{"vulnerability": "CVE-2024-38812", "sightings": [{"uuid": "173b25b1-782d-4a89-982f-0a7b9f0c095a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:16:01.199652Z"}, {"uuid": "b83e0d3c-515d-41a2-bb72-cbb2d40ef408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "confirmed", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:16:13.284917Z"}, {"uuid": "b44e69bb-c78b-4511-8fc9-53f14b8e7582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": null, "content": "", "creation_timestamp": "2024-10-22T13:20:38.848307Z"}, {"uuid": "e0c1565f-1d1f-47f6-b0dc-3042bdbbdc27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2720005", "content": "", "creation_timestamp": "2024-11-20T17:24:09.151714Z"}, {"uuid": "cd077109-ed8f-448c-b2bf-81c66fe6c72f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/patchnow24x7/statuses/113518774211162459", "content": "", "creation_timestamp": "2024-11-21T03:17:10.949962Z"}, {"uuid": "dd3b8c46-1a5f-463f-8eb7-6418f46d8a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113516051541690814", "content": "", "creation_timestamp": "2024-11-20T15:44:46.353037Z"}, {"uuid": "9cc212dc-4ce8-4599-9078-c6d41cc7f957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/catc0n/statuses/113506159522349936", "content": "", "creation_timestamp": "2024-11-18T21:49:05.859158Z"}, {"uuid": "7be81930-81c4-4962-bceb-cde62bd630d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113505259568672387", "content": "", "creation_timestamp": "2024-11-18T18:00:14.073819Z"}, {"uuid": "9e787c16-d1b6-40b9-94f4-8505aeefde11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-11-20T18:10:02.000000Z"}, {"uuid": "fd8f0ebb-1f41-493f-81db-79c1b49c9069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-28088f46-fd577d223f0addbd", "content": "", "creation_timestamp": "2025-02-17T09:37:52.128691Z"}, {"uuid": "dcfb2059-ef75-479b-b288-936012853d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:02.000000Z"}, {"uuid": "8b12db8e-7b6b-4610-8804-4168becb7ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lrbqwoq4ey2p", "content": "", "creation_timestamp": "2025-06-10T20:41:42.336852Z"}, {"uuid": "ccbfa836-382e-40d7-81ac-2f89cf95ff5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://gist.github.com/Darkcrai86/f478a7b258a4ba4e77c13e27154ee51f", "content": "", "creation_timestamp": "2025-12-05T13:02:24.000000Z"}, {"uuid": "9b156a6a-c65d-46a5-8dd8-3bdc73ee2102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://vulnerability.circl.lu/comment/a3186180-3808-47e1-8347-071389b4f994", "content": "", "creation_timestamp": "2024-10-22T13:20:32.036514Z"}, {"uuid": "91cb3765-2335-4e4d-9f4c-25487c27b6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1376", "content": "", "creation_timestamp": "2024-09-19T04:00:00.000000Z"}, {"uuid": "edbadb68-076c-48fd-8459-5cb05aa26e7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2024", "content": "", "creation_timestamp": "2024-09-18T08:24:29.000000Z"}, {"uuid": "7b34c9d9-beb4-4fa9-9fb1-a4c0f4a287d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f956e3aa-3257-4dc8-9772-6fbeaca7055b", "content": "", "creation_timestamp": "2026-02-02T12:26:21.490591Z"}, {"uuid": "796df421-5898-4dfe-8938-28e39a6a2ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8830", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38812 : Critical Heap-Buffer Overflow vulnerability in VMWare vCenter.\nURL\uff1ahttps://github.com/groshi/CVE-2024-38812-POC-5-Hands-Private\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-24T12:57:52.000000Z"}, {"uuid": "f56b1af5-61cf-4241-b8b7-817b36d51368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/HackingInsights/13497", "content": "\u200aBroadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\n\nhttps://securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html", "creation_timestamp": "2024-09-19T13:16:58.000000Z"}, {"uuid": "4ff766c3-b41d-4abb-9b79-13b357c14cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/HackingInsights/13407", "content": "Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\nhttps://ift.tt/SVc0WoJ", "creation_timestamp": "2024-09-18T16:01:53.000000Z"}, {"uuid": "ae8aa784-799a-4be0-8af3-ffd53d494e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/itsec_news/4734", "content": "\u200b\u26a1\ufe0fCVE-2024-38812: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2024-38812 , \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 DCE/RPC.\n\n\u041f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 vCenter.\n\n\u042d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0441\u0445\u043e\u0436 \u0441 \u0434\u0432\u0443\u043c\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u2014 CVE-2024-37079 \u0438 CVE-2024-37080, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430. \u041e\u0446\u0435\u043d\u043a\u0430 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9.8 \u043f\u043e CVSS.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 CVE-2024-38813 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 7.5, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root. \u0410\u0442\u0430\u043a\u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043f\u0440\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Matrix Cup, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0432 \u041a\u0438\u0442\u0430\u0435 \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nvCenter Server 8.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nvCenter Server 7.0 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s);\nVMware Cloud Foundation 5.