{"vulnerability": "cve-2024-4707", "sightings": [{"uuid": "dde89560-99f4-48da-8586-ed780a080b46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://infosec.exchange/@adulau/113207584606763918", "content": "", "creation_timestamp": "2024-09-27T04:17:33.000000Z"}, {"uuid": "b21ee227-fb26-436c-9a8a-e7ec3380eef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47073", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113442874348339740", "content": "", "creation_timestamp": "2024-11-07T17:34:50.762175Z"}, {"uuid": "49fdf4e2-acd6-4cf6-90b9-4ba7303e921b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://security.paloaltonetworks.com/CVE-2024-47076", "content": "", "creation_timestamp": "2024-09-26T20:15:00.000000Z"}, {"uuid": "34fee061-0569-4776-813f-80ff74311876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47072", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113444334036917014", "content": "", "creation_timestamp": "2024-11-07T23:46:03.829285Z"}, {"uuid": "9329d136-0f3d-45de-9247-c3aab402ad9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47072", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113869714895593544", "content": "", "creation_timestamp": "2025-01-22T02:46:01.165201Z"}, {"uuid": "862b3517-2491-4e0a-a73d-dcd3c0a779c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "15bc618a-cc08-4986-b69d-ca0d207fa56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:04.000000Z"}, {"uuid": "27308d7b-75c3-421b-b445-299ce3b64f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47072", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lq43lzc3bc23", "content": "", "creation_timestamp": "2025-05-26T21:11:25.982385Z"}, {"uuid": "ba73c739-1abc-48d7-b5d6-50e4d6e21e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47073", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-47073.yaml", "content": "", "creation_timestamp": "2025-06-12T10:36:32.000000Z"}, {"uuid": "86f9afc2-8f01-4abc-a037-17ce70070915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47073", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrjdibnr3s2e", "content": "", "creation_timestamp": "2025-06-13T21:02:20.156426Z"}, {"uuid": "24378934-8d65-44e8-b3a0-100430acb483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47075", "type": "seen", "source": "https://gist.github.com/Wbaker7702/53198661ba029cb1af08a9ce551dbeb5", "content": "", "creation_timestamp": "2025-10-14T05:07:38.000000Z"}, {"uuid": "9f5f80c1-1db5-4606-9c5a-58be81797b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "bf558d39-1f2c-45b1-9217-982e772770c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb", "content": "", "creation_timestamp": "2024-11-22T14:28:34.000000Z"}, {"uuid": "0444069b-f099-4706-bbac-9291ed1c31f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/3eaf0fde-67ad-4326-a84a-2e4ff201a8e9", "content": "", "creation_timestamp": "2024-09-27T04:15:35.899736Z"}, {"uuid": "3d520ad5-d47e-44b3-a312-a84e15d867c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/19c15eba-7fb7-4f1e-8fdd-f5871d05e797", "content": "", "creation_timestamp": "2024-09-30T07:31:43.981846Z"}, {"uuid": "652263e5-ba0f-4e97-886a-c0bd25d9efe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13696", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 The CUPS POC analysis\nCVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177.\n\nhttps://www.elastic.co/security-labs/cups-overflow", "creation_timestamp": "2024-09-29T07:13:53.000000Z"}, {"uuid": "24efc2fb-8965-4bd6-9177-e0c64614290d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8639", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aLinux ve Unix sistemlerinizin CVE-2024-47076 a\u00e7\u0131\u011f\u0131ndan etkilenip etkilenmedi\u011fini bu script ile \u00f6\u011frenebilirsiniz.\nURL\uff1ahttps://github.com/mutkus/CVE-2024-47076\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-29T15:19:58.000000Z"}, {"uuid": "d647b01b-dfc1-4f57-b662-06a9e221e09c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aUltrafast CUPS-browsed scanner (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177)\nURL\uff1ahttps://github.com/lkarlslund/jugular\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-30T07:22:12.000000Z"}, {"uuid": "955a1b9b-0f36-45fb-a7f2-5548f9865491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://t.me/itsec_news/4777", "content": "\u200b\u26a1\ufe0f\u041f\u0435\u0447\u0430\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 Linux \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\n\n\ud83d\udcac \u041d\u0430 \u0434\u043d\u044f\u0445 \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Unix-\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 CUPS, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e