{"vulnerability": "CVE-2024-3881", "sightings": [{"uuid": "af8080e3-8a84-4bb7-a600-7972c4587d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "8ef3179e-6ae2-42ba-9d27-75d713d75f20", "vulnerability": "CVE-2024-38814", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-18T12:29:18.139509Z"}, {"uuid": "0c1d592b-eef5-4974-9a63-f0c6d278855d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "8ef3179e-6ae2-42ba-9d27-75d713d75f20", "vulnerability": "CVE-2024-38814", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-18T12:30:30.287357Z"}, {"uuid": "173b25b1-782d-4a89-982f-0a7b9f0c095a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:16:01.199652Z"}, {"uuid": "b83e0d3c-515d-41a2-bb72-cbb2d40ef408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "confirmed", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:16:13.284917Z"}, {"uuid": "b44e69bb-c78b-4511-8fc9-53f14b8e7582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:20:38.848307Z"}, {"uuid": "1735505b-c27d-4f83-aeea-f8e09f5483a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38814", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1421/", "content": "", "creation_timestamp": "2024-10-23T05:00:00.000000Z"}, {"uuid": "e0c1565f-1d1f-47f6-b0dc-3042bdbbdc27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2720005", "content": "", "creation_timestamp": "2024-11-20T17:24:09.151714Z"}, {"uuid": "cd077109-ed8f-448c-b2bf-81c66fe6c72f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/patchnow24x7/statuses/113518774211162459", "content": "", "creation_timestamp": "2024-11-21T03:17:10.949962Z"}, {"uuid": "dd3b8c46-1a5f-463f-8eb7-6418f46d8a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113516051541690814", "content": "", "creation_timestamp": "2024-11-20T15:44:46.353037Z"}, {"uuid": "9a0f653e-8a6e-4927-8da6-b01b7e74a8e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113516051541690814", "content": "", "creation_timestamp": "2024-11-20T15:44:46.381778Z"}, {"uuid": "6c892032-2f28-4d3b-a743-e2d975ea617c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113505259568672387", "content": "", "creation_timestamp": "2024-11-18T18:00:14.140405Z"}, {"uuid": "f2ea6079-0311-4365-ab0e-505e49432704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://infosec.exchange/users/catc0n/statuses/113506159522349936", "content": "", "creation_timestamp": "2024-11-18T21:49:05.893411Z"}, {"uuid": "9cc212dc-4ce8-4599-9078-c6d41cc7f957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/catc0n/statuses/113506159522349936", "content": "", "creation_timestamp": "2024-11-18T21:49:05.859158Z"}, {"uuid": "7be81930-81c4-4962-bceb-cde62bd630d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113505259568672387", "content": "", "creation_timestamp": "2024-11-18T18:00:14.073819Z"}, {"uuid": "8cfd2977-5a91-4c5a-a359-626bc36c29d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2720006", "content": "", "creation_timestamp": "2024-11-20T17:24:13.247901Z"}, {"uuid": "ae301278-31a5-4715-9523-ce80c1e883f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-11-20T18:10:03.000000Z"}, {"uuid": "9e787c16-d1b6-40b9-94f4-8505aeefde11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-11-20T18:10:02.000000Z"}, {"uuid": "667a293e-5044-45ce-8d3e-398c4f19eec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-38819", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113680632152929678", "content": "", "creation_timestamp": "2024-12-19T17:19:46.948080Z"}, {"uuid": "644893e5-74a7-494f-b5f3-d78af75a99e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldoi4q7xrl2a", "content": "", "creation_timestamp": "2024-12-19T18:15:56.244372Z"}, {"uuid": "71ff5a73-7fcf-42bb-bcca-3abef9046ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113869714895593544", "content": "", "creation_timestamp": "2025-01-22T02:46:01.128127Z"}, {"uuid": "dcfb2059-ef75-479b-b288-936012853d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:02.000000Z"}, {"uuid": "fd8f0ebb-1f41-493f-81db-79c1b49c9069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-28088f46-fd577d223f0addbd", "content": "", "creation_timestamp": "2025-02-17T09:37:52.128691Z"}, {"uuid": "2003f8c1-3eac-4779-b8a8-c28d21bf0016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:02.000000Z"}, {"uuid": "8b12db8e-7b6b-4610-8804-4168becb7ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lrbqwoq4ey2p", "content": "", "creation_timestamp": "2025-06-10T20:41:42.336852Z"}, {"uuid": "e9fdafae-87f6-4062-8bc3-67a32ea15ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lrbu7jegzm22", "content": "", "creation_timestamp": "2025-06-10T21:40:19.738158Z"}, {"uuid": "d7cae845-271b-4a57-85b7-b6087dc5ad04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38811", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1361", "content": "", "creation_timestamp": "2024-09-04T04:00:00.000000Z"}, {"uuid": "be576651-b049-4110-a86b-9c72348edae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "27b9b8fb-8e4c-4915-b030-113a90fa402e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "ccbfa836-382e-40d7-81ac-2f89cf95ff5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://gist.github.com/Darkcrai86/f478a7b258a4ba4e77c13e27154ee51f", "content": "", "creation_timestamp": "2025-12-05T13:02:24.000000Z"}, {"uuid": "9b156a6a-c65d-46a5-8dd8-3bdc73ee2102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://vulnerability.circl.lu/comment/a3186180-3808-47e1-8347-071389b4f994", "content": "", "creation_timestamp": "2024-10-22T13:20:32.036514Z"}, {"uuid": "5edbb85e-1fcd-49fc-9865-b3cf82c36275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ebe1f99e-19a3-4ef2-8978-e80d5c4d4a7b", "content": "", "creation_timestamp": "2026-02-02T12:26:21.368865Z"}, {"uuid": "91cb3765-2335-4e4d-9f4c-25487c27b6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1376", "content": "", "creation_timestamp": "2024-09-19T04:00:00.000000Z"}, {"uuid": "cce2261d-9272-422a-a9de-f4a2c6e3a095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2024", "content": "", "creation_timestamp": "2024-09-18T08:24:29.000000Z"}, {"uuid": "edbadb68-076c-48fd-8459-5cb05aa26e7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2024", "content": "", "creation_timestamp": "2024-09-18T08:24:29.000000Z"}, {"uuid": "2ed4d671-a874-4290-a5af-ceee27b0af26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1376", "content": "", "creation_timestamp": "2024-09-19T04:00:00.000000Z"}, {"uuid": "7b34c9d9-beb4-4fa9-9fb1-a4c0f4a287d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f956e3aa-3257-4dc8-9772-6fbeaca7055b", "content": "", "creation_timestamp": "2026-02-02T12:26:21.490591Z"}, {"uuid": "4c2068b2-5ea4-4315-b548-cfe8ddf3d516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "https://t.me/HackingInsights/13188", "content": "\u200aCVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions\n\nhttps://securityonline.info/cve-2024-38816-spring-framework-path-traversal-vulnerability-threatens-millions/", "creation_timestamp": "2024-09-16T14:39:44.000000Z"}, {"uuid": "5644ffe5-615e-4dc4-a431-188135b08065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8594", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38816 Proof of Concept\nURL\uff1ahttps://github.com/masa42/CVE-2024-38816-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-25T10:31:35.000000Z"}, {"uuid": "04721675-6394-4874-943d-c682165497d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-38819.yaml", "content": "", "creation_timestamp": "2026-04-13T08:06:30.000000Z"}, {"uuid": "9e9f6ee8-f45e-4554-a630-3ff4b6a6125a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mjfrblz7iv23", "content": "", "creation_timestamp": "2026-04-13T21:03:07.315548Z"}, {"uuid": "ddac21c5-e5c1-4900-9ee5-0ef243237196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9289", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a CVE-2024-38816\nURL\uff1ahttps://github.com/Anthony1078/App-vulnerable\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-02T02:19:45.000000Z"}, {"uuid": "796df421-5898-4dfe-8938-28e39a6a2ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8830", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38812 : Critical Heap-Buffer Overflow vulnerability in VMWare vCenter.\nURL\uff1ahttps://github.com/groshi/CVE-2024-38812-POC-5-Hands-Private\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-24T12:57:52.000000Z"}, {"uuid": "ae8aa784-799a-4be0-8af3-ffd53d494e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/itsec_news/4734", "content": "\u200b\u26a1\ufe0fCVE-2024-38812: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2024-38812 , \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 DCE/RPC.\n\n\u041f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 vCenter.\n\n\u042d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0441\u0445\u043e\u0436 \u0441 \u0434\u0432\u0443\u043c\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u2014 CVE-2024-37079 \u0438 CVE-2024-37080, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430. \u041e\u0446\u0435\u043d\u043a\u0430 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9.8 \u043f\u043e CVSS.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 CVE-2024-38813 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 7.5, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root. \u0410\u0442\u0430\u043a\u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043f\u0440\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Matrix Cup, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0432 \u041a\u0438\u0442\u0430\u0435 \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nvCenter Server 8.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nvCenter Server 7.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s);\nVMware Cloud Foundation 5.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nVMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s).\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430, \u0447\u0442\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043b\u0443\u0436\u0431 VMware vCenter.\n\n\u042d\u0442\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0441\u043e\u0432\u043f\u0430\u043b\u0438 \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u0438 \u0424\u0411\u0420. \u0412 \u043d\u0451\u043c \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting (XSS), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-19T13:23:48.000000Z"}, {"uuid": "f56b1af5-61cf-4241-b8b7-817b36d51368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/HackingInsights/13497", "content": "\u200aBroadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\n\nhttps://securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html", "creation_timestamp": "2024-09-19T13:16:58.000000Z"}, {"uuid": "4ff766c3-b41d-4abb-9b79-13b357c14cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/HackingInsights/13407", "content": "Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\nhttps://ift.tt/SVc0WoJ", "creation_timestamp": "2024-09-18T16:01:53.000000Z"}, {"uuid": "e630bb39-6c4b-4aba-870f-ba693731c0ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/itsec_news/4734", "content": "\u200b\u26a1\ufe0fCVE-2024-38812: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2024-38812 , \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 DCE/RPC.\n\n\u041f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 vCenter.