{"vulnerability": "CVE-2024-1045", "sightings": [{"uuid": "465a8d39-f6a5-4f14-b593-447e90331f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10456", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03", "content": "", "creation_timestamp": "2024-10-29T12:00:00.000000Z"}, {"uuid": "7e35b35c-0e3b-44bd-bcbb-8fa5d90953fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10456", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1457/", "content": "", "creation_timestamp": "2024-11-06T06:00:00.000000Z"}, {"uuid": "80611ec1-17c2-43cc-95fa-2c271bb60214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10451", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113542463860675737", "content": "", "creation_timestamp": "2024-11-25T07:41:46.518457Z"}, {"uuid": "d03f3ce9-f57c-4bdb-8f68-f9fc9957c0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10453", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113690099314651732", "content": "", "creation_timestamp": "2024-12-21T09:27:24.672125Z"}, {"uuid": "25bec3a8-b4ab-4f8f-8da7-d2eba5ec06ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10453", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso72j3k325", "content": "", "creation_timestamp": "2024-12-21T10:15:14.874069Z"}, {"uuid": "b32ebce2-1eed-46c6-a9b1-d0611e89a416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10450", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:30.000000Z"}, {"uuid": "59db3253-28c7-47a7-ae8d-2317bddefc7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1045", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m65w4mkfek2q", "content": "", "creation_timestamp": "2025-11-21T18:31:26.766503Z"}, {"uuid": "736eaea5-bfd9-49da-bbea-7881da4c12e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10450", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "89f4aa97-13a2-48fe-9855-cd0c2887090e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-10459", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/182792b2-c649-42b2-8ec1-3ec1cf492060", "content": "", "creation_timestamp": "2024-10-29T21:37:34.943766Z"}, {"uuid": "7663781b-8e49-4096-8298-0e6b1c3dfebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-10458", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/182792b2-c649-42b2-8ec1-3ec1cf492060", "content": "", "creation_timestamp": "2024-10-29T21:37:34.943766Z"}, {"uuid": "b2f080d0-4907-4395-90c5-882f91ba47fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-10451", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/6dcc559a-77e3-4a18-986f-df02f894221c", "content": "", "creation_timestamp": "2024-11-22T09:53:24.398477Z"}, {"uuid": "d3de9694-e6a5-4c3a-9130-803e9cbb64b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10457", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8185", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10457\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock.\n\ud83d\udccf Published: 2025-03-20T10:11:37.407Z\n\ud83d\udccf Modified: 2025-03-20T10:11:37.407Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/1d91e1e1-7d45-4bda-bc27-bfe9052fd975\n2. https://github.com/significant-gravitas/autogpt/commit/bcaf3241dadfc1fca024e91fb8f2e3004105a172", "creation_timestamp": "2025-03-20T10:19:24.000000Z"}, {"uuid": "9da96e9e-3167-4c5d-9954-dff80295cd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10453", "type": "seen", "source": "https://t.me/cvedetector/13500", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10453 - Elementor Website Builder Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10453 \nPublished : Dec. 21, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T11:59:23.000000Z"}, {"uuid": "dfdd3096-a5aa-4d77-8fa7-23ba76e5b94a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10454", "type": "seen", "source": "https://t.me/cvedetector/9503", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10454 - Clibo Manager Clickjacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10454 \nPublished : Oct. 31, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T15:16:19.000000Z"}, {"uuid": "af8df561-4ce3-43f2-bb15-78f8369c7e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10456", "type": "seen", "source": "https://t.me/cvedetector/9455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10456 - Delta Electronics InfraSuite Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10456 \nPublished : Oct. 30, 2024, 6:15 p.m. | 41\u00a0minutes ago \nDescription : Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T20:03:08.000000Z"}, {"uuid": "b55f0bab-2148-4ee4-8f8e-f7b8b773d115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10452", "type": "seen", "source": "https://t.me/cvedetector/9343", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10452 - Okta Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10452 \nPublished : Oct. 29, 2024, 4:15 p.m. | 40\u00a0minutes ago \nDescription : Organization admins can delete pending invites created in an organization they are not part of. \nSeverity: 2.2 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T18:07:29.000000Z"}, {"uuid": "308388fd-05b2-430b-89e3-690654bcb7cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10455", "type": "seen", "source": "https://t.me/cvedetector/9128", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10455 - \u00b5D3TN BPv7 Parsing Reachable Assertion Service Disruption\", \n  \"Content\": \"CVE ID : CVE-2024-10455 \nPublished : Oct. 28, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : Reachable Assertion in BPv7 parser in \u00b5D3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T16:09:54.000000Z"}, {"uuid": "c0748cf1-c0fc-45ac-a86b-c4ef00975adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10450", "type": "seen", "source": "https://t.me/cvedetector/9135", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10450 - SourceCodester Kortex Lite Advocate Office Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10450 \nPublished : Oct. 28, 2024, 3:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T17:00:13.000000Z"}, {"uuid": "78c30f2b-05b8-480b-ad44-99816e8e9717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10458", "type": "seen", "source": "https://t.me/true_secator/6375", "content": "Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Chrome CVE-2024-10487, \u0430 Mozilla - \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 Firefox.