{"vulnerability": "cve-2024-5148", "sightings": [{"uuid": "c2674d50-da3c-42f0-be81-f678f686029e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51487", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113466030355098961", "content": "", "creation_timestamp": "2024-11-11T19:43:44.430217Z"}, {"uuid": "11f04fd0-c851-45cf-a4bc-f262361a04e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51489", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113466030382431535", "content": "", "creation_timestamp": "2024-11-11T19:43:44.686197Z"}, {"uuid": "e12985f3-a353-4698-860b-46b7c28865b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51488", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113466030368936843", "content": "", "creation_timestamp": "2024-11-11T19:43:44.619143Z"}, {"uuid": "81a92354-8e87-418b-8ef8-aa94f88f84c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-51482.yaml", "content": "", "creation_timestamp": "2024-11-29T08:55:11.000000Z"}, {"uuid": "ccdf18f4-5e96-42e1-ba6b-48d1953859ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51480", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113793424505378105", "content": "", "creation_timestamp": "2025-01-08T15:24:21.989015Z"}, {"uuid": "833f0170-fe9d-4ad7-ad8a-10cda8f2230c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51480", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfakqm7c6l25", "content": "", "creation_timestamp": "2025-01-08T16:15:56.751090Z"}, {"uuid": "afe73bd5-7fb1-46b8-bf74-8d31f256b898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51480", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfamb4soap2u", "content": "", "creation_timestamp": "2025-01-08T16:43:05.940971Z"}, {"uuid": "db459a8b-f345-43da-8639-b61aef9e7583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "seen", "source": "https://bsky.app/profile/1337sheets.bsky.social/post/3mgivphmzlk2e", "content": "", "creation_timestamp": "2026-03-07T22:44:53.556476Z"}, {"uuid": "c5d7a1d3-4f76-4ccd-8395-1aadc0d96225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51480", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51480\n\ud83d\udd39 Description: RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.\n\ud83d\udccf Published: 2025-01-08T15:20:28.407Z\n\ud83d\udccf Modified: 2025-01-08T15:44:19.104Z\n\ud83d\udd17 References:\n1. https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg", "creation_timestamp": "2025-01-08T16:21:35.000000Z"}, {"uuid": "76c415f0-d0cc-40b9-af85-4ff577f29fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "published-proof-of-concept", "source": "Telegram/R85q5mAF-_-h3phwgiJ0Y2SWWwG84cWRlWRRB1ACIs5b5lM", "content": "", "creation_timestamp": "2026-04-26T21:00:04.000000Z"}, {"uuid": "d0f9ea85-7a26-4d29-86e0-21b8f1137c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51488", "type": "seen", "source": "https://t.me/cvedetector/10532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51488 - Ampache CSRF Token Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51488 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:49.000000Z"}, {"uuid": "1c87edd8-9922-4ac5-b018-8617ce51f600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51486", "type": "seen", "source": "https://t.me/cvedetector/10538", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51486 - Ampache Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51486 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the \"Custom URL\u200a-\u200aFavicon\". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:56.000000Z"}, {"uuid": "b2b047f6-53cc-4306-8ed1-cfcdcaa8cc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "published-proof-of-concept", "source": "Telegram/ZO89xAG6r2OGCSMnMr59xyYialmz8x4RT9vG8HqW5hSL7Qg", "content": "", "creation_timestamp": "2025-06-08T15:00:06.000000Z"}, {"uuid": "a103d091-75da-4262-add7-b11574732662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "published-proof-of-concept", "source": "Telegram/u6h4hxOLEGJo8756pzIINeRXaaCHoOOF066El4a2wQI-Fp0", "content": "", "creation_timestamp": "2025-06-08T03:00:06.000000Z"}, {"uuid": "c3b0e485-d14d-49c8-ad55-f165b2393587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "published-proof-of-concept", "source": "Telegram/RUsue10hp_19qxxxnszqstv3dPyWvXCGTsW2FWqa6-VcIzU", "content": "", "creation_timestamp": "2025-06-08T11:00:06.000000Z"}, {"uuid": "f92336d4-e983-4509-add9-82023d0b5df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51480", "type": "seen", "source": "https://t.me/cvedetector/14695", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51480 - Redis TimeSeries Remote Code Execution via Integer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-51480 \nPublished : Jan. 8, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T18:19:15.000000Z"}, {"uuid": "906e1fec-0e35-4bb8-adbd-8463fc784797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51487", "type": "seen", "source": "https://t.me/cvedetector/10531", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51487 - \"Ampache CSRF Token Validation Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-51487 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:48.000000Z"}, {"uuid": "60019a0e-6715-48a5-9168-0c8ec3431260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51485", "type": "seen", "source": "https://t.me/cvedetector/10530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51485 - Ampache CSRF Token Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-51485 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:44.000000Z"}, {"uuid": "6a4e7c5e-89b3-4df5-96cc-7a816c022245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51489", "type": "seen", "source": "https://t.me/cvedetector/10533", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51489 - Ampache CSRF Token Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51489 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:49.000000Z"}, {"uuid": "085cd0b2-a973-471b-8c36-fa5b65321be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51484", "type": "seen", "source": "https://t.me/cvedetector/10529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51484 - Ampache CSRF Token Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-51484 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:43.000000Z"}, {"uuid": "fc6946f1-f9fb-4d9b-ac5c-d4e12b053075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5148", "type": "seen", "source": "https://t.me/cvedetector/4638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5148 - Vulnerability Title: GNOME Remote Desktop RDP TLS Certificate Exposur\", \n  \"Content\": \"CVE ID : CVE-2024-5148 \nPublished : Sept. 2, 2024, 12:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T15:33:27.000000Z"}, {"uuid": "cf9660ac-ccc2-4d3f-8913-7003cbfefeee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51483", "type": "seen", "source": "https://t.me/cvedetector/9615", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51483 - changedetection.io Local File Inclusion\", \n  \"Content\": \"CVE ID : CVE-2024-51483 \nPublished : Nov. 1, 2024, 5:15 p.m. | 17\u00a0minutes ago \nDescription : changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T18:41:55.000000Z"}, {"uuid": "3902bf47-63a6-4f83-aee4-5f760f05e083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51482", "type": "seen", "source": "https://t.me/cvedetector/9519", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51482 - ZoneMinder Boolean SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-51482 \nPublished : Oct. 31, 2024, 6:15 p.m. | 46\u00a0minutes ago \nDescription : ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <=\nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T20:17:05.000000Z"}, {"uuid": "993fae5d-9d28-4cc0-9d33-2acb830a8ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51481", "type": "seen", "source": "https://t.me/cvedetector/9516", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51481 - Nix Allows Builders to Read World-Readable Paths and Write World-Writable Paths Outside of Sandbox\", \n  \"Content\": \"CVE ID : CVE-2024-51481 \nPublished : Oct. 31, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import `) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T19:27:00.000000Z"}, {"uuid": "18577910-7e09-436c-bf88-ea8e5b1929ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5148", "type": "seen", "source": "https://t.me/HackingInsights/941", "content": "\u200aCVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information\n\nhttps://securityonline.info/cve-2024-5148-gnome-remote-desktop-vulnerability-exposes-sensitive-information/", "creation_timestamp": "2024-05-26T19:37:42.000000Z"}]}