\n\n\u042d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0441\u0445\u043e\u0436 \u0441 \u0434\u0432\u0443\u043c\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u2014 CVE-2024-37079 \u0438 CVE-2024-37080, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430. \u041e\u0446\u0435\u043d\u043a\u0430 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9.8 \u043f\u043e CVSS.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 CVE-2024-38813 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 7.5, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root. \u0410\u0442\u0430\u043a\u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043f\u0440\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Matrix Cup, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0432 \u041a\u0438\u0442\u0430\u0435 \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nvCenter Server 8.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nvCenter Server 7.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s);\nVMware Cloud Foundation 5.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nVMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s).\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430, \u0447\u0442\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043b\u0443\u0436\u0431 VMware vCenter.\n\n\u042d\u0442\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0441\u043e\u0432\u043f\u0430\u043b\u0438 \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u0438 \u0424\u0411\u0420. \u0412 \u043d\u0451\u043c \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting (XSS), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-19T13:23:48.000000Z"}, {"uuid": "073738fd-a49b-4dad-bf65-baf36f19d760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/ics_cert/918", "content": "\ud83d\udd0e \u0645\u0627 \u0628\u0647\u200c\u0633\u0631\u0639\u062a \u0633\u0631\u0648\u0631 vCenter \u0648 VMware Cloud Foundation \u0631\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\n\nBroadcom \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38812\u060c CVSS 9.8) \u0648 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38813\u060c CVSS 7.5) \u0631\u0627 \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0648 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0628\u0631\u0627\u06cc \u0631\u0648\u062a \u06a9\u0631\u062f\u0646 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc vCenter \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f. \u062d\u0645\u0644\u0647 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0628\u06a9\u0647 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0627\u0646\u062a\u0638\u0627\u0631 \u0628\u0631\u0627\u06cc \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u06cc\u0633\u062a.\n\nBroadcom \u062f\u0631 \u067e\u0631\u0633\u0634\u200c\u0647\u0627\u06cc \u0645\u062a\u062f\u0627\u0648\u0644 \u062a\u0627\u06a9\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062d\u062a\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646\u06cc \u06a9\u0647 \u0642\u0631\u0627\u0631\u062f\u0627\u062f \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u0646\u0642\u0636\u06cc \u0634\u062f\u0647 \u062f\u0627\u0631\u0646\u062f \u0646\u06cc\u0632 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc \u0648 \u06a9\u0627\u0647\u0634\u06cc \u0631\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0646\u0645\u06cc \u06a9\u0646\u062f - \u0641\u0642\u0637 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc.\n\nhttps://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/\n\n\ud83c\udfaf \u062f\u0631 \u062c\u0631\u06cc\u0627\u0646 \u0646\u0628\u0636 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0635\u0646\u0639\u062a\u06cc \u0628\u0627\u0634\u06cc\u062f:\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert", "creation_timestamp": "2024-09-23T03:57:47.000000Z"}, {"uuid": "4208df2e-e23b-426c-a9e4-445d5f55b962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1140", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38819\n\ud83d\udd39 Description: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.\n\ud83d\udccf Published: 2024-12-19T17:15:12.704Z\n\ud83d\udccf Modified: 2025-01-10T13:06:45.393Z\n\ud83d\udd17 References:\n1. https://spring.io/security/cve-2024-38819", "creation_timestamp": "2025-01-10T14:06:22.000000Z"}, {"uuid": "eda1a607-043b-4a4e-b59e-10770dd586f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/ics_cert/959", "content": "\u0647\u0634\u062f\u0627\u0631!! VMware \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0627\u0646\u062a\u0634\u0627\u0631 CVE-2024-38812 \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 \u0631\u0641\u0639 \u0645\u0634\u06a9\u0644 \u0637\u0628\u0642\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\nVMware \u06cc\u06a9 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0628\u0631\u0627\u06cc \u0628\u0648\u0644\u062a\u0646 \u062e\u0648\u062f VMSA-2024-0019 \u0635\u0627\u062f\u0631 \u06a9\u0631\u062f \u0648 \u062d\u0645\u0644\u0627\u062a \u0641\u0639\u0627\u0644\u06cc \u0631\u0627 \u06a9\u0647 CVE-2024-38812 \u0648 CVE-2024-38813 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0631\u062f \u0648 \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062e\u0648\u0627\u0633\u062a \u0627\u0648\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0648\u0635\u0644\u0647\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u0628\u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u067e\u0646\u062c \u0645\u0627\u0647 \u067e\u06cc\u0634 \u062a\u0648\u0633\u0637 \u062a\u06cc\u0645 TZL \u062f\u0631 \u0645\u0633\u0627\u0628\u0642\u0627\u062a \u0647\u06a9 \u0686\u06cc\u0646\u06cc Matrix Cup 2024 \u06a9\u0647 \u062a\u0648\u0633\u0637 Qihoo 360 \u0648 Beijing Huayun'an \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u062f\u0647\u06cc \u0634\u062f\u060c \u06a9\u0634\u0641 \u0634\u062f \u0648 \u062f\u0627\u0631\u0627\u06cc CVSS 9.8/10 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0633\u0631\u0631\u06cc\u0632 \u067e\u0634\u062a\u0647 \u062f\u0631 \u0627\u062c\u0631\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 \u0645\u062d\u06cc\u0637 \u0645\u062d\u0627\u0633\u0628\u0627\u062a\u06cc \u062a\u0648\u0632\u06cc\u0639 \u0634\u062f\u0647/ \u0641\u0631\u0627\u062e\u0648\u0627\u0646 \u0631\u0648\u06cc\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (DCERPC) \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\nVMware \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0647 \u0633\u0631\u0648\u0631 vCenter \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0628\u0633\u062a\u0647 \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0628\u0647 \u0645\u062f\u062a \u0686\u0647\u0627\u0631 \u0645\u0627\u0647\u060c \u0634\u0631\u06a9\u062a \u0633\u0639\u06cc \u06a9\u0631\u062f \u0627\u06cc\u0646 \u062e\u0637\u0627\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f. \n\nKSo\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 VMware \u0627\u0639\u062a\u0631\u0627\u0641 \u06a9\u0631\u062f\u060c \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc 17 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2024 \u0646\u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062a\u0623\u062b\u06cc\u0631 CVE-2024-38812 \u0631\u0627 \u06a9\u0627\u0647\u0634 \u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u063a\u0648\u0644 \u0645\u062c\u0627\u0632\u06cc \u0633\u0627\u0632\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a: vCenter Server 8.0 U3b \u0648 7.0 U3s\u060c VMware Cloud Foundation 5.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 8.0 U3b) \u0648 VMware Cloud Foundation 4.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 7.0 U3s).\n\n\u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632\u060c VMware \u062c\u0632\u0626\u06cc\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0648\u0627\u0631\u062f \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u06cc\u0627 IoC \u0627\u0631\u0627\u0626\u0647 \u0646\u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-22T08:09:01.000000Z"}, {"uuid": "fbd23b51-2de1-4157-8987-8620d1234ada", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ics_cert/959", "content": "\u0647\u0634\u062f\u0627\u0631!! VMware \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0627\u0646\u062a\u0634\u0627\u0631 CVE-2024-38812 \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 \u0631\u0641\u0639 \u0645\u0634\u06a9\u0644 \u0637\u0628\u0642\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\nVMware \u06cc\u06a9 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0628\u0631\u0627\u06cc \u0628\u0648\u0644\u062a\u0646 \u062e\u0648\u062f VMSA-2024-0019 \u0635\u0627\u062f\u0631 \u06a9\u0631\u062f \u0648 \u062d\u0645\u0644\u0627\u062a \u0641\u0639\u0627\u0644\u06cc \u0631\u0627 \u06a9\u0647 CVE-2024-38812 \u0648 CVE-2024-38813 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0631\u062f \u0648 \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062e\u0648\u0627\u0633\u062a \u0627\u0648\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0648\u0635\u0644\u0647\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u0628\u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u067e\u0646\u062c \u0645\u0627\u0647 \u067e\u06cc\u0634 \u062a\u0648\u0633\u0637 \u062a\u06cc\u0645 TZL \u062f\u0631 \u0645\u0633\u0627\u0628\u0642\u0627\u062a \u0647\u06a9 \u0686\u06cc\u0646\u06cc Matrix Cup 2024 \u06a9\u0647 \u062a\u0648\u0633\u0637 Qihoo 360 \u0648 Beijing Huayun'an \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u062f\u0647\u06cc \u0634\u062f\u060c \u06a9\u0634\u0641 \u0634\u062f \u0648 \u062f\u0627\u0631\u0627\u06cc CVSS 9.8/10 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0633\u0631\u0631\u06cc\u0632 \u067e\u0634\u062a\u0647 \u062f\u0631 \u0627\u062c\u0631\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 \u0645\u062d\u06cc\u0637 \u0645\u062d\u0627\u0633\u0628\u0627\u062a\u06cc \u062a\u0648\u0632\u06cc\u0639 \u0634\u062f\u0647/ \u0641\u0631\u0627\u062e\u0648\u0627\u0646 \u0631\u0648\u06cc\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (DCERPC) \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\nVMware \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0647 \u0633\u0631\u0648\u0631 vCenter \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0628\u0633\u062a\u0647 \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0628\u0647 \u0645\u062f\u062a \u0686\u0647\u0627\u0631 \u0645\u0627\u0647\u060c \u0634\u0631\u06a9\u062a \u0633\u0639\u06cc \u06a9\u0631\u062f \u0627\u06cc\u0646 \u062e\u0637\u0627\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f. \n\nKSo\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 VMware \u0627\u0639\u062a\u0631\u0627\u0641 \u06a9\u0631\u062f\u060c \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc 17 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2024 \u0646\u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062a\u0623\u062b\u06cc\u0631 CVE-2024-38812 \u0631\u0627 \u06a9\u0627\u0647\u0634 \u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u063a\u0648\u0644 \u0645\u062c\u0627\u0632\u06cc \u0633\u0627\u0632\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a: vCenter Server 8.0 U3b \u0648 7.0 U3s\u060c VMware Cloud Foundation 5.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 8.0 U3b) \u0648 VMware Cloud Foundation 4.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 7.0 U3s).