{"vulnerability": "cve-2024-4080", "sightings": [{"uuid": "81772746-a585-4279-bb85-5ca758310807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40809", "type": "seen", "source": "https://bsky.app/profile/lizp.bsky.social/post/3lty33vrqss2d", "content": "", "creation_timestamp": "2025-07-15T04:32:33.664688Z"}, {"uuid": "b9322f33-cf39-48d9-a785-b0ebcde6d1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40809", "type": "seen", "source": "https://bsky.app/profile/lizp.bsky.social/post/3lty33w7hc22d", "content": "", "creation_timestamp": "2025-07-15T04:32:35.327696Z"}, {"uuid": "b4c2e415-910e-4c34-9537-922e83f67f85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40803", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8879", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-40803\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.\n\ud83d\udccf Published: 2024-07-29T22:17:05.216Z\n\ud83d\udccf Modified: 2025-03-26T16:19:59.170Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT214120\n2. https://support.apple.com/en-us/HT214119\n3. https://support.apple.com/en-us/HT214118\n4. http://seclists.org/fulldisclosure/2024/Jul/20\n5. http://seclists.org/fulldisclosure/2024/Jul/18\n6. http://seclists.org/fulldisclosure/2024/Jul/19", "creation_timestamp": "2025-03-26T16:25:09.000000Z"}, {"uuid": "ed5b2cee-bb17-47ac-8121-bf893aad328d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4080", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14231", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-4080\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\ud83d\udccf Published: 2024-07-23T13:29:55.012Z\n\ud83d\udccf Modified: 2025-05-01T03:55:27.216Z\n\ud83d\udd17 References:\n1. https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html", "creation_timestamp": "2025-05-01T04:14:55.000000Z"}, {"uuid": "98d7785e-8339-4ed2-9fb8-6d5d81c7b333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40800", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1614", "content": "function displayMessage(userInput) {\n    document.getElementById('message').innerHTML = userInput;\n}\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 XSS:\n1. \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0643\u0648\u062f: \u0627\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u0641\u064a\u0647\u0627 \u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629 (Sanitization).\n2. \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a: \u062d\u0627\u0648\u0644 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0641\u064a \u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u062a\u064a \u062a\u0642\u0628\u0644 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\n#### \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0643 \u062d\u0642\u0644 \u0625\u062f\u062e\u0627\u0644 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 kafka-ui \u064a\u0642\u0628\u0644 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645. \u064a\u0645\u0643\u0646 \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0628\u0631 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0628\u0633\u064a\u0637\u0629 \u0645\u062b\u0644:\nalert('XSS');\n\u0625\u0630\u0627 \u062a\u0645 \u0639\u0631\u0636 \u0627\u0644\u0631\u0633\u0627\u0644\u0629 \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d\u060c \u0641\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0639\u0631\u0636 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0624\u0643\u062f \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 XSS.\n\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0625\u0635\u0644\u0627\u062d:\n1. \u062a\u0646\u0642\u064a\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a: \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0646\u0642\u064a\u0629 \u0643\u0627\u0641\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u0639\u0631\u0636\u0647\u0627 \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d.\n2. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0643\u062a\u0628\u0627\u062a \u0623\u0645\u0627\u0646: \u0645\u062b\u0644 DOMPurify \u0644\u062a\u0646\u0642\u064a\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a.\n\n\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 DOMPurify:\nfunction displayMessage(userInput) {\n    const sanitizedInput = DOMPurify.sanitize(userInput);\n    document.getElementById('message').innerHTML = sanitizedInput;\n}\n### GHSL-2023-230: \u062b\u063a\u0631\u0629 \u0623\u062e\u0631\u0649\n\u0628\u062f\u0648\u0646 \u062a\u0641\u0627\u0635\u064a\u0644 \u0625\u0636\u0627\u0641\u064a\u0629\u060c \u0645\u0646 \u0627\u0644\u0635\u0639\u0628 \u062a\u062d\u062f\u064a\u062f \u0646\u0648\u0639 \u0627\u0644\u062b\u063a\u0631\u0629. \u0644\u0643\u0646 \u064a\u0645\u0643\u0646 \u0627\u062a\u0628\u0627\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629:\n\n#### \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 (Vulnerable method):\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0646\u0627 \u0637\u0631\u064a\u0642\u0629 \u062a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0627\u0633\u062a\u0639\u0644\u0627\u0645 SQL \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629:\n\nString query = \"SELECT * FROM users WHERE username = '\" + userInput + \"'\";\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0629:\n1. \u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u0643\u0648\u062f: \u0627\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u062a\u064a \u0642\u062f \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062b\u063a\u0631\u0627\u062a \u0645\u062b\u0644 SQL Injection\u060c CSRF\u060c \u0648\u063a\u064a\u0631\u0647\u0627.