{"vulnerability": "cve-2024-4344", "sightings": [{"uuid": "43c8b619-7d05-4a77-b650-12f458f35137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43447", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113471393153762372", "content": "", "creation_timestamp": "2024-11-12T18:27:33.202418Z"}, {"uuid": "35eddc4a-78f9-4532-851a-e8f88a6b58e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43447", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"}, {"uuid": "d7065c52-ee9b-45c4-899b-b8dcd718c5af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43449", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"}, {"uuid": "8dc0cf4c-6a01-4ab6-bc53-88e6b06860f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43447", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471268483880789", "content": "", "creation_timestamp": "2024-11-12T17:55:51.146961Z"}, {"uuid": "cb9426e8-b56e-48d9-8df7-9a7f467cb745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43449", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471327482142444", "content": "", "creation_timestamp": "2024-11-12T18:10:51.439795Z"}, {"uuid": "f80a8b48-c165-4d02-b9c6-befbd7bea3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le2gcwdxjf2m", "content": "", "creation_timestamp": "2024-12-24T12:15:32.951071Z"}, {"uuid": "8d05bed0-791c-40a6-9bdf-d587dbcd865a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3le2yall5av27", "content": "", "creation_timestamp": "2024-12-24T17:36:21.543457Z"}, {"uuid": "aa67d011-0f7f-4601-b3ae-69de96e0c3d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3le72pjz5ly2q", "content": "", "creation_timestamp": "2024-12-26T08:31:10.468619Z"}, {"uuid": "b6f27b98-d35f-4a43-9e36-93381ebc5791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3le73snlxrc2v", "content": "", "creation_timestamp": "2024-12-26T08:50:49.801074Z"}, {"uuid": "7a0468b7-3e33-437f-bdf5-efb1c34635f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lemh4xv2vd2m", "content": "", "creation_timestamp": "2024-12-31T16:18:02.431571Z"}, {"uuid": "9ae601ec-568d-4ddc-a53f-e1be853b81d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43445", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc3x64gg2c", "content": "", "creation_timestamp": "2025-01-27T06:16:21.160282Z"}, {"uuid": "830492ae-2048-4f5b-bf6e-fa2c35e769f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43446", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc3zuup62i", "content": "", "creation_timestamp": "2025-01-27T06:16:24.381049Z"}, {"uuid": "17316f71-ccee-431f-8e53-e7fd455c553b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43446", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdxjwwxs2r", "content": "", "creation_timestamp": "2025-01-27T06:49:47.481509Z"}, {"uuid": "4af07ca6-8b77-406f-868a-eb966748f950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43445", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898992865129761", "content": "", "creation_timestamp": "2025-01-27T06:51:47.057382Z"}, {"uuid": "b925ed2b-de68-418b-af69-97986bb0575e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43446", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898992879712532", "content": "", "creation_timestamp": "2025-01-27T06:51:47.330764Z"}, {"uuid": "5fe9822b-5cd1-45f6-b36d-8f1eba0a0cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6tfrig2s", "content": "", "creation_timestamp": "2025-09-19T21:02:36.237914Z"}, {"uuid": "ef13a5e8-7efc-4b31-957f-e8b78a1f70cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43446", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3165", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-chc6-3mhw-pc4r\n\ud83d\udd25 CVSS Score: 3.5 (CVSS_V3)\n\ud83d\udd39 Description: An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected\n\ud83d\udccf Published: 2025-01-27T06:30:26Z\n\ud83d\udccf Modified: 2025-01-27T06:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-43446\n2. https://otrs.com/release-notes/otrs-security-advisory-2025-02", "creation_timestamp": "2025-01-27T07:07:54.000000Z"}, {"uuid": "bcb68bee-ba22-4cbf-b14e-8fada828be14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43447", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/989", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-43447\n\ud83d\udd39 Description: Windows SMBv3 Server Remote Code Execution Vulnerability\n\ud83d\udccf Published: 2024-11-12T17:53:47.242Z\n\ud83d\udccf Modified: 