\n\n\u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632\u060c VMware \u062c\u0632\u0626\u06cc\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0648\u0627\u0631\u062f \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u06cc\u0627 IoC \u0627\u0631\u0627\u0626\u0647 \u0646\u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-22T08:09:01.000000Z"}, {"uuid": "d60390ee-ed38-4f51-b361-c00004a58d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ics_cert/918", "content": "\ud83d\udd0e \u0645\u0627 \u0628\u0647\u200c\u0633\u0631\u0639\u062a \u0633\u0631\u0648\u0631 vCenter \u0648 VMware Cloud Foundation \u0631\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\n\nBroadcom \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38812\u060c CVSS 9.8) \u0648 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38813\u060c CVSS 7.5) \u0631\u0627 \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0648 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0628\u0631\u0627\u06cc \u0631\u0648\u062a \u06a9\u0631\u062f\u0646 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc vCenter \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f. \u062d\u0645\u0644\u0647 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0628\u06a9\u0647 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0627\u0646\u062a\u0638\u0627\u0631 \u0628\u0631\u0627\u06cc \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u06cc\u0633\u062a.\n\nBroadcom \u062f\u0631 \u067e\u0631\u0633\u0634\u200c\u0647\u0627\u06cc \u0645\u062a\u062f\u0627\u0648\u0644 \u062a\u0627\u06a9\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062d\u062a\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646\u06cc \u06a9\u0647 \u0642\u0631\u0627\u0631\u062f\u0627\u062f \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u0646\u0642\u0636\u06cc \u0634\u062f\u0647 \u062f\u0627\u0631\u0646\u062f \u0646\u06cc\u0632 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc \u0648 \u06a9\u0627\u0647\u0634\u06cc \u0631\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0646\u0645\u06cc \u06a9\u0646\u062f - \u0641\u0642\u0637 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc.\n\nhttps://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/\n\n\ud83c\udfaf \u062f\u0631 \u062c\u0631\u06cc\u0627\u0646 \u0646\u0628\u0636 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0635\u0646\u0639\u062a\u06cc \u0628\u0627\u0634\u06cc\u062f:\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert", "creation_timestamp": "2024-09-23T03:57:47.000000Z"}, {"uuid": "70201da6-5768-43a6-ba7f-b2ea34e33353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/BleepingComputer/20889", "content": "\u200aVMware fixes bad patch for critical vCenter Server RCE flaw\n\nVMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]\n\nhttps://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/", "creation_timestamp": "2024-10-22T15:25:44.000000Z"}, {"uuid": "5b005fde-088b-4359-8448-fdfb995d38e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/1760", "content": "\u26a1\ufe0fCVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released.\n\n#CyberBulletin", "creation_timestamp": "2024-12-16T05:52:56.000000Z"}, {"uuid": "5308c749-f791-4fe6-b1b2-d1fa1e62746b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "Telegram/EjVQfzLMdxKWiZinMuDr9sJ3xsdPZ04WxSjwnXbemefXrlE", "content": "", "creation_timestamp": "2025-06-25T23:00:05.000000Z"}, {"uuid": "53da4e4e-02c6-42d4-8e62-e73cbaf53335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "https://t.me/true_secator/7151", "content": "\u0412 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0434\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0442\u0438\u043c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f:\n\n1. BeyondTrust \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430.\n\nCVE-2025-5309 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Resilion\u00a0\u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b BeyondTrust Remote Support \u0438 Privileged Remote Access. \n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0448\u0430\u0431\u043b\u043e\u043d\u0438\u0437\u0430\u0442\u043e\u0440 BeyondTrust \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b.\n\n2. Citrix \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u00a0\u0434\u043b\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 (CVE-2025-5777) \u0432 NetScaler ADC \u0438 NetScaler Gateway.\n\nCitrix \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\u00a0\n\n3. \u0414\u0436\u043e\u043d\u0430\u0442\u0430\u043d \u041c\u044d\u043d\u043d\u0445\u0435\u043d \u043e\u0442\u044b\u0441\u043a\u0430\u043b \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Erlang/OTP ZIP-\u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0430\u0431\u0441\u043e\u043b\u044e\u0442\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043f\u0443\u0442\u044c \u043f\u043e \u0441\u0432\u043e\u0435\u043c\u0443 \u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044e.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 CrowdStrike \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0431\u0437\u043e\u0440 \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u043a\u0438, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a \u043e\u0431\u0445\u043e\u0434 AMSI \u0431\u0435\u0437 \u043f\u0430\u0442\u0447\u0435\u0439, \u0435\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n5. Cisco \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0434\u0432\u0430 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0432\u043e\u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\n6. Atlassian \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430\u00a0\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044f\u0445 Bamboo, Bitbucket, Confluence, Crowd \u0438 Jira.\n\n\u041a \u043d\u0438\u043c \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f CVE-2025-22228 (\u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f \u0432 Spring), CVE-2025-24970 (DoS \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Netty), CVE-2024-38816 (\u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 \u0432\u0435\u0431-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430\u043c\u0438 WebMvc.fn \u0438 WebFlux.fn), CVE-2024-57699 (DoS \u0432 Netplex Json-smart) \u0438 CVE-2025-31650 (DoS \u0432 Apache Tomcat).\n\n7. Microsoft \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u043f\u043b\u0430\u043d\u0430\u0445 \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0438\u0437 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0426\u0435\u043d\u0442\u0440\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows \u0434\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0440\u0438\u0441\u043a\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438.\n\n8. GreyNoise \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u0432\u0441\u043f\u043b\u0435\u0441\u043a\u0435 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-28771 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,8) \u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u0430\u0445 Zyxel, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0443\u0436\u0435 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u0434\u043e\u0437\u0440\u0435\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u043c \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Mirai.\n\n9. \u041d\u0435\u0434\u0430\u0432\u043d\u044f\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Langflow, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a CVE-2025-3248, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0432\u043e\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432 \u0431\u043e\u0442\u043d\u0435\u0442 Flodrix, \u043e \u0447\u0435\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 Trend Micro.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Langflow, \u0430 \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 PoC, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445.", "creation_timestamp": "2025-06-20T18:30:05.000000Z"}, {"uuid": "3e1cf4f9-83be-4042-a3f4-17465bdc469b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/kasperskyb2b/1418", "content": "\ud83d\udd0e \u0421\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c vCenter Server \u0438 VMware Cloud Foundation\n\nBroadcom \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0434\u043d\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e (CVE-2024-38812, CVSS 9.8) \u0438 \u043e\u0434\u043d\u0443 \u0432\u0430\u0436\u043d\u0443\u044e (CVE-2024-38813, CVSS 7.5) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 vCenter. \u0410\u0442\u0430\u043a\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0436\u0434\u0430\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\nBroadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0432 FAQ, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u0430\u0436\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442\u043e\u043c \u043d\u0430 \u0442\u0435\u0445\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443. \u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0438 \u0441\u043c\u044f\u0433\u0447\u0430\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u0442\u043e\u0436\u0435 \u043d\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u2014 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u043f\u0430\u0442\u0447\u0438 @\u041f2\u0422", "creation_timestamp": "2024-09-18T17:05:15.000000Z"}, {"uuid": "eb70a393-16af-4373-8c76-e38fcbc2c099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/kasperskyb2b/1418", "content": "\ud83d\udd0e \u0421\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c vCenter Server \u0438 VMware Cloud Foundation\n\nBroadcom \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0434\u043d\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e (CVE-2024-38812, CVSS 9.8) \u0438 \u043e\u0434\u043d\u0443 \u0432\u0430\u0436\u043d\u0443\u044e (CVE-2024-38813, CVSS 7.5) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 vCenter. \u0410\u0442\u0430\u043a\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0436\u0434\u0430\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\nBroadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0432 FAQ, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u0430\u0436\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442\u043e\u043c \u043d\u0430 \u0442\u0435\u0445\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443. \u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0438 \u0441\u043c\u044f\u0433\u0447\u0430\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u0442\u043e\u0436\u0435 \u043d\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u2014 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u043f\u0430\u0442\u0447\u0438 @\u041f2\u0422", "creation_timestamp": "2024-09-18T17:05:15.000000Z"}, {"uuid": "76fc25f5-1aa2-4641-9eed-c1e95c9806c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/CyberBulletin/1520", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "85c86f08-62d8-4c47-a5af-b16524bf417d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/CyberBulletin/1520", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "b6e504e0-436e-4557-8c9d-c7bbd12494d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ton618cyber/3917", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom patches critical VMware vCenter Server vulnerability, CVE-2024-38812, preventing remote code execution. Update now.