuid": "f69758ee-fb6c-463d-80a1-b87b8efc1f12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47006", "type": "seen", "source": "https://t.me/cvedetector/17945", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47006 - Intel RealSense D400 Series UWP Driver Uncontrolled Search Path Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47006 \nPublished : Feb. 12, 2025, 10:15 p.m. | 52\u00a0minutes ago \nDescription : Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T00:26:05.000000Z"}, {"uuid": "fe94a917-8778-418a-b13e-1c20d20d025a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47002", "type": "seen", "source": "https://t.me/cvedetector/15464", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47002 - Observium CE HTML Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-47002 \nPublished : Jan. 15, 2025, 3:15 p.m. | 28\u00a0minutes ago \nDescription : A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T16:47:57.000000Z"}, {"uuid": "72423682-dd41-438b-a174-02f12065ed7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47008", "type": "seen", "source": "https://t.me/cvedetector/7388", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47008 - Ivanti Avalanche SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-47008 \nPublished : Oct. 8, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T20:24:04.000000Z"}, {"uuid": "32137860-9ce3-4800-8c64-bb153362a3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47000", "type": "seen", "source": "https://t.me/cvedetector/6092", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47000 - \"Zitadel Service Account Authorization Incident\"\", \n  \"Content\": \"CVE ID : CVE-2024-47000 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:01:57.000000Z"}, {"uuid": "8a862fce-dfd7-40db-b60a-4a38a454b959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47009", "type": "seen", "source": "https://t.me/cvedetector/7390", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47009 - Ivanti Avalanche Path Traversal Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-47009 \nPublished : Oct. 8, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T20:24:09.000000Z"}, {"uuid": "1b27d231-e5e1-45c4-b87a-aecd5bb929b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47007", "type": "seen", "source": "https://t.me/cvedetector/7387", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47007 - Ivanti Avalanche NULL Pointer Dereference DoS\", \n  \"Content\": \"CVE ID : CVE-2024-47007 \nPublished : Oct. 8, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T20:24:04.000000Z"}, {"uuid": "ef610ebe-095e-4ad6-80e5-dd96d8ae183d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47003", "type": "seen", "source": "https://t.me/cvedetector/6389", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47003 - Mattermost Inconsistent Permalink Message Type Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-47003 \nPublished : Sept. 26, 2024, 8:15 a.m. | 36\u00a0minutes ago \nDescription : Mattermost versions 9.11.x <=<=\nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T11:16:57.000000Z"}, {"uuid": "f2453664-6e2f-478a-a1d8-1a6a0f5c9f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47001", "type": "seen", "source": "https://t.me/cvedetector/5905", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47001 - TAKENAKA ENGINEERING CO., LTD. Digital Video Recorder Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-47001 \nPublished : Sept. 18, 2024, 7:15 a.m. | 35\u00a0minutes ago \nDescription : Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:01:18.000000Z"}]}