2025-01-09T16:51:40.328Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447", "creation_timestamp": "2025-01-09T17:19:28.000000Z"}, {"uuid": "4a48891f-98de-4c3c-b617-d69fab5beaa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43449", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/990", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-43449\n\ud83d\udd39 Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability\n\ud83d\udccf Published: 2024-11-12T17:53:47.899Z\n\ud83d\udccf Modified: 2025-01-09T16:50:20.937Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43449", "creation_timestamp": "2025-01-09T17:19:40.000000Z"}, {"uuid": "8877c90a-cf8d-4757-b463-fac7e0719b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://t.me/cvedetector/13605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43441 - Apache HugeGraph-Server Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-43441 \nPublished : Dec. 24, 2024, 12:15 p.m. | 45\u00a0minutes ago \nDescription : Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.  \n  \nThis issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.  \n  \nUsers are recommended to upgrade to version 1.5.0, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T14:24:39.000000Z"}, {"uuid": "fe471253-4db8-462a-acf0-0e4d1198b447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3163", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-fg8c-fxj5-qp3x\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected\n\ud83d\udccf Published: 2025-01-27T06:30:26Z\n\ud83d\udccf Modified: 2025-01-27T06:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-43445\n2. https://otrs.com/release-notes/otrs-security-advisory-2025-01", "creation_timestamp": "2025-01-27T07:07:53.000000Z"}, {"uuid": "8eb51151-8a1d-4914-9159-29a3d72342c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://t.me/kasperskyb2b/1574", "content": "\u2b50\ufe0f \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411\n\n\ud83d\ude11 \u0423\u0433\u0440\u043e\u0437\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c \u0410\u0421\u0423 \u0432 3 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430: \u043e\u0431\u0437\u043e\u0440 \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430. \u0422\u043e\u043f \u0441\u0438\u0441\u0442\u0435\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b, \u0432\u043e\u0437\u0433\u043b\u0430\u0432\u0438\u043b\u0438 \u0431\u0438\u043e\u043c\u0435\u0442\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \n\n\ud83d\uddff \u0420\u0430\u0437\u0431\u043e\u0440 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Masque, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 2024 \u0433\u043e\u0434\u0443 \u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0439 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0432\u044b\u0433\u043e\u0434\u044b.  \u0417\u0430\u0445\u043e\u0434\u044f\u0442 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u0442\u0451\u043a\u0448\u0438\u0435 \u0431\u0438\u043b\u0434\u0435\u0440\u044b Lockbit \u0438 Babuk.\n\n\ud83d\ude80 \u0412 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430\u0445 Palo Alto, \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 CVE-2024-9474, \u0432\u044b\u043b\u043e\u0432\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 Littlelamb.Wooltea. \u041e\u0447\u0435\u043d\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u043e\u0442\u0447\u0451\u0442 \u043e \u043d\u0451\u043c \u0445\u043e\u0440\u043e\u0448\u043e \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u043a\u0430\u043a \u043e\u043f\u044b\u0442\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430 \u043f\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\ud83d\udfe3\u0421\u043f\u0438\u0441\u043e\u043a \u0438\u0437 2,5 \u0442\u044b\u0441\u044f\u0447 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 Astrill VPN, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0447\u0435\u043d\u044c \u043b\u044e\u0431\u044f\u0442 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0435 APT.\n\n\u2764\ufe0f\u041e\u0431\u0437\u043e\u0440 \u0444\u0438\u0448\u0438\u043d\u0433-\u043a\u0438\u0442\u0430 WikiKit, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0433\u043e \u0441\u0432\u043e\u0451 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0437\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u043d \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0443\u0435\u0442 \u043d\u0435\u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0412\u0438\u043a\u0438\u043f\u0435\u0434\u0438\u044e.