\n\nthehackernews.com \u2022 Sep 18, 2024", "creation_timestamp": "2024-09-19T10:27:09.000000Z"}, {"uuid": "1bf732e5-541f-47f7-8db6-efce6fc373d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://t.me/cvedetector/13354", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38819 - Spring Path Traversal Error\", \n  \"Content\": \"CVE ID : CVE-2024-38819 \nPublished : Dec. 19, 2024, 6:15 p.m. | 33\u00a0minutes ago \nDescription : Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T19:50:12.000000Z"}, {"uuid": "851526af-f45d-4152-ab7b-c06d1c75a65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1793", "content": "#exploit\n1. CVE-2024-38816:\nSpring Framework 6.0.3 path traversal\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\n2. CVE-2024-7479/7481:\nTeamViewer User to Kernel EoP\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\n3. CVE-2024-26304:\nCritical RCE in HPE Aruba Devices\nhttps://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits", "creation_timestamp": "2024-10-08T16:16:11.000000Z"}, {"uuid": "10bde41c-999d-4752-9d90-61144933bbb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38818", "type": "seen", "source": "https://t.me/cvedetector/7530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38818 - VMware NSX Local Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38818 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : VMware NSX contains a local privilege escalation vulnerability.\u00a0  \n  \nAn authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:16.000000Z"}, {"uuid": "345db882-65d2-462e-b286-290bb8272f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38817", "type": "seen", "source": "https://t.me/cvedetector/7529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38817 - NSX Edge Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-38817 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : Mware NSX contains a command injection vulnerability.\u00a0  \n  \nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:15.000000Z"}, {"uuid": "8ade6544-3095-4839-802f-0f425254afe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/cvedetector/5831", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38812 - VMware vCenter Server DCERPC Heap Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-38812 \nPublished : Sept. 17, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T20:37:49.000000Z"}, {"uuid": "b925605d-4dab-4ce4-8aac-ddb8ba58f44c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/cvedetector/5825", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38813 - VMware vCenter Server Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38813 \nPublished : Sept. 17, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T20:37:38.000000Z"}, {"uuid": "feadc7ae-ae95-473f-9f63-9427b03b34fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38815", "type": "seen", "source": "https://t.me/cvedetector/7535", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38815 - VMware NSX URL Redirection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38815 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : VMware NSX contains a content spoofing vulnerability.\u00a0  \n  \nAn unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:23.000000Z"}, {"uuid": "4b00e751-94cf-4f9d-92b9-a7db779e48d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38814", "type": "seen", "source": "https://t.me/cvedetector/8102", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38814 - VMware HCX Authenticated SQL Injection Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-38814 \nPublished : Oct. 16, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A  \n malicious authenticated user with non-administrator privileges may be   \nable to enter specially crafted SQL queries and perform unauthorized   \nremote code execution on the HCX manager.\u00a0  \nUpdates are available to remediate this vulnerability in affected VMware products. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T19:44:15.000000Z"}, {"uuid": "4a3d8aaf-eb9b-4b63-929e-a2a86ab1295e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/bizone_channel/1562", "content": "\u0421\u043f\u0443\u0441\u0442\u044f \u0434\u0432\u0430 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u043d\u0430\u0448\u0435\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u0438 CVE-2024-38812 \u0438 CVE-2024-38813 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 security advisory, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0437\u0430\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u00ab\u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\u00bb.\n\n\u041f\u043e\u043a\u0430 \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u0447\u0442\u043e \u0441\u0438\u043b\u044c\u043d\u043e \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0438\u0445 \u0441\u0442\u043e\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043c\u044b \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c: \n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-22T08:14:43.000000Z"}, {"uuid": "5bf64ef6-64ea-4535-b111-52936ffd36b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/bizone_channel/1562", "content": "\u0421\u043f\u0443\u0441\u0442\u044f \u0434\u0432\u0430 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u043d\u0430\u0448\u0435\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u0438 CVE-2024-38812 \u0438 CVE-2024-38813 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 security advisory, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0437\u0430\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u00ab\u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\u00bb.\n\n\u041f\u043e\u043a\u0430 \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u0447\u0442\u043e \u0441\u0438\u043b\u044c\u043d\u043e \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0438\u0445 \u0441\u0442\u043e\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043c\u044b \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c: \n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-22T08:14:43.000000Z"}, {"uuid": "30d731dc-8e47-4345-b829-37b5143b12aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38810", "type": "seen", "source": "https://t.me/cvedetector/3600", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38810 - Spring Security Missing Authorization\", \n  \"Content\": \"CVE ID : CVE-2024-38810 \nPublished : Aug. 20, 2024, 4:15 a.m. | 39\u00a0minutes ago \nDescription : Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T07:05:41.000000Z"}, {"uuid": "508e4f5d-d575-4106-accd-49df9b7f287e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/bizone_channel/1553", "content": "\ud83d\udd2b \u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u0438 CVE-2024-38813\n\nCVE-2024-38812 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCERPC \u0432 VMware vCenter, \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043c\u0430\u0448\u0438\u043d\u0430\u043c\u0438 VMware ESXi. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0438\u0448\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0441\u0432\u044f\u0437\u043d\u043e\u0441\u0442\u0438 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0445\u043e\u0441\u0442\u043e\u043c. \n\nCVE-2024-38813 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c DCERPC.\n\nCVE-2024-38812 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430, \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u0432 \u043a\u0443\u0447\u0435, \u043f\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0441\u0434\u0432\u0438\u0433\u0443. \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u043a\u0443\u043f\u0435 \u0441 CVE-2024-38813 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \n\n\u0421\u0435\u0440\u0432\u0438\u0441\u044b vCenter, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e DCERPC:\n\u2014 vmdird (TCP-\u043f\u043e\u0440\u0442 2012);\n\u2014 vmcad (TCP-\u043f\u043e\u0440\u0442 2014);\n\u2014 vmafdd (TCP-\u043f\u043e\u0440\u0442 2020).\n\nVMware \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043f\u0430\u0442\u0447\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u044c CVE-2024-38812 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0439 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c:\n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-16T11:37:51.000000Z"}, {"uuid": "794edc03-2619-4ad8-8df9-74f5c21e2121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/bizone_channel/1553", "content": "\ud83d\udd2b \u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u0438 CVE-2024-38813\n\nCVE-2024-38812 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCERPC \u0432 VMware vCenter, \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043c\u0430\u0448\u0438\u043d\u0430\u043c\u0438 VMware ESXi. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0438\u0448\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0441\u0432\u044f\u0437\u043d\u043e\u0441\u0442\u0438 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0445\u043e\u0441\u0442\u043e\u043c. \n\nCVE-2024-38813 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c DCERPC.\n\nCVE-2024-38812 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430, \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u0432 \u043a\u0443\u0447\u0435, \u043f\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0441\u0434\u0432\u0438\u0433\u0443. \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u043a\u0443\u043f\u0435 \u0441 CVE-2024-38813 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \n\n\u0421\u0435\u0440\u0432\u0438\u0441\u044b vCenter, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e DCERPC:\n\u2014 vmdird (TCP-\u043f\u043e\u0440\u0442 2012);\n\u2014 vmcad (TCP-\u043f\u043e\u0440\u0442 2014);\n\u2014 vmafdd (TCP-\u043f\u043e\u0440\u0442 2020).\n\nVMware \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043f\u0430\u0442\u0447\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u044c CVE-2024-38812 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0439 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c:\n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-16T11:37:51.000000Z"}, {"uuid": "962462e9-13b7-450e-affa-363872518652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38811", "type": "seen", "source": "https://t.me/cvedetector/4673", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38811 - VMware Fusion (13.x before 13.6) contains a code-e\", \n  \"Content\": \"CVE ID : CVE-2024-38811 \nPublished : Sept. 3, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.\u00a0A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T13:17:36.000000Z"}, {"uuid": "5521c075-81c8-4146-8733-6fbff35601eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/iOC4Lup2lwlIMzUj8_8JZNJnhmDWVbA56AyyjsAwMViIdQ", "content": "", "creation_timestamp": "2024-10-22T11:49:56.000000Z"}, {"uuid": "23ef14c8-f336-40bd-976e-1b32c8fd4f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "https://t.me/CyberBulletin/716", "content": "\u26a1\ufe0fCVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions.\n\n#CyberBulletin", "creation_timestamp": "2024-09-16T09:12:44.000000Z"}, {"uuid": "774b0328-ed26-4876-bce5-021566c9c763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/772", "content": "\u26a1\ufe0fCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare.\n\n#CyberBulletin", "creation_timestamp": "2024-09-18T12:59:20.000000Z"}, {"uuid": "13eb531e-3fc5-466b-bff4-6731f4317f0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38810", "type": "seen", "source": "https://t.me/HackingInsights/10792", "content": "\u200aCVE-2024-38810: Spring Security Flaw Leaves Applications Open to Unauthorized Access\n\nhttps://securityonline.info/cve-2024-38810-spring-security-flaw-leaves-applications-open-to-unauthorized-access/", "creation_timestamp": "2024-08-21T12:52:52.000000Z"}, {"uuid": "704ff6ae-a259-4495-ad09-db4068a2193f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ton618cyber/978", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom patches critical VMware vCenter Server vulnerability, CVE-2024-38812, preventing remote code execution. Update now.\n\nthehackernews.com \u2022 Sep 18, 2024", "creation_timestamp": "2024-09-19T10:27:10.000000Z"}, {"uuid": "b75513d9-aaf2-414e-b7fd-6d39fd890d5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/nusantaraMYID/1788", "content": "Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released \u2013 gbhackers.com\n\nWed, 18 Dec 2024 15:34:28", "creation_timestamp": "2024-12-18T09:03:40.000000Z"}, {"uuid": "717dbda3-c61a-456d-9fd2-f4b04fbc602d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/6536", "content": "Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released \u2013 gbhackers.com\n\nWed, 18 Dec 2024 15:34:28", "creation_timestamp": "2024-12-18T09:03:43.000000Z"}, {"uuid": "e17db0d5-c51f-4e96-a2a7-6bc7efbd202e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/E9EOZ_v-I6JA95QsXtV5xoHKQJ4dGewZcRNASHOG-UbMIw", "content": "", "creation_timestamp": "2024-09-18T11:19:43.000000Z"}, {"uuid": "87984639-2e3d-4d26-b7af-945b8ec24d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/5254", "content": "#exploit\n1. CVE-2024-38816:\nSpring Framework 6.0.3 path traversal\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\n2. CVE-2024-7479/7481:\nTeamViewer User to Kernel EoP\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\n3. CVE-2024-26304:\nCritical RCE in HPE Aruba Devices\nhttps://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits", "creation_timestamp": "2024-10-08T16:16:08.000000Z"}, {"uuid": "14426288-5a20-4b2b-9752-3e9e43d51310", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/13393", "content": "\u200aCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare\n\nhttps://securityonline.info/cve-2024-38812-vmwares-9-8-severity-security-nightmare/", "creation_timestamp": "2024-09-18T09:07:11.000000Z"}, {"uuid": "4a29788f-685a-4498-91ed-182b27d7cf11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/IntrusionExploit/285", "content": "Broadcom has discovered and fixed a critical vulnerability in VMware vCenter Server (CVE-2024-38812). This vulnerability allows attackers to execute code remotely on unpatched hosts by sending a specially crafted network packet.\n\nAttackers can exploit this vulnerability remotely, without authentication, through low-skill attacks.\n\nCVE-2024-38812 - Originates from a memory overflow vulnerability in vCenter's DCE/RPC implementation, affecting multiple products such as VMware vSphere and VMware Cloud Foundation.\n\nExperts recommend:\nUpdate now: Security patches are available through the standard vCenter Server update mechanism. To protect your organization, install the updated versions listed in the \"VMware Security Bulletin\".\nAccess Control: If you cannot apply the update immediately, strictly control edge access to vSphere management components.\nBroadcom has also confirmed that there are no known exploits of CVE-2023-34048 at this time. However, always be cautious and take additional security measures.\nAdditionally, Broadcom has patched another elevation of privilege vulnerability (CVE-2024-38813) that could allow an attacker to gain root access to an affected host.\nMake sure you take the necessary steps to protect your systems!", "creation_timestamp": "2024-09-19T08:05:25.000000Z"}, {"uuid": "d15f0eba-9a02-4bad-ad49-e2de82f5463d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/2161", "content": "https://github.com/masa42/CVE-2024-38816-PoC\n\nCVE-2024-38816 Proof of Concept\n#github #poc", "creation_timestamp": "2024-10-04T07:20:29.000000Z"}, {"uuid": "8f09ca18-1042-446b-ac9c-08e0887f57ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/19180", "content": "https://github.com/masa42/CVE-2024-38816-PoC\n\nCVE-2024-38816 Proof of Concept\n#github #poc", "creation_timestamp": "2024-10-04T11:29:11.000000Z"}, {"uuid": "62ae04da-9f9e-45bf-8248-07aea2dc45a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/944", "content": "Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released \u2013 gbhackers.com\n\nWed, 18 Dec 2024 15:34:28", "creation_timestamp": "2024-12-18T09:03:43.000000Z"}, {"uuid": "b8550d37-a37c-49fc-86f0-4d50f977811b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38810", "type": "seen", "source": "Telegram/5kDKPN6zjrRxYzwxo0b3Lf0LtTfC9j1Xub6pDllIRd-yvgw7", "content": "", "creation_timestamp": "2025-03-02T11:46:30.000000Z"}, {"uuid": "7e9a7178-40c7-41bb-88db-872100040b8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/20582", "content": "The Hacker News\nPatch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T11:19:42.000000Z"}, {"uuid": "9b79218e-77d2-4779-9b80-42151b9eb963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "Telegram/VYa4orlCMjHznzXlQOmmiucPQN5A-PV1JKj6Robjtx-R68k", "content": "", "creation_timestamp": "2024-12-18T09:03:40.000000Z"}, {"uuid": "5012852e-f6ed-454d-a84e-fa6639a04749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/bexzPYTiFYkSrgj8hjTxPixzJKVK9eDhosTntuUSNDmkQg", "content": "", "creation_timestamp": "2024-09-18T10:18:09.000000Z"}, {"uuid": "ec3f2ee2-0f26-4a25-9633-46d952f8eb65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/370", "content": "Spring CVE-2024-38816 Path traversal\n\nProof of Concept (PoC):\n\n\ncurl http:///static/link/%2e%2e/etc/passwd\n\n\nAffected Spring Products and Versions\nSpring Framework:\n\n* 5.3.0 - 5.3.39\n* 6.0.0 - 6.0.23\n* 6.1.0 - 6.1.12\nOlder, unsupported versions are also affected", "creation_timestamp": "2024-10-02T09:36:07.000000Z"}, {"uuid": "03269360-8bb5-4b95-978f-1d291a82bae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "Telegram/h9CUOW6CUzeqFx0IHU8Q2FuIf5q9P3am7faYZgCTDOH5YA", "content": "", "creation_timestamp": "2024-10-22T11:14:30.000000Z"}, {"uuid": "fb472b7d-4865-4b07-9a2d-21f1c7016df8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1334", "content": "#GitHub #Tools\n\nMy various vulnerability scripts with notes \n\nhttps://github.com/momika233/loxs-optimized/\n\nComplete list of LPE exploits for Windows (starting from 2023)\n\nhttps://github.com/MzHmO/Exploit-Street\n\nA comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.\n\nhttps://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes\n\nPendingFileRenameOperations + Junctions EDR Disable\n\nhttps://github.com/rad9800/FileRenameJunctionsEDRDisable\n\nCVE-2024-38819: Proof of Concept (PoC)\n\nhttps://github.com/masa42/CVE-2024-38819-POC\n\nBAADTokenBroker\n\nhttps://github.com/secureworks/BAADTokenBroker\n\n#HackersForum", "creation_timestamp": "2024-12-20T03:35:05.000000Z"}, {"uuid": "ad251d66-3d80-4c43-9879-0b66aa0a091c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1216", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T04:10:10.000000Z"}, {"uuid": "78aa14b9-0887-4921-b5f6-9857d22b1e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1063", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling\u00a0 \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/\u00a0 \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark\u00a0 \n\nScriptSentry finds misconfigured and dangerous logon scripts.\u00a0 \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:35:50.000000Z"}, {"uuid": "ceab1a6a-3cb5-471b-adfa-be2b86f88625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "Telegram/1zNa7pMwfeIIXjzqgGa2xgSGyrTz-rfFVmWTa9CL09P5hDk", "content": "", "creation_timestamp": "2025-04-14T11:00:05.000000Z"}, {"uuid": "de92b070-a103-49f5-8cb7-2286ccaa9746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/KomunitiSiber/2584", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\nhttps://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T09:25:24.000000Z"}, {"uuid": "135fedd9-cbbf-48ce-aa57-1df79129b80c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4225", "content": "The Hacker News\nPatch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T11:19:42.000000Z"}, {"uuid": "481daf7f-b769-423f-8aeb-57401203f68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/KomunitiSiber/2749", "content": "VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability\nhttps://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html\n\nVMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by", "creation_timestamp": "2024-10-22T09:14:32.000000Z"}, {"uuid": "7c616c28-1392-442c-9632-0b0c1c62889b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9167", "content": "#GitHub #Tools\n\nMy various vulnerability scripts with notes \n\nhttps://github.com/momika233/loxs-optimized/\n\nComplete list of LPE exploits for Windows (starting from 2023)\n\nhttps://github.com/MzHmO/Exploit-Street\n\nA comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.\n\nhttps://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes\n\nPendingFileRenameOperations + Junctions EDR Disable\n\nhttps://github.com/rad9800/FileRenameJunctionsEDRDisable\n\nCVE-2024-38819: Proof of Concept (PoC)\n\nhttps://github.com/masa42/CVE-2024-38819-POC\n\nBAADTokenBroker\n\nhttps://github.com/secureworks/BAADTokenBroker\n\n#HackersForum", "creation_timestamp": "2024-12-20T03:35:09.000000Z"}, {"uuid": "7e9ce560-972c-4232-ab3f-0da8690d5bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/24564", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:11.000000Z"}, {"uuid": "14fdeaeb-6e1c-44e2-8e4a-e0cb177c6674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/InfoSecInsider/24564", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:11.000000Z"}, {"uuid": "da1d29d3-dbb3-4e80-8f9b-0d72c0f0eaf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "Telegram/1Y48sbJalwzmjtpy8mrSQRzHV0k1YoE21RNTYne2JN6FN9Pc", "content": "", "creation_timestamp": "2024-10-23T08:25:07.000000Z"}, {"uuid": "c87e4d14-5d97-4ea9-8f77-b80d48087ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/24128", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:22.000000Z"}, {"uuid": "a5157c79-a01d-4c53-b5f5-7052e60f0a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24069", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling\u00a0 \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/\u00a0 \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark\u00a0 \n\nScriptSentry finds misconfigured and dangerous logon scripts.\u00a0 \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:36:01.000000Z"}, {"uuid": "38ee9fc2-8fce-4880-ae63-0115674ff5b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2285", "content": "CVE-2024-38816 Spring Framework\n*\nexploit", "creation_timestamp": "2024-10-02T17:50:02.000000Z"}, {"uuid": "e46701d8-9de4-467d-adb7-e0a12c2ca233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24431", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:25.000000Z"}, {"uuid": "f8443a1e-6643-4f2e-88b5-e81ef43f6743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8879", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling\u00a0 \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/\u00a0 \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark\u00a0 \n\nScriptSentry finds misconfigured and dangerous logon scripts.