{"vulnerability": "cve-2024-5031", "sightings": [{"uuid": "6db8c52d-de74-4aa9-b970-f7c0571e5a95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50310", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470368567680188", "content": "", "creation_timestamp": "2024-11-12T14:06:59.312163Z"}, {"uuid": "6c86ac87-1c1b-4e0a-a04c-c1bced9921b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50313", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470368581389996", "content": "", "creation_timestamp": "2024-11-12T14:06:59.516065Z"}, {"uuid": "bb7695ee-3f23-41f1-9a08-777392de620f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50319", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470743512602200", "content": "", "creation_timestamp": "2024-11-12T15:42:20.562614Z"}, {"uuid": "427da4c7-89ef-4ddd-8650-5998cd76224d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50319", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1490/", "content": "", "creation_timestamp": "2024-11-13T06:00:00.000000Z"}, {"uuid": "4801b779-7f5d-4074-9713-f9218bc07ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50317", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1488/", "content": "", "creation_timestamp": "2024-11-13T06:00:00.000000Z"}, {"uuid": "f7adfd87-1340-4797-8755-141e5320d68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50318", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1489/", "content": "", "creation_timestamp": "2024-11-13T06:00:00.000000Z"}, {"uuid": "a4c4df61-4f08-4011-aa2e-81882293825c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50310", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-11", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "be47f23b-88a2-4af3-b8d2-8b12d58cc47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50313", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-12", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "c19bbbb0-4022-4f70-9783-292c408671ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50313", "type": "seen", "source": "https://t.me/cvedetector/10605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50313 - Mendix Basic Authentication Remote Account Lockout Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-50313 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:39.000000Z"}, {"uuid": "f53f774a-1039-4265-bade-ed5f55882a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50312", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1704", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50312\n\ud83d\udd39 Description: A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.\n\ud83d\udccf Published: 2024-10-22T13:24:12.165Z\n\ud83d\udccf Modified: 2025-01-15T05:35:38.787Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:0115\n2. https://access.redhat.com/errata/RHSA-2025:0140\n3. https://access.redhat.com/security/cve/CVE-2024-50312\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2319378\n5. https://github.com/openshift/console/pull/14409/files", "creation_timestamp": "2025-01-15T06:10:23.000000Z"}, {"uuid": "8646c553-7f3c-460c-bbd6-17f7521985c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50311", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5258", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50311\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.\n\ud83d\udccf Published: 2024-10-22T13:24:04.199Z\n\ud83d\udccf Modified: 2025-02-25T08:07:58.124Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:6122\n2. https://access.redhat.com/security/cve/CVE-2024-50311\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2319379", "creation_timestamp": "2025-02-25T08:25:22.000000Z"}, {"uuid": "3e4f2055-2dd7-491f-8ea2-c34ec09dafea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50311", "type": "seen", "source": "https://t.me/cvedetector/8608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50311 - OpenShift GraphQL Batching Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50311 \nPublished : Oct. 22, 2024, 2:15 p.m. | 46\u00a0minutes ago \nDescription : A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T17:07:37.000000Z"}, {"uuid": "7b7dc2b4-7289-4c7b-9b73-f937c1ba1564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50319", "type": "seen", "source": "https://t.me/cvedetector/10652", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50319 - Ivanti Avalanche Infinite Loop Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-50319 \nPublished : Nov. 12, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:03:29.000000Z"}, {"uuid": "2e46d3fb-75f6-4338-b6fa-aeee8e9e2ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50318", "type": "seen", "source": "https://t.me/cvedetector/10651", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50318 - Ivanti Avalanche Null Pointer Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50318 \nPublished : Nov. 12, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:03:29.000000Z"}, {"uuid": "9c383f99-c695-439c-89da-75b54253c974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50317", "type": "seen", "source": "https://t.me/cvedetector/10650", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50317 - Ivanti Avalanche Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50317 \nPublished : Nov. 12, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:03:28.000000Z"}, {"uuid": "15534694-0fb8-4630-b793-ed17f8821aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50310", "type": "seen", "source": "https://t.me/cvedetector/10604", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50310 - Siemens SIMATIC CP 1543 Filesystem Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-50310 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:38.000000Z"}, {"uuid": "99ac1501-ba60-4cd9-872f-49bb386ef3a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50312", "type": "seen", "source": "https://t.me/cvedetector/8607", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50312 - \"GraphQL Introspection Query Information Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2024-50312 \nPublished : Oct. 22, 2024, 2:15 p.m. | 46\u00a0minutes ago \nDescription : A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T17:07:36.000000Z"}]}