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0438 8.0 U3b);\nVMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 7.0 U3s).\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Broadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430, \u0447\u0442\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043b\u0443\u0436\u0431 VMware vCenter.\n\n\u042d\u0442\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0441\u043e\u0432\u043f\u0430\u043b\u0438 \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u0438 \u0424\u0411\u0420. \u0412 \u043d\u0451\u043c \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting (XSS), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-19T13:23:48.000000Z"}, {"uuid": "fbd23b51-2de1-4157-8987-8620d1234ada", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ics_cert/959", "content": "\u0647\u0634\u062f\u0627\u0631!! VMware \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0627\u0646\u062a\u0634\u0627\u0631 CVE-2024-38812 \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 \u0631\u0641\u0639 \u0645\u0634\u06a9\u0644 \u0637\u0628\u0642\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\nVMware \u06cc\u06a9 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0628\u0631\u0627\u06cc \u0628\u0648\u0644\u062a\u0646 \u062e\u0648\u062f VMSA-2024-0019 \u0635\u0627\u062f\u0631 \u06a9\u0631\u062f \u0648 \u062d\u0645\u0644\u0627\u062a \u0641\u0639\u0627\u0644\u06cc \u0631\u0627 \u06a9\u0647 CVE-2024-38812 \u0648 CVE-2024-38813 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0631\u062f \u0648 \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062e\u0648\u0627\u0633\u062a \u0627\u0648\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0648\u0635\u0644\u0647\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u0628\u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u067e\u0646\u062c \u0645\u0627\u0647 \u067e\u06cc\u0634 \u062a\u0648\u0633\u0637 \u062a\u06cc\u0645 TZL \u062f\u0631 \u0645\u0633\u0627\u0628\u0642\u0627\u062a \u0647\u06a9 \u0686\u06cc\u0646\u06cc Matrix Cup 2024 \u06a9\u0647 \u062a\u0648\u0633\u0637 Qihoo 360 \u0648 Beijing Huayun'an \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u062f\u0647\u06cc \u0634\u062f\u060c \u06a9\u0634\u0641 \u0634\u062f \u0648 \u062f\u0627\u0631\u0627\u06cc CVSS 9.8/10 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0633\u0631\u0631\u06cc\u0632 \u067e\u0634\u062a\u0647 \u062f\u0631 \u0627\u062c\u0631\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 \u0645\u062d\u06cc\u0637 \u0645\u062d\u0627\u0633\u0628\u0627\u062a\u06cc \u062a\u0648\u0632\u06cc\u0639 \u0634\u062f\u0647/ \u0641\u0631\u0627\u062e\u0648\u0627\u0646 \u0631\u0648\u06cc\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (DCERPC) \u062f\u0631 \u0633\u0631\u0648\u0631 vCenter \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\nVMware \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0647 \u0633\u0631\u0648\u0631 vCenter \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0628\u0633\u062a\u0647 \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0628\u0647 \u0645\u062f\u062a \u0686\u0647\u0627\u0631 \u0645\u0627\u0647\u060c \u0634\u0631\u06a9\u062a \u0633\u0639\u06cc \u06a9\u0631\u062f \u0627\u06cc\u0646 \u062e\u0637\u0627\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f. \n\nKSo\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 VMware \u0627\u0639\u062a\u0631\u0627\u0641 \u06a9\u0631\u062f\u060c \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc 17 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2024 \u0646\u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062a\u0623\u062b\u06cc\u0631 CVE-2024-38812 \u0631\u0627 \u06a9\u0627\u0647\u0634 \u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u063a\u0648\u0644 \u0645\u062c\u0627\u0632\u06cc \u0633\u0627\u0632\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a: vCenter Server 8.0 U3b \u0648 7.0 U3s\u060c VMware Cloud Foundation 5.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 8.0 U3b) \u0648 VMware Cloud Foundation 4.x (\u0631\u0641\u0639 \u0634\u062f\u0647 \u062f\u0631 7.0 U3s).\n\n\u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632\u060c VMware \u062c\u0632\u0626\u06cc\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0648\u0627\u0631\u062f \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u06cc\u0627 IoC \u0627\u0631\u0627\u0626\u0647 \u0646\u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-22T08:09:01.000000Z"}, {"uuid": "d60390ee-ed38-4f51-b361-c00004a58d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ics_cert/918", "content": "\ud83d\udd0e \u0645\u0627 \u0628\u0647\u200c\u0633\u0631\u0639\u062a \u0633\u0631\u0648\u0631 vCenter \u0648 VMware Cloud Foundation \u0631\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\n\nBroadcom \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38812\u060c CVSS 9.8) \u0648 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 (CVE-2024-38813\u060c CVSS 7.5) \u0631\u0627 \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0648 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0628\u0631\u0627\u06cc \u0631\u0648\u062a \u06a9\u0631\u062f\u0646 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc vCenter \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f. \u062d\u0645\u0644\u0647 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0628\u06a9\u0647 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0627\u0646\u062a\u0638\u0627\u0631 \u0628\u0631\u0627\u06cc \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u06cc\u0633\u062a.