\n\n\ud83d\ude35\u200d\ud83d\udcab \u041f\u044f\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 Chrome, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u043e\u0442 \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Cyberhaven, \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0438 \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u043c\u0430\u0433\u0430\u0437\u0438\u043d Chrome. \u0415\u0449\u0451 \u043e\u0434\u0438\u043d \u043f\u043e\u0432\u043e\u0434 \u043f\u043e\u0434\u0447\u0438\u043d\u0438\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0432 \u0425\u0440\u043e\u043c \u0441\u0442\u0440\u043e\u0433\u0438\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c.\n\n\ud83d\udfe2\u041d\u043e\u0432\u044b\u0439 \u0434\u0435\u043d\u044c \u2014 \u043d\u043e\u0432\u043e\u0435 \u0412\u041f\u041e \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 open source. \u0422\u0435\u043f\u0435\u0440\u044c \u0447\u0435\u0440\u0435\u0437 PyPi \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0441\u0442\u0438\u043b\u0435\u0440\u044b Cometlogger \u0438 Zebo.\n\n\ud83d\udfe3\u0410 Lockbit \u0441\u043e\u0431\u0440\u0430\u043b\u0438\u0441\u044c \u043e\u0442\u043f\u0440\u0430\u0437\u0434\u043d\u043e\u0432\u0430\u0442\u044c \u0433\u043e\u0434\u043e\u0432\u0449\u0438\u043d\u0443 \u0440\u0430\u0437\u0433\u043e\u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u044b \u043f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c Lockbit 4.0.\n\n\ud83d\ude35 \u0426\u0435\u043b\u0430\u044f \u043f\u0430\u0447\u043a\u0430 \u0441\u0440\u043e\u0447\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0418\u0422-\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043e\u043c\u0440\u0430\u0447\u0438\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0430\u043c \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u0447\u043d\u044b\u0439 \u0441\u0435\u0437\u043e\u043d. \u041e\u0442\u043c\u0435\u0442\u0438\u043c CVE-2024-52046 \u0432 Apache MINA (CVSS 10), CVE-2024-45387 \u0432 Apache Traffic Ops (CVSS 9.9) \u0438 \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0443\u044e CVE-2024-43441 \u0432 OpenGraph. \u0410 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0435\u0434\u0432\u0430 \u0432\u044b\u0434\u043e\u0445\u043d\u0443\u043b, \u0437\u0430\u043b\u0430\u0442\u0430\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e CVE-2024-50379 \u0432 Apache Tomcat, \u0442\u043e\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u2014 \u0444\u0438\u043a\u0441 \u0431\u044b\u043b \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0439\u0442\u0435 CVE-2024-56337 \u0438 \u043d\u0430\u0447\u0438\u043d\u0430\u0439\u0442\u0435 \u0441\u043d\u0430\u0447\u0430\u043b\u0430. \u0414\u0430, \u0438 CVE-2024-53677 \u0432 Struts \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043d\u0435 \u0437\u0430\u0431\u0443\u0434\u044c\u0442\u0435.\n\u0421\u043d\u043e\u0432\u0430 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c \u0438 Palo Alto \u0441 DoS \u0432 PAN-OS (CVE-2024-3393, CVSS 8.7).\n\n\ud83d\udc4b \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0447\u0442\u0438\u0432\u043e \u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435: \u043a\u0430\u043a \u043b\u044e\u0431\u0438\u043c\u0430\u044f \u0441\u0442\u0430\u0440\u0442\u0430\u043f\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0441\u0430\u0434\u0430 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #APT #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2024-12-28T08:57:19.000000Z"}, {"uuid": "8dd8bbe8-b482-49bf-b03f-de7870c7622e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43446", "type": "seen", "source": "https://t.me/cvedetector/16430", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43446 - \"OTRS Generic Interface Module Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-43446 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.   \n  \nThis issue affects:   \n  \n  *  OTRS 7.0.X  \n  \n  *  OTRS 8.0.X  \n  *  OTRS 2023.X  \n  *  OTRS 2024.X  \n  \n  *  ((OTRS)) Community Edition: 6.0.x  \n  \nProducts based on the ((OTRS)) Community Edition also very likely to be affected \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:08.000000Z"}, {"uuid": "6dcbdd31-6525-4c10-a9a4-3c1b1436baa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43445", "type": "seen", "source": "https://t.me/cvedetector/16440", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43445 - OTRS MIME Type Inference XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43445 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended.   \n  \nThis issue affects:   \n  \n  *  OTRS 7.0.X  \n  \n  *  OTRS 8.0.X  \n  *  OTRS 2023.X  \n  *  OTRS 2024.X  \n  \n  *  ((OTRS)) Community Edition: 6.0.x  \n  \nProducts based on the ((OTRS)) Community Edition also very likely to be affected \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:22.000000Z"}, {"uuid": "8193ae9e-33c4-48e3-8711-e94305208eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43443", "type": "seen", "source": "https://t.me/cvedetector/4108", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43443 - OTRS Cross-Site Scripting in Process Management\", \n  \"Content\": \"CVE ID : CVE-2024-43443 \nPublished : Aug. 26, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.  \nThis issue affects:   \n  \n  *  OTRS from 7.0.X through 7.0.50  \n  *  OTRS 8.0.X  \n  *  OTRS 2023.X  \n  *  OTRS from 2024.X through 2024.5.X  \n  *  ((OTRS)) Community Edition: 6.0.x  \n  \nProducts based on the ((OTRS)) Community Edition also very likely to be affected \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T12:02:14.000000Z"}, {"uuid": "1e0bdf4b-bc63-45c9-83f7-bba0f8d9d283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43440", "type": "seen", "source": "https://t.me/cvedetector/10089", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43440 - Moodle Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43440 \nPublished : Nov. 7, 2024, 2:15 p.m. | 43\u00a0minutes ago \nDescription : A flaw was found in moodle. A local file may include risks when restoring block backups. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T16:05:57.000000Z"}, {"uuid": "a9c74ca4-1056-4ab5-b8b3-e4e3eda0d2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43444", "type": "seen", "source": "https://t.me/cvedetector/4106", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43444 - OTRS Administration Log Module Plain Text Password Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43444 \nPublished : Aug. 26, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.  \n  \nThis issue affects:   \n  \n  *  OTRS from 7.0.X through 7.0.50  \n  *  OTRS 8.0.X  \n  *  OTRS 2023.X  \n  *  OTRS from 2024.X through 2024.5.X  \n  *  ((OTRS)) Community Edition: 6.0.x  \n  \nProducts based on the ((OTRS)) Community Edition also very likely to be affected \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T12:02:12.000000Z"}, {"uuid": "1f57de8c-c48c-4fc5-9575-e8477e004441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43442", "type": "seen", "source": "https://t.me/cvedetector/4105", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43442 - OTRS Cross-Site Scripting (XSS) in System Configuration\", \n  \"Content\": \"CVE ID : CVE-2024-43442 \nPublished : Aug. 26, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in\u00a0 OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.  \nThis issue affects:\u00a0  \n  \n  *  OTRS from 7.0.X through 7.0.50  \n  *  OTRS 8.0.X  \n  *  OTRS 2023.X  \n  *  OTRS from 2024.X through 2024.5.X  \n  *  ((OTRS)) Community Edition: 6.0.x  \n  \nProducts based on the ((OTRS)) Community Edition also very likely to be affected \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T12:02:11.000000Z"}, {"uuid": "2683f1ce-930b-43f4-92f3-440d02942917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "Telegram/l4QKeqFD5qRT7zoy1ctBM0eZVQO1zsPSYOBaMryYD-ObyXg", "content": "", "creation_timestamp": "2024-12-30T08:21:02.000000Z"}, {"uuid": "3a16d4b1-901a-474a-948d-25995f9e1fcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://t.me/true_secator/6590", "content": "\u041d\u0430\u043c \u043d\u0430 \u041d\u043e\u0432\u044b\u0439 \u0413\u043e\u0434 \u043f\u043e\u0434\u0430\u0440\u0438\u043b\u0438 \u043a\u043d\u0438\u0433\u0443 \u0410.\u041d. \u0417\u0430\u0442\u0443\u043f\u043a\u043e \"\u041a\u0430\u043b\u0430\u043c\u0431\u0443\u0440\u044c \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u043d\u0430\u043c\u0438!\", \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043c\u044b \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0441\u043f\u0435\u0448\u0438\u043c \u043f\u043e\u0440\u0430\u0434\u043e\u0432\u0430\u0442\u044c \u0432\u0430\u0441 \u043d\u0430\u0448\u0438\u043c\u0438 \u043d\u043e\u0432\u044b\u043c\u0438 \u043d\u0430\u0440\u0430\u0431\u043e\u0442\u043a\u0430\u043c\u0438 \u0432 \u044d\u0442\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438!