{"vulnerability": "cve-2023-3439", "sightings": [{"uuid": "0140e87a-973c-4869-a8c7-2c64a4644a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:06.851020Z"}, {"uuid": "9ef0cbf8-5522-4c20-a396-a7420c4f5e3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:07.002814Z"}, {"uuid": "dc08e6b3-9b3b-40a1-9f05-a45e4b624dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34398", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:07.039948Z"}, {"uuid": "2e21d5fa-b676-4e0e-ad7b-4aec37cd774e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34398", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4401", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34398\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34398\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:16:46.000000Z"}, {"uuid": "5a68c90d-c847-4667-af00-cc43514e6d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114003734113794015", "content": "", "creation_timestamp": "2025-02-14T18:48:51.935527Z"}, {"uuid": "e0e81caa-b8dd-44e6-aae6-224d644951d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li5x4nkm5x2e", "content": "", "creation_timestamp": "2025-02-14T19:35:01.473456Z"}, {"uuid": "2bd117f7-cc2c-4a11-a2c5-d921708f71d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li6fwujjmd2z", "content": "", "creation_timestamp": "2025-02-15T00:00:14.144056Z"}, {"uuid": "cecee6a1-0416-412d-9d38-fc713f81645f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998850182590839", "content": "", "creation_timestamp": "2025-02-13T22:06:48.759023Z"}, {"uuid": "b05af713-c869-4745-8470-82338fd1b397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34398", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998850197090508", "content": "", "creation_timestamp": "2025-02-13T22:06:49.192376Z"}, {"uuid": "c11a00ee-2be9-4ab0-b814-6ba6b0d9f9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998850211231092", "content": "", "creation_timestamp": "2025-02-13T22:06:49.670142Z"}, {"uuid": "3465b779-dc4f-49d6-adb6-52ce62d370ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3pmt27qf2h", "content": "", "creation_timestamp": "2025-02-13T22:15:34.603904Z"}, {"uuid": "1ac69910-cd0b-4385-915b-905c317a687e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34398", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3pmvaryg2x", "content": "", "creation_timestamp": "2025-02-13T22:15:36.610234Z"}, {"uuid": "753c370a-629a-478d-995a-9efeaedbdb3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3pmxqpt72a", "content": "", "creation_timestamp": "2025-02-13T22:15:39.615365Z"}, {"uuid": "92dff363-e9c8-4169-bfd9-1aa0b3edaa56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloapb7s2d", "content": "", "creation_timestamp": "2025-02-18T15:36:47.175562Z"}, {"uuid": "b3a74fb9-276c-4a98-8819-fd2503af0f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn22d", "content": "", "creation_timestamp": "2025-02-18T15:36:47.900717Z"}, {"uuid": "364b49f1-f441-4b33-89a9-5c997dcf32a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn32d", "content": "", "creation_timestamp": "2025-02-18T15:36:48.608061Z"}, {"uuid": "eb851cbb-288f-4b55-a97d-601dcf1eb0e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4405", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34397\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34397\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:16:56.000000Z"}, {"uuid": "72bda33f-a6a6-4c23-a9ee-eb8e94b5793f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34392", "type": "seen", "source": "https://t.me/KomunitiSiber/749", "content": "9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products\nhttps://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html\n\nNine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL).\n\u201cThe most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,\u201d Nozomi Networks\u00a0said\u00a0in a report published last week.\nThe issues, tracked as CVE-2023-34392 and from CVE-2023-31168", "creation_timestamp": "2023-09-06T13:09:23.000000Z"}, {"uuid": "4f3ebd70-2530-45ed-a787-97eb3a32359b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3439", "type": "seen", "source": "Telegram/-sS5x-_oQGz_e5--7ZWlF6G9kKKohiwbcfBz0jjYJBjuB7Qi", "content": "", "creation_timestamp": "2025-03-11T04:41:13.000000Z"}, {"uuid": "68a02538-e798-4f91-9369-8365d5e62040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "seen", "source": "Telegram/RO_7hDHzuhjk0br5HIqHs912n0M-CwD3P-rD1uGq8vdOh-C9", "content": "", "creation_timestamp": "2025-02-14T10:09:23.000000Z"}, {"uuid": "8b6f6da6-3be1-4420-b1c7-d83b92af3d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34398", "type": "seen", "source": "Telegram/hyum4owC32oh_aVMpKRlwPYzCsWT9BbrZp7qnclNFfNq_GEn", "content": "", "creation_timestamp": "2025-02-14T10:09:23.000000Z"}, {"uuid": "88962996-1676-4953-90c7-4c4c52b2adef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "seen", "source": "Telegram/vOrzUDDgoU5sCslQOB7dt8YdNABNdqK-3z7GqGEs-cNJw8am", "content": "", "creation_timestamp": "2025-02-14T10:09:23.000000Z"}, {"uuid": "a0633494-46ee-44f7-b281-3e32980e0c64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34392", "type": "seen", "source": "Telegram/H3UUabEv1xs7Kg01Ip9h9p1g1MjfOWbKEpWB7-OtF_k2Ew", "content": "", "creation_timestamp": "2023-09-06T14:28:04.000000Z"}, {"uuid": "39f771b3-95aa-4837-945d-7d01f82c535e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34399", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8470", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34399\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.