\n\nBroadcom \u062f\u0631 \u067e\u0631\u0633\u0634\u200c\u0647\u0627\u06cc \u0645\u062a\u062f\u0627\u0648\u0644 \u062a\u0627\u06a9\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062d\u062a\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646\u06cc \u06a9\u0647 \u0642\u0631\u0627\u0631\u062f\u0627\u062f \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u0646\u0642\u0636\u06cc \u0634\u062f\u0647 \u062f\u0627\u0631\u0646\u062f \u0646\u06cc\u0632 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc \u0648 \u06a9\u0627\u0647\u0634\u06cc \u0631\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0646\u0645\u06cc \u06a9\u0646\u062f - \u0641\u0642\u0637 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc.\n\nhttps://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/\n\n\ud83c\udfaf \u062f\u0631 \u062c\u0631\u06cc\u0627\u0646 \u0646\u0628\u0636 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0635\u0646\u0639\u062a\u06cc \u0628\u0627\u0634\u06cc\u062f:\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert", "creation_timestamp": "2024-09-23T03:57:47.000000Z"}, {"uuid": "70201da6-5768-43a6-ba7f-b2ea34e33353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/BleepingComputer/20889", "content": "\u200aVMware fixes bad patch for critical vCenter Server RCE flaw\n\nVMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]\n\nhttps://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/", "creation_timestamp": "2024-10-22T15:25:44.000000Z"}, {"uuid": "eb70a393-16af-4373-8c76-e38fcbc2c099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/kasperskyb2b/1418", "content": "\ud83d\udd0e \u0421\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c vCenter Server \u0438 VMware Cloud Foundation\n\nBroadcom \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0434\u043d\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e (CVE-2024-38812, CVSS 9.8) \u0438 \u043e\u0434\u043d\u0443 \u0432\u0430\u0436\u043d\u0443\u044e (CVE-2024-38813, CVSS 7.5) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 vCenter. \u0410\u0442\u0430\u043a\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0436\u0434\u0430\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\nBroadcom \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0432 FAQ, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u0430\u0436\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442\u043e\u043c \u043d\u0430 \u0442\u0435\u0445\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443. \u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0438 \u0441\u043c\u044f\u0433\u0447\u0430\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u0442\u043e\u0436\u0435 \u043d\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u2014 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u043f\u0430\u0442\u0447\u0438 @\u041f2\u0422", "creation_timestamp": "2024-09-18T17:05:15.000000Z"}, {"uuid": "85c86f08-62d8-4c47-a5af-b16524bf417d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/CyberBulletin/1520", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 &amp; CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "b6e504e0-436e-4557-8c9d-c7bbd12494d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ton618cyber/3917", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom patches critical VMware vCenter Server vulnerability, CVE-2024-38812, preventing remote code execution. Update now.\n\nthehackernews.com \u2022 Sep 18, 2024", "creation_timestamp": "2024-09-19T10:27:09.000000Z"}, {"uuid": "8ade6544-3095-4839-802f-0f425254afe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/cvedetector/5831", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38812 - VMware vCenter Server DCERPC Heap Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-38812 \nPublished : Sept. 17, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T20:37:49.000000Z"}, {"uuid": "5bf64ef6-64ea-4535-b111-52936ffd36b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/bizone_channel/1562", "content": "\u0421\u043f\u0443\u0441\u0442\u044f \u0434\u0432\u0430 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u043d\u0430\u0448\u0435\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u0438 CVE-2024-38812 \u0438 CVE-2024-38813 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 security advisory, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0437\u0430\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u00ab\u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\u00bb.\n\n\u041f\u043e\u043a\u0430 \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u0447\u0442\u043e \u0441\u0438\u043b\u044c\u043d\u043e \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0438\u0445 \u0441\u0442\u043e\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043c\u044b \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c: \n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-22T08:14:43.000000Z"}, {"uuid": "794edc03-2619-4ad8-8df9-74f5c21e2121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/bizone_channel/1553", "content": "\ud83d\udd2b \u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u0438 CVE-2024-38813\n\nCVE-2024-38812 \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCERPC \u0432 VMware vCenter, \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043c\u0430\u0448\u0438\u043d\u0430\u043c\u0438 VMware ESXi. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0438\u0448\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0441\u0432\u044f\u0437\u043d\u043e\u0441\u0442\u0438 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0445\u043e\u0441\u0442\u043e\u043c. \n\nCVE-2024-38813 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c DCERPC.\n\nCVE-2024-38812 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430, \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u0432 \u043a\u0443\u0447\u0435, \u043f\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c\u0443 \u0441\u0434\u0432\u0438\u0433\u0443. \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u043a\u0443\u043f\u0435 \u0441 CVE-2024-38813 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \n\n\u0421\u0435\u0440\u0432\u0438\u0441\u044b vCenter, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e DCERPC:\n\u2014 vmdird (TCP-\u043f\u043e\u0440\u0442 2012);\n\u2014 vmcad (TCP-\u043f\u043e\u0440\u0442 2014);\n\u2014 vmafdd (TCP-\u043f\u043e\u0440\u0442 2020).\n\nVMware \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u043b\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043f\u0430\u0442\u0447\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u044c CVE-2024-38812 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0439 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c:\n\u2014 7.0 U3t \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430;\n\u2014 8.0 U3d.", "creation_timestamp": "2024-11-16T11:37:51.000000Z"}, {"uuid": "774b0328-ed26-4876-bce5-021566c9c763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/772", "content": "\u26a1\ufe0fCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare.\n\n#CyberBulletin", "creation_timestamp": "2024-09-18T12:59:20.000000Z"}, {"uuid": "704ff6ae-a259-4495-ad09-db4068a2193f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ton618cyber/978", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom patches critical VMware vCenter Server vulnerability, CVE-2024-38812, preventing remote code execution. Update now.\n\nthehackernews.com \u2022 Sep 18, 2024", "creation_timestamp": "2024-09-19T10:27:10.000000Z"}, {"uuid": "5521c075-81c8-4146-8733-6fbff35601eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/iOC4Lup2lwlIMzUj8_8JZNJnhmDWVbA56AyyjsAwMViIdQ", "content": "", "creation_timestamp": "2024-10-22T11:49:56.000000Z"}, {"uuid": "e17db0d5-c51f-4e96-a2a7-6bc7efbd202e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/E9EOZ_v-I6JA95QsXtV5xoHKQJ4dGewZcRNASHOG-UbMIw", "content": "", "creation_timestamp": "2024-09-18T11:19:43.000000Z"}, {"uuid": "14426288-5a20-4b2b-9752-3e9e43d51310", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/13393", "content": "\u200aCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare\n\nhttps://securityonline.info/cve-2024-38812-vmwares-9-8-severity-security-nightmare/", "creation_timestamp": "2024-09-18T09:07:11.000000Z"}, {"uuid": "7e9a7178-40c7-41bb-88db-872100040b8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/20582", "content": "The Hacker News\nPatch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T11:19:42.000000Z"}, {"uuid": "03269360-8bb5-4b95-978f-1d291a82bae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "Telegram/h9CUOW6CUzeqFx0IHU8Q2FuIf5q9P3am7faYZgCTDOH5YA", "content": "", "creation_timestamp": "2024-10-22T11:14:30.000000Z"}, {"uuid": "5012852e-f6ed-454d-a84e-fa6639a04749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "Telegram/bexzPYTiFYkSrgj8hjTxPixzJKVK9eDhosTntuUSNDmkQg", "content": "", "creation_timestamp": "2024-09-18T10:18:09.000000Z"}, {"uuid": "ad251d66-3d80-4c43-9879-0b66aa0a091c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1216", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T04:10:10.000000Z"}, {"uuid": "135fedd9-cbbf-48ce-aa57-1df79129b80c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4225", "content": "The Hacker News\nPatch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T11:19:42.000000Z"}, {"uuid": "481daf7f-b769-423f-8aeb-57401203f68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/KomunitiSiber/2749", "content": "VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability\nhttps://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html\n\nVMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by", "creation_timestamp": "2024-10-22T09:14:32.000000Z"}, {"uuid": "de92b070-a103-49f5-8cb7-2286ccaa9746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/KomunitiSiber/2584", "content": "Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution\nhttps://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html\n\nBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.