\u00a0 \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:35:55.000000Z"}, {"uuid": "efeda8f2-6d68-4ce8-aa5f-88be17089ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9017", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "00aca653-6743-42be-bf9d-99b216c54963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4006", "content": "#GitHub #Tools\n\nMy various vulnerability scripts with notes \n\nhttps://github.com/momika233/loxs-optimized/\n\nComplete list of LPE exploits for Windows (starting from 2023)\n\nhttps://github.com/MzHmO/Exploit-Street\n\nA comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.\n\nhttps://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes\n\nPendingFileRenameOperations + Junctions EDR Disable\n\nhttps://github.com/rad9800/FileRenameJunctionsEDRDisable\n\nCVE-2024-38819: Proof of Concept (PoC)\n\nhttps://github.com/masa42/CVE-2024-38819-POC\n\nBAADTokenBroker\n\nhttps://github.com/secureworks/BAADTokenBroker\n\n#HackersForum", "creation_timestamp": "2024-12-20T03:35:00.000000Z"}, {"uuid": "9c7a7dbc-3817-4eb7-b109-854def13c2a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3792", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling  \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/  \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark  \n\nScriptSentry finds misconfigured and dangerous logon scripts.  \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:35:42.000000Z"}, {"uuid": "dd2b143c-f96f-4534-a92e-163e0970136d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7636", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "5ac1be93-6435-47ae-b8a8-1a8c16e23c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2428", "content": "CVE-2024-38819\n*\nSpring Boot 3.3.4, based on Spring Framework 6.1.13 path traversal exploit\n*\nPOC + docker", "creation_timestamp": "2024-12-14T15:46:31.000000Z"}, {"uuid": "a97d68cf-619a-4e96-9aed-3d720effa9da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7752", "content": "#GitHub #Tools\n\nMy various vulnerability scripts with notes \n\nhttps://github.com/momika233/loxs-optimized/\n\nComplete list of LPE exploits for Windows (starting from 2023)\n\nhttps://github.com/MzHmO/Exploit-Street\n\nA comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.\n\nhttps://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes\n\nPendingFileRenameOperations + Junctions EDR Disable\n\nhttps://github.com/rad9800/FileRenameJunctionsEDRDisable\n\nCVE-2024-38819: Proof of Concept (PoC)\n\nhttps://github.com/masa42/CVE-2024-38819-POC\n\nBAADTokenBroker\n\nhttps://github.com/secureworks/BAADTokenBroker\n\n#HackersForum", "creation_timestamp": "2024-12-20T03:35:09.000000Z"}, {"uuid": "6d33e2a4-60a8-4cee-a839-8b3175ade41a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/true_secator/6217", "content": "Broadcom \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMware vCenter, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442.\n\nvCenter Server - \u044d\u0442\u043e \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0437\u0435\u043b \u0434\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 VMware vSphere, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439.\n\nCVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 TZL \u0432 \u0445\u043e\u0434\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Matrix Cup 2024. \n\n\u041e\u043d\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439  \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCE/RPC, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 vCenter, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 VMware vSphere \u0438 VMware Cloud Foundation.\n\n\u041d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043a RCE.\n\n\u041c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0439 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u0430\u0436\u0434\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u0430\u0434\u0435\u043a\u0432\u0430\u0442\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u0438\u0445 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VMware. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f vCenter Server.\n\nBroadcom \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-34048 RCE \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0442\u0440\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0443 \u0441\u0435\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c \u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vSphere, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP (CVE-2024-38813), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 root \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.", "creation_timestamp": "2024-09-18T11:18:15.000000Z"}, {"uuid": "cc1a4ce9-44a4-4ce9-8cdd-fd7705d7b5c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7514", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling\u00a0 \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/\u00a0 \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark\u00a0 \n\nScriptSentry finds misconfigured and dangerous logon scripts.\u00a0 \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:35:55.000000Z"}, {"uuid": "12db83d5-908c-482b-b25f-3b59c5ac2984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "https://t.me/true_secator/6212", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043e\u0442\u0440\u0430\u0441\u043b\u0435\u0432\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.\n\n1. Ivanti, \u043a\u0430\u043a \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c, \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0430\u0441\u044c \u0441 \u044d\u043a\u0430\u043f\u043b\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Cloud Service Appliance (CSA). CVE-2024-8190 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0441\u0438\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u041f\u041e, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a.\n\n2. Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-29847, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u0432 Ivanti Endpoint Manager, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0438 \u0442\u0443\u0442 \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n3. Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Vision Pro \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0424\u043b\u043e\u0440\u0438\u0434\u044b \u0438 \u0422\u0435\u0445\u0430\u0441\u0441\u043a\u043e\u0433\u043e \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u043e\u043b\u0438, \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u0437\u0433\u043b\u044f\u043d\u0443\u0432 \u043d\u0430 \u043a\u043b\u0430\u0432\u0438\u0448\u0438.\n\n\u041c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 GAZEploit \u0438 \u0435\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043f\u0435\u0447\u0430\u0442\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c Vision Pro, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u044f \u0433\u043b\u0430\u0437.\n\n\u0410\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 30 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u0445 \u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0430 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0442\u043e\u0447\u043d\u043e\u0441\u0442\u044c.\n\nApple \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u043a\u00a0CVE-2024-40865\u00a0 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0435\u0435 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c visionOS 1.3. \n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f visionOS 1.3 \u0431\u044b\u043b\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0438\u044e\u043b\u044f, \u043d\u043e 5 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f Apple \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0435\u0435, \u0432\u043a\u043b\u044e\u0447\u0438\u0432 CVE-2024-40865.\u00a0\n\n4. \u0415\u0449\u0435 \u043f\u043e Apple: \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432 iOS 18 \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442\u00a0\u0444\u0443\u043d\u043a\u0446\u0438\u044e\u00a0\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b iPhone, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u043a\u0430\u043c\u0435\u0440\u044b, \u0430\u043a\u043a\u0443\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u044b \u0438 \u0434\u0438\u0441\u043f\u043b\u0435\u0438. \n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u043b\u044e\u0441\u043e\u0432 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u0441\u0443\u043b\u0438\u0442 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u043c\u043e\u043d\u0442\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0434\u043b\u044f \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u043c\u0430\u0441\u0442\u0435\u0440\u0441\u043a\u0438\u0445.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0413\u0430\u0431\u043e\u0440 \u041b\u0435\u0433\u0440\u0430\u0434\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Spring Java. \n\nCVE-2024-38816 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u044e\u0431\u043e\u043c\u0443 \u0444\u0430\u0439\u043b\u0443 \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430.\n\n\u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.\n\n6. \u041c\u0438\u043a\u043a\u043e \u041a\u0435\u043d\u0442\u0442\u044f\u043b\u044f \u0432\u044b\u043a\u0430\u0442\u0438\u043b \u043e\u0442\u0447\u0435\u0442 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0441\u0435\u0440\u0438\u0438 \u043e\u0448\u0438\u0431\u043e\u043a, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u043d\u0430\u0437\u0430\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f Zero Click \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0440\u0435\u0434\u044b \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f macOS. \u0412\u0441\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 2022 \u043f\u043e \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c 2023 \u0433\u043e\u0434\u0430.\n\n7. \u0412 Positive Technologies \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e \u0441\u0430\u043c\u044b\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n\n- RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Windows Remote Desktop Licensing Service, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 MadLicense (CVE-2024-38077);\n\n- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 Mark of the Web \u0432 Windows, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 (CVE-2024-38213);\n\n- EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u044f\u0434\u0440\u0435 Windows (CVE-2024-38106), \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Ancillary Function (CVE-2024-38193) \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Power Dependency Coordinator (CVE-2024-38107);\n\n- EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache \u0434\u043b\u044f WordPress CMS (CVE-2024-28000).", "creation_timestamp": "2024-09-16T19:00:07.000000Z"}, {"uuid": "0734150d-ee29-448b-a58e-d653065b9455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/true_secator/6217", "content": "Broadcom \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMware vCenter, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442.\n\nvCenter Server - \u044d\u0442\u043e \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0437\u0435\u043b \u0434\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 VMware vSphere, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439.