\n\ud83d\udccf Published: 2025-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-24T16:10:35.701Z\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-03-24T16:23:01.000000Z"}, {"uuid": "be4e5a85-890d-4d7b-b457-5b7531f996cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34397", "type": "seen", "source": "https://t.me/true_secator/6638", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 13 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e-\u0440\u0430\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Mercedes-Benz User Experience (MBUX) \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 MBUX \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043e\u0442\u0447\u0435\u0442 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 KeenLab \u043e\u0442 2021 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u041b\u041a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c MBUX, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0443\u0434\u0435\u043b\u0435\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0438\u0445 \u043a\u043e\u043b\u043b\u0435\u0433\u0430\u043c\u0438: \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 (CAN, UDS \u0438 \u0442.\u0434.), \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c USB \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC).\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0441\u0442\u043e\u0432\u0443\u044e \u043c\u043e\u0434\u0435\u043b\u044c \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435 (\u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0437\u0446\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 Mercedes B180), \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0438\u043c\u0435\u043b\u0441\u044f \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f DoS-\u0430\u0442\u0430\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044e, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \u0438 \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 USB, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e. \n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c: CVE-2024-37601 - CVE-2024-37603, CVE-2023-34397 - CVE-2023-34404, CVE-2023-34406.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u0436\u0434\u043e\u0439 CVE - \u0437\u0434\u0435\u0441\u044c, \u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-01-20T18:30:05.000000Z"}, {"uuid": "3e6f712e-ea6f-4896-8b70-c29bcabe9894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34391", "type": "seen", "source": "https://t.me/cibsecurity/69570", "content": "\u203c CVE-2023-34391 \u203c\n\nInsecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T20:13:27.000000Z"}, {"uuid": "32943cbc-797a-42c4-86ee-f61de8c97fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34390", "type": "seen", "source": "https://t.me/ctinow/157577", "content": "https://ift.tt/Bucgjnw\nCVE-2023-34390 | Schweitzer Engineering Laboratories SEL-451 20230830 denial of service", "creation_timestamp": "2023-12-21T10:37:44.000000Z"}, {"uuid": "4d286d6b-cbfe-4fba-b11a-4455a43fdb8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34392", "type": "seen", "source": "https://t.me/cibsecurity/69573", "content": "\u203c CVE-2023-34392 \u203c\n\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T20:13:29.000000Z"}, {"uuid": "685e30c0-7497-44b2-8b0f-1e7dd8638731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34394", "type": "seen", "source": "https://t.me/cibsecurity/67027", "content": "\u203c CVE-2023-34394 \u203c\n\nIn Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-20T12:17:49.000000Z"}, {"uuid": "407fa5ed-7f65-475e-8b35-2fcf6e7485a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34395", "type": "seen", "source": "https://t.me/cibsecurity/65569", "content": "\u203c CVE-2023-34395 \u203c\n\nImproper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.Starting version 4.0.0 driver can be set only from the hook constructor.This issue affects Apache Airflow ODBC Provider: before 4.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T16:12:00.000000Z"}, {"uuid": "05c0dad0-cb4c-422a-9c3b-f95227146fb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3439", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8602", "content": "#exploit\n1. CVE-2023-2982:\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <=7.6.4 - Authentication Bypass\nhttps://github.com/H4K6/CVE-2023-2982-POC\n\n2. CVE-2023-2934:\nChrome Mojo Message Validation Bypass\nhttps://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html\n\n3. CVE-2023-3439:\nLinux MCTP UaF in mctp_sendmsg\nhttps://seclists.org/oss-sec/2023/q3/0", "creation_timestamp": "2023-07-03T17:03:55.000000Z"}, {"uuid": "b5bdcd51-663d-4827-a151-ecac94cc8330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3439", "type": "seen", "source": "https://t.me/cibsecurity/65687", "content": "\u203c CVE-2023-3439 \u203c\n\nA flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T00:13:22.000000Z"}]}