{"vulnerability": "cve-2024-4936", "sightings": [{"uuid": "bd478272-da71-4dc0-80af-e8828a617fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49369", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471023692988977", "content": "", "creation_timestamp": "2024-11-12T16:53:35.776670Z"}, {"uuid": "66d49275-9907-429d-8cd3-2cd651a63676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49360", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567658636613264", "content": "", "creation_timestamp": "2024-11-29T18:29:08.102938Z"}, {"uuid": "880e2a40-9cb8-42d1-91b1-cea4c42ae19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49363", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "e72b977b-5bb8-4014-847f-ce03228556a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsv3xhgojb2s", "content": "", "creation_timestamp": "2025-07-01T06:44:45.889591Z"}, {"uuid": "7c86e3ee-68ec-482b-885d-6575ed03569b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsv4afurpu23", "content": "", "creation_timestamp": "2025-07-01T06:49:46.432797Z"}, {"uuid": "54bb3f8d-079b-46a1-880c-ecc8f6115d74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49368", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9005", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExplorations of CVE-2024-49368 + Exploit Development\nURL\uff1ahttps://github.com/Aashay221999/CVE-2024-49368\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-12T03:55:35.000000Z"}, {"uuid": "f2c2cf0b-97fc-4741-bc16-ec61a9454b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49363", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:05.000000Z"}, {"uuid": "df7b04ff-7dbe-404d-b322-c62fcca27a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49369", "type": "seen", "source": "https://t.me/cvedetector/10668", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49369 - Icinga 2 TLS Certificate Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-49369 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:53:52.000000Z"}, {"uuid": "8a1f5728-4a30-4b8f-be29-5061d4610d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49363", "type": "seen", "source": "https://t.me/cvedetector/13242", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49363 - Misskey Proxy Loop Amplified Distributed Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49363 \nPublished : Dec. 18, 2024, 8:15 p.m. | 36\u00a0minutes ago \nDescription : Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request.  \nLeading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T22:03:50.000000Z"}, {"uuid": "45df61d8-9b4c-4fce-a4e5-4f87ff567f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49361", "type": "seen", "source": "https://t.me/cvedetector/8338", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49361 - \"ACON Code Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-49361 \nPublished : Oct. 18, 2024, 7:15 p.m. | 35\u00a0minutes ago \nDescription : ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. All users utilizing ACON\u2019s input-handling functions are potentially at risk. Specifically, machine learning models or applications that ingest user-generated data without proper sanitization are the most vulnerable. Users running ACON on production servers are at heightened risk, as the vulnerability could be exploited remotely. As of time of publication, it is unclear whether a fix is available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T21:55:58.000000Z"}, {"uuid": "e3d225d8-3a3c-40e6-87fd-8bdcd799c65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49364", "type": "published-proof-of-concept", "source": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc", "content": "", "creation_timestamp": "2025-06-29T13:27:08.000000Z"}, {"uuid": "5c6dfc2b-07c5-4b0d-b103-7c72acf31fc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49368", "type": "seen", "source": "https://t.me/cvedetector/8505", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49368 - Nginx UI Arbitrary Command Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49368 \nPublished : Oct. 21, 2024, 5:15 p.m. | 45\u00a0minutes ago \nDescription : Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T20:11:44.000000Z"}, {"uuid": "87025c0f-d7f1-45a0-b44f-42e5659b98cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49367", "type": "seen", "source": "https://t.me/cvedetector/8503", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49367 - Nginx UI Directory Traversal/File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-49367 \nPublished : Oct. 21, 2024, 5:15 p.m. | 45\u00a0minutes ago \nDescription : Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T20:11:43.000000Z"}, {"uuid": "b027d031-b856-4719-9507-04084d5386a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49365", "type": "published-proof-of-concept", "source": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-5vhg-9xg4-cv9m", "content": "", "creation_timestamp": "2025-06-29T13:27:23.000000Z"}]}