\nThe vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a", "creation_timestamp": "2024-09-18T09:25:24.000000Z"}, {"uuid": "7e9ce560-972c-4232-ab3f-0da8690d5bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/24564", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 &amp; CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:11.000000Z"}, {"uuid": "e46701d8-9de4-467d-adb7-e0a12c2ca233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24431", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:25.000000Z"}, {"uuid": "efeda8f2-6d68-4ce8-aa5f-88be17089ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9017", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "c87e4d14-5d97-4ea9-8f77-b80d48087ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/24128", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:22.000000Z"}, {"uuid": "da1d29d3-dbb3-4e80-8f9b-0d72c0f0eaf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "Telegram/1Y48sbJalwzmjtpy8mrSQRzHV0k1YoE21RNTYne2JN6FN9Pc", "content": "", "creation_timestamp": "2024-10-23T08:25:07.000000Z"}, {"uuid": "dd2b143c-f96f-4534-a92e-163e0970136d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7636", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:21.000000Z"}, {"uuid": "0734150d-ee29-448b-a58e-d653065b9455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/true_secator/6217", "content": "Broadcom \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMware vCenter, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442.\n\nvCenter Server - \u044d\u0442\u043e \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0437\u0435\u043b \u0434\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 VMware vSphere, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439.\n\nCVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 TZL \u0432 \u0445\u043e\u0434\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Matrix Cup 2024. \n\n\u041e\u043d\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439  \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCE/RPC, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 vCenter, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 VMware vSphere \u0438 VMware Cloud Foundation.\n\n\u041d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043a RCE.\n\n\u041c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0439 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u0430\u0436\u0434\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u0430\u0434\u0435\u043a\u0432\u0430\u0442\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u0438\u0445 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VMware. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f vCenter Server.\n\nBroadcom \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-34048 RCE \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0442\u0440\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0443 \u0441\u0435\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c \u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vSphere, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP (CVE-2024-38813), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 root \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.", "creation_timestamp": "2024-09-18T11:18:15.000000Z"}, {"uuid": "33510c51-0830-4edd-932f-7ae624acc30a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/true_secator/6347", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043d\u0430\u0447\u043d\u0435\u043c \u0441 \u00ab\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439\u00bb.\n\n1. Trend Micro \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Cloud Edge \u0441 CVSS 9,8/10.\n\nCVE-2024-48904 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0435 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n2. VMware \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435 \u043d\u0430 Matrix Cup 2024 \u0432 \u041a\u041d\u0420.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vCenter, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043d\u0435 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 CVE-2024-38812 \u0441 CVSS 9,8/10, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 VCenter Server \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38813 (CVSS 7,5/10), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP \u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u043c\u0443\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.\n\n3. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0430\u043d\u0442\u0438\u0447\u0438\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u044b BattlEye \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0430\u043d\u0438\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u0433\u0440\u043e\u043a\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0433\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f PvP-\u0438\u0433\u0440\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a PUBG, Rainbow Six Siege \u0438 Escape from Tarkov.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0441\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0433\u0440 \u043d\u0430\u0434 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u00ab\u043a\u0440\u0438\u0432\u044b\u0445\u00bb \u0431\u0430\u043d\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 BattlEye \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Activision \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439\u00a0\u0431\u0430\u0433 \u0432 \u0430\u043d\u0442\u0438\u0447\u0438\u0442\u0435 Call of Duty.\n\n4. Atlassian \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Bitbucket, Confluence \u0438 Jira Service Management.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Bitbucket Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e CVE-2024-21147 \u0432 Java Runtime Environment (JRE), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Confluence Data Center \u0438 Server \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0434\u0432\u0435 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0434\u0430\u0442 JavaScript Moment.js, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 2022 \u0433\u043e\u0434\u0443.