\n\n\u0415\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 MINA, \u0442\u043e \u043f\u043e\u0434 \u0432\u0430\u043c\u0438 \u0437\u0430\u043b\u043e\u0436\u0435\u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435\u0432\u0435\u0440\u043e\u044f\u0442\u043d\u0430\u044f \u043c\u0438\u043d\u0430!\n\nApache Software Foundation \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0445 MINA \u0438 HugeGraph-Server. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u041f\u041e, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 23 \u043f\u043e 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043e\u0448\u0438\u0431\u043e\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-52046 \u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u0438 MINA 2.0 \u043f\u043e 2.0.26, 2.1 \u043f\u043e 2.1.9 \u0438 2.2 \u043f\u043e 2.2.3. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10 \u0438\u0437 10 \u043e\u0442 Apache Software Foundation\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 ObjectSerializationDecoder \u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 Java, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\nApache \u043f\u043e\u044f\u0441\u043d\u0438\u043b\u0430, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430, \u0435\u0441\u043b\u0438 \u043c\u0435\u0442\u043e\u0434 IoBuffer#getObject() \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043a\u043b\u0430\u0441\u0441\u0430\u043c\u0438.\n\nApache \u0440\u0435\u0448\u0438\u043b\u0430 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.0.27, 2.1.10 \u0438 2.2.4, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u0431\u044b\u043b \u0443\u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u043d \u0437\u0430 \u0441\u0447\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e \u044d\u0442\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u043a\u043b\u0430\u0441\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u044f\u0432\u043d\u043e \u043d\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043e\u0434\u0438\u043d \u0438\u0437 \u0442\u0440\u0435\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f Apache HugeGraph-Server \u0432\u0435\u0440\u0441\u0438\u0439 1.0\u20131.3, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0443\u044e \u043a\u0430\u043a CVE-2024-43441. \u041e\u043d\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043b\u043e\u0433\u0438\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u0430\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.5.0, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u043e\u0439 \u043a \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044e \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 HugeGraph-Server.\n\n\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u0435 \u043c\u0435\u0440\u044b, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0441 \u0443\u0447\u0435\u0442\u043e\u043c \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0438\u0442\u0430\u044e\u0442 \u0441\u043e\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0433\u0434\u0430 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0430\u0442\u0435\u043c\u043d\u043e \u0441\u043d\u0438\u0436\u0430\u0435\u0442\u0441\u044f.", "creation_timestamp": "2024-12-27T12:40:02.000000Z"}, {"uuid": "b7f514d2-f396-4fa3-b29e-90df4e2825a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43441", "type": "seen", "source": "https://t.me/true_secator/6586", "content": "\u0412\u0441\u043b\u0435\u0434 \u0437\u0430 CVE-2024-43441 \u0432 HugeGraph-Server \u0438 CVE-2024-56337 \u0432 Tomcat \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache Software Foundation (ASF) \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 Traffic Control \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c 9,9 CVSS.\n\n\u041f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-45387 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u0440\u043e\u043b\u044c\u044e admin, federation, operations, portal \u0438\u043b\u0438 steering \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e PUT-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e Tencent YunDing Security Lab \u042e\u0430\u043d\u044c \u041b\u043e. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Traffic Control \u043e\u0442 8.0.0 \u0434\u043e 8.0.1.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Traffic Control 8.0.2. \u0414\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u041f\u041e.", "creation_timestamp": "2024-12-26T12:00:09.000000Z"}]}