\n\nCVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 TZL \u0432 \u0445\u043e\u0434\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Matrix Cup 2024. \n\n\u041e\u043d\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439  \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCE/RPC, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 vCenter, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 VMware vSphere \u0438 VMware Cloud Foundation.\n\n\u041d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043a RCE.\n\n\u041c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0439 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u0430\u0436\u0434\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u0430\u0434\u0435\u043a\u0432\u0430\u0442\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u0438\u0445 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VMware. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f vCenter Server.\n\nBroadcom \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-34048 RCE \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0442\u0440\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0443 \u0441\u0435\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c \u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vSphere, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP (CVE-2024-38813), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 root \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.", "creation_timestamp": "2024-09-18T11:18:15.000000Z"}, {"uuid": "53b44125-166d-4b37-91fa-595745410b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/223650", "content": "Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\nhttps://ift.tt/SVc0WoJ", "creation_timestamp": "2024-09-18T10:05:21.000000Z"}, {"uuid": "0691ca50-dcc9-4d22-96cd-81369761187f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/true_secator/6347", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043d\u0430\u0447\u043d\u0435\u043c \u0441 \u00ab\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439\u00bb.\n\n1. Trend Micro \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Cloud Edge \u0441 CVSS 9,8/10.\n\nCVE-2024-48904 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0435 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n2. VMware \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435 \u043d\u0430 Matrix Cup 2024 \u0432 \u041a\u041d\u0420.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vCenter, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043d\u0435 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 CVE-2024-38812 \u0441 CVSS 9,8/10, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 VCenter Server \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38813 (CVSS 7,5/10), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP \u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u043c\u0443\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.\n\n3. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0430\u043d\u0442\u0438\u0447\u0438\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u044b BattlEye \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0430\u043d\u0438\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u0433\u0440\u043e\u043a\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0433\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f PvP-\u0438\u0433\u0440\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a PUBG, Rainbow Six Siege \u0438 Escape from Tarkov.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0441\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0433\u0440 \u043d\u0430\u0434 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u00ab\u043a\u0440\u0438\u0432\u044b\u0445\u00bb \u0431\u0430\u043d\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 BattlEye \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Activision \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439\u00a0\u0431\u0430\u0433 \u0432 \u0430\u043d\u0442\u0438\u0447\u0438\u0442\u0435 Call of Duty.\n\n4. Atlassian \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Bitbucket, Confluence \u0438 Jira Service Management.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Bitbucket Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e CVE-2024-21147 \u0432 Java Runtime Environment (JRE), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Confluence Data Center \u0438 Server \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0434\u0432\u0435 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0434\u0430\u0442 JavaScript Moment.js, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 2022 \u0433\u043e\u0434\u0443.\n\nCVE-2022-24785 \u0438 CVE-2022-31129 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 ReDoS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-4367, \u043e\u0448\u0438\u0431\u043a\u0438 XSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 HTML \u0438\u043b\u0438 JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f CVE-2024-29131, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache Commons Configuration, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Jira Service Management Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 CVE-2024-7254 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 Protobuf, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u0430.\n\n\u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e, \u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430.", "creation_timestamp": "2024-10-22T18:30:05.000000Z"}, {"uuid": "33510c51-0830-4edd-932f-7ae624acc30a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/true_secator/6347", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043d\u0430\u0447\u043d\u0435\u043c \u0441 \u00ab\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439\u00bb.\n\n1. Trend Micro \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Cloud Edge \u0441 CVSS 9,8/10.\n\nCVE-2024-48904 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0435 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n2. VMware \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435 \u043d\u0430 Matrix Cup 2024 \u0432 \u041a\u041d\u0420.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vCenter, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043d\u0435 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 CVE-2024-38812 \u0441 CVSS 9,8/10, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 VCenter Server \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38813 (CVSS 7,5/10), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP \u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u043c\u0443\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.\n\n3. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0430\u043d\u0442\u0438\u0447\u0438\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u044b BattlEye \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0430\u043d\u0438\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u0433\u0440\u043e\u043a\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0433\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f PvP-\u0438\u0433\u0440\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a PUBG, Rainbow Six Siege \u0438 Escape from Tarkov.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0441\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0433\u0440 \u043d\u0430\u0434 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u00ab\u043a\u0440\u0438\u0432\u044b\u0445\u00bb \u0431\u0430\u043d\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 BattlEye \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Activision \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439\u00a0\u0431\u0430\u0433 \u0432 \u0430\u043d\u0442\u0438\u0447\u0438\u0442\u0435 Call of Duty.\n\n4. Atlassian \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Bitbucket, Confluence \u0438 Jira Service Management.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Bitbucket Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e CVE-2024-21147 \u0432 Java Runtime Environment (JRE), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Confluence Data Center \u0438 Server \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0434\u0432\u0435 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0434\u0430\u0442 JavaScript Moment.js, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 2022 \u0433\u043e\u0434\u0443.\n\nCVE-2022-24785 \u0438 CVE-2022-31129 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 ReDoS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-4367, \u043e\u0448\u0438\u0431\u043a\u0438 XSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 HTML \u0438\u043b\u0438 JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f CVE-2024-29131, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache Commons Configuration, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Jira Service Management Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 CVE-2024-7254 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 Protobuf, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u0430.\n\n\u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e, \u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430.", "creation_timestamp": "2024-10-22T18:30:05.000000Z"}, {"uuid": "7cb70603-e2e8-4703-a8de-237ac432fbd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "seen", "source": "https://t.me/ctinow/227906", "content": "Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)\nhttps://ift.tt/BUZY758", "creation_timestamp": "2024-12-11T04:09:53.000000Z"}, {"uuid": "9209b7d7-2f9c-4fa9-98b0-f95bcf03e286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/225379", "content": "VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812\nhttps://ift.tt/oJgtEzw", "creation_timestamp": "2024-10-22T10:19:36.000000Z"}, {"uuid": "d5c92026-73af-43d0-9321-acf76a0c517d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38814", "type": "seen", "source": "https://t.me/ctinow/225178", "content": "VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX\nhttps://ift.tt/tzWqYNX", "creation_timestamp": "2024-10-17T09:14:47.000000Z"}, {"uuid": "7a634361-06e9-40a7-98ba-700ed71a9f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/Unik4tsG4ng/8285", "content": "\u26a0\ufe0f Critical VMware vCenter vulnerability (CVE-2024-38812) may allow remote code execution. Cybercriminals can exploit it with crafted packets, posing serious risks. \n \nLearn more: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html \n \nMake sure you\u2019re not the next victim\u2014patch your systems today.", "creation_timestamp": "2024-09-18T14:36:02.000000Z"}, {"uuid": "5349c885-e2de-482c-b3e6-e1795ce6579c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/227906", "content": "Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)\nhttps://ift.tt/BUZY758", "creation_timestamp": "2024-12-11T04:09:53.000000Z"}, {"uuid": "6f9f8342-194b-4331-b8ba-86523378fa3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/thehackernews/5595", "content": "\u26a0\ufe0f Critical VMware vCenter vulnerability (CVE-2024-38812) may allow remote code execution. Cybercriminals can exploit it with crafted packets, posing serious risks. \n \nLearn more: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html \n \nMake sure you\u2019re not the next victim\u2014patch your systems