\n\nCVE-2022-24785 \u0438 CVE-2022-31129 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 ReDoS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-4367, \u043e\u0448\u0438\u0431\u043a\u0438 XSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 HTML \u0438\u043b\u0438 JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f CVE-2024-29131, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache Commons Configuration, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Jira Service Management Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 CVE-2024-7254 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 Protobuf, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u0430.\n\n\u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e, \u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430.", "creation_timestamp": "2024-10-22T18:30:05.000000Z"}, {"uuid": "53b44125-166d-4b37-91fa-595745410b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/223650", "content": "Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812\nhttps://ift.tt/SVc0WoJ", "creation_timestamp": "2024-09-18T10:05:21.000000Z"}, {"uuid": "9209b7d7-2f9c-4fa9-98b0-f95bcf03e286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/225379", "content": "VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812\nhttps://ift.tt/oJgtEzw", "creation_timestamp": "2024-10-22T10:19:36.000000Z"}, {"uuid": "5349c885-e2de-482c-b3e6-e1795ce6579c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ctinow/227906", "content": "Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)\nhttps://ift.tt/BUZY758", "creation_timestamp": "2024-12-11T04:09:53.000000Z"}, {"uuid": "7a634361-06e9-40a7-98ba-700ed71a9f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/Unik4tsG4ng/8285", "content": "\u26a0\ufe0f Critical VMware vCenter vulnerability (CVE-2024-38812) may allow remote code execution. Cybercriminals can exploit it with crafted packets, posing serious risks. \n \nLearn more: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html \n \nMake sure you\u2019re not the next victim\u2014patch your systems today.", "creation_timestamp": "2024-09-18T14:36:02.000000Z"}, {"uuid": "6f9f8342-194b-4331-b8ba-86523378fa3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/thehackernews/5595", "content": "\u26a0\ufe0f Critical VMware vCenter vulnerability (CVE-2024-38812) may allow remote code execution. Cybercriminals can exploit it with crafted packets, posing serious risks. \n \nLearn more: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html \n \nMake sure you\u2019re not the next victim\u2014patch your systems today.", "creation_timestamp": "2024-09-18T07:13:10.000000Z"}, {"uuid": "bc4189cf-99b9-4351-a742-aded5aa76e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/thehackernews/5765", "content": "VMware has released updates for CVE-2024-38812, a critical #vulnerability in vCenter Server. \n \nWith a CVSS score of 9.8, this heap-overflow flaw could allow remote code execution, fundamentally jeopardizing organizational security. \n \nRead: https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html", "creation_timestamp": "2024-10-22T09:18:14.000000Z"}, {"uuid": "5003bc56-c995-4175-8573-a50a41739003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/thehackernews/5908", "content": "Major security flaws in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812 and CVE-2024-38813) are actively being exploited. \n \nLearn how to mitigate this flaw and secure your system before it\u2019s too late \u2013 Read more: https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html", "creation_timestamp": "2024-11-19T07:37:25.000000Z"}, {"uuid": "ed385c00-4f49-4de4-94b4-6980e5ef1c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/26126", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T14:42:23.000000Z"}, {"uuid": "9c852e30-0fbc-4954-ad9d-c61fd6bc176c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/CyberBulletin/26494", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 &amp; CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:27:03.000000Z"}, {"uuid": "a68df8f7-5078-4c19-a2f2-f73f22e9da17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/CyberBulletin/25617", "content": "\u26a1\ufe0fCVE-2024-38812: VMware\u2019s 9.8 Severity Security Nightmare.\n\n#CyberBulletin", "creation_timestamp": "2024-09-18T13:46:49.000000Z"}, {"uuid": "c628afb4-e4fe-42c2-9124-1d0bdae50763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11381", "content": "#exploit\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\nhttps://blog.sonicwall.com/en-us/2024/10/vmware-vcenter-server-cve-2024-38812-dcerpc-vulnerability\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380\u00a0DLL Hijacking\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC", "creation_timestamp": "2024-11-04T17:28:48.000000Z"}, {"uuid": "9a673c86-4b7d-4fa7-bf21-5568593e3c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/true_secator/6445", "content": "VMware \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-38812 \u0432 vCenter Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043d\u0435\u0441\u0435\u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 Hard-to-Fix.