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Chrome 130, \u0437\u0430\u043a\u0440\u044b\u0432 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-10487, \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 Dawn, \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 WebGPU.\n\n\u041e\u0431 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 Google \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 Apple Security Engineering and Architecture (SEAR) \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e API WebGPU \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0442\u0430\u043a\u0436\u0435 \u0438 \u0432 Firefox \u0438 Safari, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u043b\u0438 \u044d\u0442\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u044b CVE-2024-10487.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0434\u043b\u044f \u043a\u0430\u043a\u0438\u0445 \u0446\u0435\u043b\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f CVE-2024-10487 \u043d\u0435\u0442, \u0432 \u0446\u0435\u043b\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 Google \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u043b \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 in-the-wild.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c Chrome 130, \u2014 \u044d\u0442\u043e CVE-2024-10488, \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 WebRTC.\u00a0\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 Firefox 132 \u0438 Thunderbird 132. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0442\u0435 \u0436\u0435 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445, CVE-2024-10458, \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u0443\u0442\u0435\u0447\u043a\u0430 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u043e\u0439\u0442\u0438 \u0441 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0430\u0439\u0442\u0430 \u043d\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439.\n\n\u0412\u0442\u043e\u0440\u0430\u044f CVE-2024-10459 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0441\u0431\u043e\u044e.\u00a0\n\n\u041e\u0441\u0442\u0430\u0432\u0448\u0438\u043c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043d\u0438\u0437\u043a\u0438\u0435 \u043e\u0446\u0435\u043d\u043a\u0438, \u0430 \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0434\u043c\u0435\u043d\u0435, XSS-\u0430\u0442\u0430\u043a\u0430\u043c, \u0443\u0442\u0435\u0447\u043a\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u043c DoS \u0438 RCE.", "creation_timestamp": "2024-10-30T17:30:05.000000Z"}, {"uuid": "cf18da68-d0ab-4f1f-a63a-c0ea7b7a4d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10459", "type": "seen", "source": "https://t.me/true_secator/6375", "content": "Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Chrome CVE-2024-10487, \u0430 Mozilla - \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 Firefox.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Chrome 130, \u0437\u0430\u043a\u0440\u044b\u0432 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-10487, \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 Dawn, \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 WebGPU.\n\n\u041e\u0431 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 Google \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 Apple Security Engineering and Architecture (SEAR) \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e API WebGPU \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0442\u0430\u043a\u0436\u0435 \u0438 \u0432 Firefox \u0438 Safari, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u043b\u0438 \u044d\u0442\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u044b CVE-2024-10487.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0434\u043b\u044f \u043a\u0430\u043a\u0438\u0445 \u0446\u0435\u043b\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f CVE-2024-10487 \u043d\u0435\u0442, \u0432 \u0446\u0435\u043b\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 Google \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u043b \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 in-the-wild.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c Chrome 130, \u2014 \u044d\u0442\u043e CVE-2024-10488, \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 WebRTC.\u00a0\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 Firefox 132 \u0438 Thunderbird 132. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0442\u0435 \u0436\u0435 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445, CVE-2024-10458, \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u0443\u0442\u0435\u0447\u043a\u0430 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u043e\u0439\u0442\u0438 \u0441 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0430\u0439\u0442\u0430 \u043d\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439.\n\n\u0412\u0442\u043e\u0440\u0430\u044f CVE-2024-10459 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0441\u0431\u043e\u044e.\u00a0\n\n\u041e\u0441\u0442\u0430\u0432\u0448\u0438\u043c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043d\u0438\u0437\u043a\u0438\u0435 \u043e\u0446\u0435\u043d\u043a\u0438, \u0430 \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0434\u043c\u0435\u043d\u0435, XSS-\u0430\u0442\u0430\u043a\u0430\u043c, \u0443\u0442\u0435\u0447\u043a\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u043c DoS \u0438 RCE.", "creation_timestamp": "2024-10-30T17:30:05.000000Z"}]}