today.", "creation_timestamp": "2024-09-18T07:13:10.000000Z"}, {"uuid": "bc4189cf-99b9-4351-a742-aded5aa76e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/thehackernews/5765", "content": "VMware has released updates for CVE-2024-38812, a critical #vulnerability in vCenter Server. \n \nWith a CVSS score of 9.8, this heap-overflow flaw could allow remote code execution, fundamentally jeopardizing organizational security. \n \nRead: https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html", "creation_timestamp": "2024-10-22T09:18:14.000000Z"}, {"uuid": "992d135e-9abe-4c73-a385-3d7056d91784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/thehackernews/5908", "content": "Major security flaws in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812 and CVE-2024-38813) are actively being exploited. \n \nLearn how to mitigate this flaw and secure your system before it\u2019s too late \u2013 Read more: https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html", "creation_timestamp": "2024-11-19T07:37:25.000000Z"}, {"uuid": "5003bc56-c995-4175-8573-a50a41739003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/thehackernews/5908", "content": "Major security flaws in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812 and CVE-2024-38813) are actively being exploited. \n \nLearn how to mitigate this flaw and secure your system before it\u2019s too late \u2013 Read more: https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html", "creation_timestamp": "2024-11-19T07:37:25.000000Z"}, {"uuid": "c628afb4-e4fe-42c2-9124-1d0bdae50763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11381", "content": "#exploit\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\nhttps://blog.sonicwall.com/en-us/2024/10/vmware-vcenter-server-cve-2024-38812-dcerpc-vulnerability\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380\u00a0DLL Hijacking\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC", "creation_timestamp": "2024-11-04T17:28:48.000000Z"}, {"uuid": "ed385c00-4f49-4de4-94b4-6980e5ef1c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/26126", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T14:42:23.000000Z"}, {"uuid": "747d2de4-b01d-49d2-ba4b-ba8d1e0cafc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3279", "content": "https://github.com/masa42/CVE-2024-38816-PoC\n\nCVE-2024-38816 Proof of Concept\n#github #poc", "creation_timestamp": "2024-10-04T11:23:39.000000Z"}, {"uuid": "cb87b362-ab36-4930-8f43-d1cfc6aaff89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/CyberBulletin/26494", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "9c852e30-0fbc-4954-ad9d-c61fd6bc176c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/CyberBulletin/26494", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "a68df8f7-5078-4c19-a2f2-f73f22e9da17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/25617", "content": "\u26a1\ufe0fCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare.\n\n#CyberBulletin", "creation_timestamp": "2024-09-18T13:46:49.000000Z"}, {"uuid": "ebe7a367-3895-43e3-9082-bce101350178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/26822", "content": "\u26a1\ufe0fCVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released.\n\n#CyberBulletin", "creation_timestamp": "2024-12-16T05:52:55.000000Z"}, {"uuid": "a4b7d5c9-4796-4211-9c7a-a0f1b93c4abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "seen", "source": "https://t.me/CyberBulletin/25555", "content": "\u26a1\ufe0fCVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions.\n\n#CyberBulletin", "creation_timestamp": "2024-09-16T09:12:44.000000Z"}, {"uuid": "62912491-eedb-41f5-9840-7e12d802abf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11232", "content": "#exploit\n1. CVE-2024-38816:\nSpring Framework 6.0.3 path traversal\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\n2. CVE-2024-7479/7481:\nTeamViewer User to Kernel EoP\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\n3. CVE-2024-26304:\nCritical RCE in HPE Aruba Devices\nhttps://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits", "creation_timestamp": "2024-10-05T21:23:25.000000Z"}, {"uuid": "0db0fe05-2455-4027-9225-d3c1dda2e998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/true_secator/6445", "content": "VMware \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-38812 \u0432 vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043d\u0435\u0441\u0435\u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 Hard-to-Fix.\n\nVMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f VMSA-2024-0019, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0440\u0438\u0437\u043d\u0430\u043b \u0444\u0430\u043a\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0442\u0434\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043f\u044f\u0442\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430\u0437\u0430\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 TZL \u043d\u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Matrix Cup 2024, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c Qihoo 360 \u0438 Beijing Huayun'an Information Technology, \u0438 \u0438\u043c\u0435\u0435\u0442 CVSS 9,8/10.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a RCE.\n\n\u041d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u00a0\u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443. \n\nK\u0422\u0430\u043a, \u043a\u0430\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0438\u0441\u044c \u0432 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430 \u043d\u0435 \u0432 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 CVE-2024-38812.\n\n\u0413\u0438\u0433\u0430\u043d\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432: vCenter Server 8.0 U3b \u0438 7.0 U3s, VMware Cloud Foundation 5.x (\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 8.0 U3b) \u0438 VMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 7.0 U3s).\n\n\u0414\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 VMware \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 IoC.", "creation_timestamp": "2024-11-19T11:52:17.000000Z"}, {"uuid": "2626167b-25a7-4c19-88f3-550a28743eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11586", "content": "#exploit \n1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE\nhttps://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875\n\n2. CVE-2024-38819:\nhttps://github.com/masa42/CVE-2024-38819-POC\n\n3. CVE-2024-24942:\nPath traversal in SwaggerUI-java\u00a0within JetBrains TeamCity\nhttps://blog.0daylabs.com/2024/12/11/jetbrains-teamcity-authbypass-path-traversal", "creation_timestamp": "2024-12-21T18:13:24.000000Z"}, {"uuid": "9a673c86-4b7d-4fa7-bf21-5568593e3c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/true_secator/6445", "content": "VMware \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-38812 \u0432 vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043d\u0435\u0441\u0435\u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 Hard-to-Fix.\n\nVMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f VMSA-2024-0019, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0440\u0438\u0437\u043d\u0430\u043b \u0444\u0430\u043a\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0442\u0434\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043f\u044f\u0442\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430\u0437\u0430\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 TZL \u043d\u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Matrix Cup 2024, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c Qihoo 360 \u0438 Beijing Huayun'an Information Technology, \u0438 \u0438\u043c\u0435\u0435\u0442 CVSS 9,8/10.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a RCE.\n\n\u041d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u00a0\u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443. \n\nK\u0422\u0430\u043a, \u043a\u0430\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0438\u0441\u044c \u0432 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430 \u043d\u0435 \u0432 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 CVE-2024-38812.\n\n\u0413\u0438\u0433\u0430\u043d\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432: vCenter Server 8.0 U3b \u0438 7.0 U3s, VMware Cloud Foundation 5.x (\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 8.0 U3b) \u0438 VMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 7.0 U3s).\n\n\u0414\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 VMware \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 IoC.", "creation_timestamp": "2024-11-19T11:52:17.000000Z"}, {"uuid": "474a8f6d-4507-4b2c-8b2f-b3d1ba336b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/515", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:35.000000Z"}, {"uuid": "d86aeb35-4df1-4b41-a73f-b03be0be44a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/690", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser <24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:26.000000Z"}, {"uuid": "50340c59-91e9-4530-a386-5e6de8c71664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38813", "type": "exploited", "source": "https://t.me/InfoSecInsider/718", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:13.000000Z"}, {"uuid": "c51d59be-d0ac-4ca3-babd-af53df0a74e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/InfoSecInsider/718", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:13.000000Z"}, {"uuid": "091d6d21-bf34-48ed-a7af-a091924a23fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38816", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/496", "content": "Tools Hackers Factory \n\nRecords an executable's network activity into a Full Packet Capture file (.pcap) and much more. \n\nhttps://github.com/H4NM/WhoYouCalling\u00a0 \n\nLinux kernel Netfilter Use-After-Free leads to LPE \n\nhttps://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26808_cos/docs/exploit.md\n\nFrom object transition to RCE in the Chrome renderer \n\nhttps://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/\u00a0 \n\nDeep Linux runtime visibility meets Wireshark \n\nhttps://github.com/aquasecurity/traceeshark\u00a0 \n\nScriptSentry finds misconfigured and dangerous logon scripts.\u00a0 \n\nhttps://github.com/techspence/scriptsentry\n\nActivation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) \n\nhttps://github.com/fortra/CVE-2024-6769\n\nCVE-2024-38816: Path traversal vulnerability in Spring Frameworks\n\nhttps://github.com/masa42/CVE-2024-38816-PoC\n\nexploit_dev/browsers/v8/CVE-2024-5830 at main \u00b7 uf0o/exploit_dev'\n\nhttps://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830\n\nNameless C2 - A C2 with all its components written in Rust\n\nhttps://github.com/trickster0/NamelessC2\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-13T05:36:02.000000Z"}, {"uuid": "07d7efa2-f547-4e4e-9f10-4592c6b515cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38819", "type": "seen", "source": "https://t.me/suboxone_chatroom/1563", "content": "#exploit \n1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE\nhttps://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875\n\n2. CVE-2024-38819:\nhttps://github.com/masa42/CVE-2024-38819-POC\n\n3. CVE-2024-24942:\nPath traversal in SwaggerUI-java\u00a0within JetBrains TeamCity\nhttps://blog.0daylabs.com/2024/12/11/jetbrains-teamcity-authbypass-path-traversal", "creation_timestamp": "2025-01-27T07:06:59.000000Z"}]}