\n2. \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0645\u0627\u0646: \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 OWASP ZAP \u0623\u0648 Burp Suite \u0644\u0625\u062c\u0631\u0627\u0621 \u0627\u062e\u062a\u0628\u0627\u0631\u0627\u062a \u0623\u0645\u0627\u0646 \u0634\u0627\u0645\u0644\u0629.\n\n#### \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\u062d\u0627\u0648\u0644 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 \u0636\u0627\u0631\u0629 \u0641\u064a \u062d\u0642\u0644 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 SQL Injection:\n' OR '1'='1\n\u0625\u0630\u0627 \u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0628\u0646\u062c\u0627\u062d \u0648\u0639\u0631\u0636 \u0643\u0627\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646\u060c \u0641\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0639\u0631\u0636 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0624\u0643\u062f \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 SQL Injection.\n\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0625\u0635\u0644\u0627\u062d:\n1. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062d\u0636\u0631\u0629 (Prepared Statements): \u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062d\u0636\u0631\u0629 \u0644\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\n\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0645\u062d\u0636\u0631:\nString query = \"SELECT * FROM users WHERE username = ?\";\nPreparedStatement stmt = connection.prepareStatement(query);\nstmt.setString(1, userInput);\nResultSet rs = stmt.executeQuery();\n### \u0623\u062f\u0648\u0627\u062a \u0645\u0641\u064a\u062f\u0629:\n- OWASP ZAP: \u0623\u062f\u0627\u0629 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n- Burp Suite: \u0623\u062f\u0627\u0629 \u0645\u0647\u0646\u064a\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n\nALSED404:\n\u0643\u0634\u0641\u062a \u0634\u0631\u0643\u0629 \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0639\u0646 \u0623\u0631\u0628\u0639 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a OpenVPN \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0631\u0628\u0637\u0647\u0627 \u0644\u062a\u0645\u0643\u064a\u0646 RCE \u0648\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u062d\u0644\u064a\u0629.\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0625\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u0646\u0642\u0627\u0637 \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0631\u0636 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0644\u0644\u062e\u0637\u0631 \u0648\u064a\u0639\u0631\u0636 \u0627\u0644\u0646\u0638\u0627\u0645 \u0644\u0644\u062e\u0637\u0631.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html\n\nThe Smart Shadow:\n---\n\n\ud83d\udea8 CVE-2024-40800\n\n\u062a\u0645 \u0645\u0639\u0627\u0644\u062c\u0629 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u062d\u0633\u064a\u0646 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a. \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u062a\u0645 \u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n- macOS Sonoma 14.6\n- macOS Monterey 12.7.6\n- macOS Ventura 13.6.8\n\n\ud83d\udd0d \u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629:\n\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u062a\u0639\u0644\u0642 \u0628\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a\u060c \u0645\u0645\u0627 \u0642\u062f \u064a\u0633\u0645\u062d \u0644\u062a\u0637\u0628\u064a\u0642 \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0644\u0647 \u0628\u062a\u0639\u062f\u064a\u0644 \u0623\u062c\u0632\u0627\u0621 \u0645\u062d\u0645\u064a\u0629 \u0645\u0646 \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0644\u0641\u0627\u062a. \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0624\u062f\u064a \u0625\u0644\u0649 \u062a\u0639\u062f\u064a\u0644\u0627\u062a \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647\u0627 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0634\u0643\u0644 \u062e\u0637\u0631\u064b\u0627 \u0623\u0645\u0646\u064a\u064b\u0627 \u0643\u0628\u064a\u0631\u064b\u0627.\n\n\ud83d\udcc5 \u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0625\u0635\u062f\u0627\u0631:\n\u062a\u0645 \u0646\u0634\u0631 \u062a\u0641\u0627\u0635\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0641\u064a \u064a\u0648\u0644\u064a\u0648 2024 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 Full Disclosure\u060c \u0648\u0647\u0648 \u0645\u0635\u062f\u0631 \u0645\u0639\u0631\u0648\u0641 \u0628\u0646\u0634\u0631 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n\n\ud83d\udd12 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a:\n\u0646\u0646\u0635\u062d \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0645\u0630\u0643\u0648\u0631\u0629 \u0645\u0646 macOS \u0628\u062a\u062d\u062f\u064a\u062b \u0623\u0646\u0638\u0645\u062a\u0647\u0645 \u0641\u0648\u0631\u064b\u0627 \u0625\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0630\u0643\u0648\u0631\u0629 \u0623\u0639\u0644\u0627\u0647. \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0636\u0631\u0648\u0631\u064a\u0629 \u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0648\u0636\u0645\u0627\u0646 \u0633\u0644\u0627\u0645\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n\n\u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644\u060c \u064a\u0645\u0643\u0646\u0643\u0645 \u0632\u064a\u0627\u0631\u0629 \u0627\u0644\u0631\u0627\u0628\u0637 \u0627\u0644\u062a\u0627\u0644\u064a: [Full Disclosure - CVE-2024-40800](http://seclists.org/fulldisclosure/2024/Jul/18)\n\n\u0627\u0628\u0642\u0648\u0627 \u0622\u0645\u0646\u064a\u0646! \ud83d\udee1\ufe0f\n\n---\n\n\ud83d\udea8 CVE-2024-39320: \u062b\u063a\u0631\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 Discourse\n\n\u0627\u0643\u062a\u0634\u0641\u062a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 \u0627\u0644\u0646\u0642\u0627\u0634 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 Discourse \u0642\u0628\u0644 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 3.2.5 \u0648 3.3.0.beta5\u060c \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0625\u0645\u0643\u0627\u0646\u064a\u0629 \u062d\u0642\u0646 \u0625\u0637\u0627\u0631\u0627\u062a (iframes) \u0645\u0646 \u0623\u064a \u0646\u0637\u0627\u0642\u060c \u0645\u062a\u062c\u0627\u0648\u0632\u064a\u0646 \u0627\u0644\u0642\u064a\u0648\u062f \u0627\u0644\u062a\u064a \u064a\u064f\u0641\u062a\u0631\u0636 \u0623\u0646 \u064a\u062a\u0645 \u0641\u0631\u0636\u0647\u0627 \u0639\u0628\u0631 \u0625\u0639\u062f\u0627\u062f allowed_iframes. \n\n\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0647\u062c\u0648\u0645:\n- \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0625\u062f\u0631\u0627\u062c \u0645\u062d\u062a\u0648\u0649 \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0625\u0637\u0627\u0631\u0627\u062a \u0639\u0644\u0649 \u0635\u0641\u062d\u0627\u062a \u0627\u0644\u0645\u0646\u0627\u0642\u0634\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0631\u0636 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0644\u0645\u062e\u0627\u0637\u0631 \u0645\u062b\u0644 \u0627\u0644\u062a\u0635\u064a\u062f \u0627\u0644\u0627\u062d\u062a\u064a\u0627\u0644\u064a \u0623\u0648 \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n\n\u0627\u0644\u0625\u0635\u0644\u0627\u062d: \n- \u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 3.2.5 \u0648 3.3.0.beta5. \u064a\u064f\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u062a\u062d\u062f\u064a\u062b \u0645\u0646\u0635\u0627\u062a\u0647\u0645 \u0625\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0623\u0648 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0623\u062d\u062f\u062b \u0644\u0636\u0645\u0627\u0646 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u0647\u062c\u0648\u0645.", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "6aaa7258-57a7-4a62-b5a1-22e77aff3e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4080", "type": "seen", "source": "https://t.me/cvedetector/1507", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4080 - LabVIEW tdcore.dll Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-4080 \nPublished : July 23, 2024, 2:15 p.m. | 43\u00a0minutes ago \nDescription : A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q1 and prior versions. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-23T17:14:16.000000Z"}, {"uuid": "88385579-6adc-4763-992f-63f36fef9473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40807", "type": "seen", "source": "https://t.me/cvedetector/1961", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40807 - Apple macOS Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40807 \nPublished : July 29, 2024, 11:15 p.m. | 45\u00a0minutes ago \nDescription : A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T02:21:11.000000Z"}, {"uuid": "d36b8af4-4332-4ce2-94a5-32782d29e6d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40805", "type": "seen", "source": "https://t.me/cvedetector/1959", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40805 - Apple WatchOS, iPadOS, iOS, tvOS App Bypasses Privacy Preferences\", \n  \"Content\": \"CVE ID : CVE-2024-40805 \nPublished : July 29, 2024, 11:15 p.m. | 45\u00a0minutes ago \nDescription : A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T02:21:09.000000Z"}, {"uuid": "e1bedc14-2007-481c-ada2-9c8ae1061eaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40801", "type": "seen", "source": "https://t.me/CyberBulletin/857", "content": "\u26a1\ufe0fCVE-2024-40801 in macOS allowed a sandboxed app to bypass TCC protections and access sensitive user data without requiring user permission.\n\n#CyberBulletin", "creation_timestamp": "2024-09-24T02:16:08.000000Z"}, {"uuid": "0e4e73e8-dba4-45e3-b11d-28cc88fe195e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40801", "type": "seen", "source": "https://t.me/CyberBulletin/25734", "content": "\u26a1\ufe0fCVE-2024-40801 in macOS allowed a sandboxed app to bypass TCC protections and access sensitive user data without requiring user permission.\n\n#CyberBulletin", "creation_timestamp": "2024-09-24T11:02:43.000000Z"}, {"uuid": "a6fb41c1-8c7c-44a1-9ec8-e4ccd6d2bb05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40800", "type": "published-proof-of-concept", "source": "Telegram/ToCf6YsGId5JUWGMj9DuepDPCX4Mci4i8uh8beEPrs42uuDN", "content": "", "creation_timestamp": "2024-08-14T03:55:57.000000Z"}]}