\n\nVMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f VMSA-2024-0019, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0440\u0438\u0437\u043d\u0430\u043b \u0444\u0430\u043a\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 CVE-2024-38812 \u0438 CVE-2024-38813, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0442\u0434\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043f\u044f\u0442\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430\u0437\u0430\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 TZL \u043d\u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Matrix Cup 2024, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c Qihoo 360 \u0438 Beijing Huayun'an Information Technology, \u0438 \u0438\u043c\u0435\u0435\u0442 CVSS 9,8/10.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a RCE.\n\n\u041d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u00a0\u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443. \n\nK\u0422\u0430\u043a, \u043a\u0430\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0438\u0441\u044c \u0432 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430 \u043d\u0435 \u0432 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 CVE-2024-38812.\n\n\u0413\u0438\u0433\u0430\u043d\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432: vCenter Server 8.0 U3b \u0438 7.0 U3s, VMware Cloud Foundation 5.x (\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 8.0 U3b) \u0438 VMware Cloud Foundation 4.x (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 7.0 U3s).\n\n\u0414\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 VMware \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 IoC.", "creation_timestamp": "2024-11-19T11:52:17.000000Z"}, {"uuid": "d86aeb35-4df1-4b41-a73f-b03be0be44a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/690", "content": "Tools - Hackers Factory \n\nProof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow\n\nhttps://github.com/0xHossam/KernelCallbackTable-Injection-PoC\n\n#DFIR\nhttps://github.com/OMENScan/OMENS\n\nGenerate a MITRE ATT&amp;CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&amp;CK Techniques data is updated daily\n\nhttps://github.com/Galeax/CVE2CAPEC\n\n#exploit\n\n1. CVE-2024-46483:\nPre-Auth Heap Overflow in Xlight SFTP server\n\nhttps://github.com/kn32/cve-2024-46483\n\n2. CVE-2024-38812:\nVMWare vCenter Server DCERPC\n\n3. CVE-2024-6473:\nYandex Browser &lt;24.7.1.380 DLL Hijacking\n\nhttps://github.com/12345qwert123456/CVE-2024-6473-PoC\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-15T05:24:26.000000Z"}, {"uuid": "c51d59be-d0ac-4ca3-babd-af53df0a74e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://t.me/InfoSecInsider/718", "content": "\u26a1\ufe0fActively Exploited VMware Vulnerabilities (CVE-2024-38812 &amp; CVE-2024-38813) Threaten Virtualized Infrastructure.\n\n#CyberBulletin", "creation_timestamp": "2024-11-19T06:37:13.000000Z"}, {"uuid": "474a8f6d-4507-4b2c-8b2f-b3d1ba336b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/InfoSecInsider/515", "content": "\u26a1\ufe0fVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:35.000000Z"}, {"uuid": "8d4e484d-2c1e-4f7a-b2b1-09263e846318", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/330bd852-e384-4871-85aa-e4c7be7c0810", "content": "", "creation_timestamp": "2026-06-19T12:46:31.259330Z"}, {"uuid": "d39015fe-410d-4478-8c26-39c5fa379a5d", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f3bdc8ab-ef49-4979-a858-73c1f3255c54", "content": "", "creation_timestamp": "2026-06-23T14:06:01.340102Z"}, {"uuid": "a867fbb8-c9e2-4f30-a95a-0da966e83990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ZerodayAlert/337", "content": "\u0412\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 vCenter\n\n\ud83d\udcbb \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 VMware vCenter Server. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83d\udee1 Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 vCenter Server. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83c\udfc6 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f Matrix Cup. \u042d\u0442\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u0435 \u0441\u043e\u0432\u043f\u0430\u043b\u043e \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 CISA \u0438 \u0424\u0411\u0420 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #VMware #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\n\n@ZerodayAlert", "creation_timestamp": "2026-07-06T11:00:04.192940Z"}, {"uuid": "3722b759-d624-4b5b-a2c0-610f86d14862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ZerodayAlert/337", "content": "\u0412\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 vCenter\n\n\ud83d\udcbb \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 VMware vCenter Server. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83d\udee1 Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 vCenter Server. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83c\udfc6 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f Matrix Cup. \u042d\u0442\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u0435 \u0441\u043e\u0432\u043f\u0430\u043b\u043e \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 CISA \u0438 \u0424\u0411\u0420 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #VMware #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\n\n@ZerodayAlert", "creation_timestamp": "2026-07-07T00:00:06.407504Z"}, {"uuid": "75f49e12-fe01-48f5-b5b1-36b17a0e6ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/brutsecurity/935", "content": "CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating \ud83d\udd25\n\nHeap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/44tRg\n\ud83d\udc49 Dork: http.title:\"ID_VC_Welcome\" OR certificate.issuer.domain_component:\"vsphere\"\n\nVendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", "creation_timestamp": "2026-07-09T03:00:12.667895Z"}, {"uuid": "3b652254-f4c0-47af-a318-76d42092786f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/brutsecurity/935", "content": "CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating \ud83d\udd25\n\nHeap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/44tRg\n\ud83d\udc49 Dork: http.title:\"ID_VC_Welcome\" OR certificate.issuer.domain_component:\"vsphere\"\n\nVendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", "creation_timestamp": "2026-07-10T00:00:36.526004Z"}, {"uuid": "e7c3192c-1cdc-4fa6-9a8a-44d9d018b6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/935", "content": "CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating \ud83d\udd25\n\nHeap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/44tRg\n\ud83d\udc49 Dork: http.title:\"ID_VC_Welcome\" OR certificate.issuer.domain_component:\"vsphere\"\n\nVendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", "creation_timestamp": "2026-07-11T17:00:04.210707Z"}, {"uuid": "242af763-1d81-4780-80bc-ce447df574ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ZerodayAlert/337", "content": "\u0412\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 vCenter\n\n\ud83d\udcbb \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 VMware vCenter Server. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83d\udee1 Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 vCenter Server. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83c\udfc6 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f Matrix Cup. \u042d\u0442\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u0435 \u0441\u043e\u0432\u043f\u0430\u043b\u043e \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 CISA \u0438 \u0424\u0411\u0420 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #VMware #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\n\n@ZerodayAlert", "creation_timestamp": "2026-07-11T20:00:06.592796Z"}, {"uuid": "66e9a1df-5305-46a3-a52f-2414641c483a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/ZerodayAlert/337", "content": "\u0412\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 vCenter\n\n\ud83d\udcbb \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 VMware vCenter Server. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83d\udee1 Broadcom \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 vCenter Server. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83c\udfc6 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b TZL \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u044f Matrix Cup. \u042d\u0442\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u0435 \u0441\u043e\u0432\u043f\u0430\u043b\u043e \u0441 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 CISA \u0438 \u0424\u0411\u0420 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 cross-site scripting.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #VMware #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\n\n@ZerodayAlert", "creation_timestamp": "2026-07-12T00:00:39.861712Z"}, {"uuid": "509731a8-6ea0-424e-aef2-fbdb4c03addb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/935", "content": "CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating \ud83d\udd25\n\nHeap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/44tRg\n\ud83d\udc49 Dork: http.title:\"ID_VC_Welcome\" OR certificate.issuer.domain_component:\"vsphere\"\n\nVendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", "creation_timestamp": "2026-07-12T00:00:42.576417Z"}, {"uuid": "cc59146c-f49e-4e00-84ed-78ed31982741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/securixy_kz/997", "content": "https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/\n\nVMware vCenter ( CVE-2024-38812,  CVE-2024-38813 )\n\n\u041d\u0443\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f, \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u0441\u0440\u0435\u0434\u0430, \u0437\u0430\u0432\u0442\u0440\u0430 \u0443\u0436\u0435 \u0431\u0443\u0434\u0435\u0442 \u043d\u0435\u043a\u043e\u0433\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c, \u0430 \u043f\u043e\u0441\u043b\u0435\u0437\u0430\u0432\u0442\u0440\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043e - \u043f\u044f\u0442\u043d\u0438\u0446\u0430", "creation_timestamp": "2026-07-12T22:00:10.186865Z"}, {"uuid": "f6885639-d079-48fb-9b27-1c731f5d7c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38812", "type": "seen", "source": "https://t.me/securixy_kz/997", "content": "https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/\n\nVMware vCenter ( CVE-2024-38812,  CVE-2024-38813 )\n\n\u041d\u0443\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f, \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u0441\u0440\u0435\u0434\u0430, \u0437\u0430\u0432\u0442\u0440\u0430 \u0443\u0436\u0435 \u0431\u0443\u0434\u0435\u0442 \u043d\u0435\u043a\u043e\u0433\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c, \u0430 \u043f\u043e\u0441\u043b\u0435\u0437\u0430\u0432\u0442\u0440\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043e - \u043f\u044f\u0442\u043d\u0438\u0446\u0430", "creation_timestamp": "2026-07-13T00:00:34.636627Z"}]}