Linux-\u0441\u0438\u0441\u0442\u0435\u043c \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u044c \u0438\u043b\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0435\u0447\u0430\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0441\u0443\u0433\u0443\u0431\u043b\u044f\u0435\u0442 \u0442\u043e, \u0447\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0438\u043c\u043e\u043d\u0435 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u0439 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0438\u0439 \u043e\u0431 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 BSD, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, ChromeOS \u0438 Solaris. \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043e\u0442 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 cups-browsed, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u0440\u0438 \u0441\u0442\u0430\u0440\u0442\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0435\u0447\u0430\u0442\u044c.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0438\u043c\u0435\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0443 CUPS \u043d\u0430 \u043f\u043e\u0440\u0442\u0435 631 \u0438 \u0434\u043e\u0436\u0434\u0430\u0442\u044c\u0441\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0435\u0447\u0430\u0442\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u043e\u0433\u043e \u043f\u043e\u0440\u0442\u0430, \u0432\u043e\u0437\u043c\u043e\u0436\u0435\u043d \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043f\u043e\u0434\u043c\u0435\u043d\u044b zeroconf, mDNS \u0438\u043b\u0438 DNS-SD \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438.\n\n\u0412\u0441\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u044b\u043b\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\nCVE-2024-47176 (cups-browsed \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.1): \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a UDP-\u043f\u043e\u0440\u0442\u0443 631.\n\nCVE-2024-47076 (libcupsfilters \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.1b1): \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 IPP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\nCVE-2024-47175 (libppd): \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043f\u0440\u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 PPD-\u0444\u0430\u0439\u043b.\n\nCVE-2024-47177 (cups-filters \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.1): \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 PPD-\u0444\u0430\u0439\u043b\u0430.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u043f\u043e\u0440\u0442 631, \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u043f\u0435\u0440\u0435\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0438, \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0435\u0447\u0430\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n\u0425\u043e\u0442\u044f \u0443\u0433\u0440\u043e\u0437\u0430 \u043a\u0430\u0436\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439, \u0434\u043b\u044f \u0435\u0451 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0437\u0430\u0434\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u0435\u0447\u0430\u0442\u044c. \u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043d\u0435 \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u0442 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0432 9.9 \u0438\u0437 10 \u043f\u043e CVSS, \u043a\u0430\u043a \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c \u0440\u0430\u043d\u0435\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u0432\u0441\u0451 \u0435\u0449\u0451 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0433\u0440\u043e\u0437\u0443.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 watchTowr \u0411\u0435\u043d\u0434\u0436\u0430\u043c\u0438\u043d\u0430 \u0425\u0430\u0440\u0440\u0438\u0441\u0430, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043b\u0438\u0448\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043f\u0440\u043e\u0446\u0435\u043d\u0442 Linux-\u0441\u0438\u0441\u0442\u0435\u043c, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043e\u043d \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u0430\u043c \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0448\u0430\u0433\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b:\n\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441 cups-browsed;\n\u0411\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a UDP-\u043f\u043e\u0440\u0442\u0443 631 \u0438 DNS-SD;\n\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c CUPS \u043f\u0440\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0441\u044f \u0441 \u0440\u044f\u0434\u043e\u043c \u0442\u0440\u0443\u0434\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CUPS. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0442\u0430\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u0430\u043a Canonical \u0438 Red Hat, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 CUPS \u043d\u0435\u043e\u0445\u043e\u0442\u043d\u043e \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u0430\u0445.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438, \u0432\u043c\u0435\u0441\u0442\u043e \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u043d\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u043b\u0438 \u0441\u043f\u043e\u0440\u0438\u0442\u044c \u043e \u0442\u043e\u043c, \u0432\u043b\u0438\u044f\u044e\u0442 \u043b\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c, \u0438 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u043b\u0438 \u0441\u043d\u0438\u0441\u0445\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0435 \u043a \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u044f\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0441\u0447\u0438\u0442\u0430\u0435\u0442 \u044d\u0442\u0443 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043d\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0441 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438 \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 20 \u043b\u0435\u0442 \u043d\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u041f\u043e\u043a\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043f\u0430\u0442\u0447\u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u043c\u044b\u0435 \u043c\u0435\u0440\u044b \u0434\u043b\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-27T16:16:01.000000Z"}, {"uuid": "627ad4f6-3109-4d8f-aba3-1586f91d7466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4431", "content": "\ud83d\udc27 Cupshax - RCE \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u0435\u0447\u0430\u0442\u0438 \u0432 UNIX\n#unix #RCE #CVE\n\nCVE-2024-47176 CVE-2024-47076 CVE-2024-47175 CVE-2024-47177\n\n\u0412\u0447\u0435\u0440\u0430 \u0432\u0435\u0447\u0435\u0440\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043d\u0430\u0432\u043e\u0434\u043d\u0438\u043b\u0441\u044f \u043d\u043e\u0432\u043e\u0441\u0442\u044c\u044e \u043e \u043d\u043e\u0432\u043e\u0439 \u0431\u0430\u0433\u0435 \u0432 UNIX \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 RCE. \u041d\u043e \u0431\u044b\u043b\u0438 \u043e\u0441\u043e\u0431\u044b\u0435 \u0443\u0441\u043b\u043e\u0432\u0438\u044f, \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0447\u0442\u043e \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u043d\u0430 \u043f\u0435\u0447\u0430\u0442\u044c. \u0412 \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u043e\u0441\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f PoC.\n\n\ud83d\udee0 \u0418\u0437\u0443\u0447\u0438\u0442\u044c \u0440\u0430\u0439\u0442\u0430\u043f \u0422\u0423\u0422\n\n\u0410\u0432\u0442\u043e\u0440\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0438\u0437\u0443\u0447\u0438\u043b\u0438 \u043a\u043e\u043c\u043c\u0438\u0442 \u0432 OpenPrinting CUPS, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0431\u0430\u0433\u0430 \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u041e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 dns-sd \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430, \u0442\u0440\u0435\u0431\u0443\u044f, \u0447\u0442\u043e\u0431\u044b \u0446\u0435\u043b\u044c \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0448\u0438\u0440\u043e\u043a\u043e\u0432\u0435\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435, \u0442.\u0435. \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0430\u0441\u044c \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0441\u0435\u0442\u0438.\n\n\u27a1\ufe0f\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\nusage: cupshax.py [-h] [--name NAME] --ip IP [--command COMMAND] [--port PORT]\n\nA script for executing commands remotely\n\noptions:\n  -h, --help         show this help message and exit\n  --name NAME        The name to use (default: RCE Printer)\n  --ip IP            The IP address of the machine running this script\n  --command COMMAND  The command to execute (default: 'touch /tmp/pwn')\n  --port PORT        The port to connect on (default: 8631)\n\n\u27a1\ufe0f\u041f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f\npython cupshax.py --name \"Print to PDF (Color)\" \\\n                  --command \"id&gt;/tmp/pwn\" \\\n                  --ip 10.0.0.3\n\n\ud83d\udcf1 Github \u0438 \u043c\u043e\u0439 \u0444\u043e\u0440\u043a, \u043d\u0430 \u0441\u043b\u0443\u0447\u0430\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u043f\u044b\n\n\ud83c\udf1a @poxek | \ud83d\udcfa RuTube | \ud83c\udf1a \u041c\u0435\u0440\u0447 \u041f\u043e\u0445\u0435\u043a", "creation_timestamp": "2024-09-27T10:55:39.000000Z"}, {"uuid": "f4f22b59-3c03-4885-9f59-80d9fbf4279a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://t.me/purple_medved/301", "content": "UoWPrint\n\nValdikSS - \u043c\u043e\u0439 \u0445\u043e\u0440\u043e\u0448\u0438\u0439 \u0434\u0440\u0443\u0433, \u043b\u0435\u0433\u0435\u043d\u0434\u0430\u0440\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 \u0442\u0430\u043b\u0430\u043d\u0442\u043b\u0438\u0432\u044b\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0441\u043e\u0442\u043d\u0438 \u0442\u044b\u0441\u044f\u0447 \u043b\u044e\u0434\u0435\u0439, \u0441\u043e\u0437\u0434\u0430\u043b \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043a\u0440\u0443\u0442\u043e\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\ud83d\udd25 \n\nUoWPrint - \u044d\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0435\u0447\u0430\u0442\u0438 \u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043e\u0432 AirPrint \u0438 Mopria \u0447\u0435\u0440\u0435\u0437 Wi-Fi, \u043d\u0430 Orange Pi 3G-IoT-A. \u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u0441\u0442\u0430\u0440\u044b\u0439 USB-\u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u0432 \u043f\u0440\u0438\u043d\u0442\u0435\u0440/\u041c\u0424\u0423 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 Wi-Fi \u0438 \u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c \u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0437 \u043b\u044e\u0431\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (Windows, macOS, Linux, iOS \u0438 Android) \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432.\n\n\u0423 \u043c\u0435\u043d\u044f \u0435\u0441\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0439-\u0434\u043e\u0431\u0440\u044b\u0439 \u041c\u0424\u0423 HP LaserJet M1123 \u0438 \u044f \u043f\u043e\u043c\u043d\u044e \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438 \u0441\u0442\u0440\u0430\u0434\u0430\u043d\u0438\u0439 \u043c\u043d\u043e\u0433\u043e \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0434\u043b\u044f \u043d\u0435\u0433\u043e \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434 ARMv7 \u043d\u0430 3-\u0435\u0439 \u043c\u0430\u043b\u0438\u043d\u043a\u0435 \u0438 \u0437\u0430\u0432\u0435\u0441\u0442\u0438 CUPS, \u0447\u0442\u043e\u0431\u044b \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c, \u043e\u0431\u044b\u0447\u043d\u043e \u043e\u0447\u0435\u043d\u044c \u0437\u0430\u0434\u0443\u043c\u0447\u0438\u0432\u043e \u0438 \u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e\ud83d\ude48 \n\nUoWPrint \u0436\u0435 \u0438\u0434\u0435\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438, \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043f\u043e USB, \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u0442\u043e\u0447\u043a\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u043b\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u0441\u044f \u043a \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u0441\u0435\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 (\u0434\u0430\u043b\u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0440\u0435\u0436\u0438\u043c\u044b \u043a\u043d\u043e\u043f\u043e\u043a\u043e\u0439 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435) \u0438 \u043d\u0430\u0441\u043b\u0430\u0436\u0434\u0430\u0442\u044c\u0441\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c \u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435\u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0440\u043e\u0435\u043a\u0442 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c\ud83d\ude4f\n\u0414\u0435\u0432\u0430\u0439\u0441 \u0437\u0430 2000 \u0440\u0443\u0431 (~25$) \u044d\u0442\u043e \u0441\u0442\u043e\u0438\u043c\u043e\u0441\u044c \u043e\u0434\u043d\u043e\u043f\u043b\u0430\u0442\u043d\u0438\u043a\u0430 Orange Pi 3G-IoT-A \u0441 \u0430\u043a\u0440\u0438\u043b\u043e\u0432\u044b\u043c \u043a\u043e\u0440\u043f\u0443\u0441\u043e\u043c \u0438 \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0441\u043e\u0444\u0442\u043e\u043c UoWPrint. \u0418\u0437 \u044d\u0442\u043e\u0439 \u0441\u0443\u043c\u043c\u044b \u0441 \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 - 2$ \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c CUPS, 2$ - \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c SANE/AirSane, \u0430 \u0435\u0449\u0435 2$ \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 Canon CAPT (v2+). \n\u0410 \u0442\u0430\u043a \u0436\u0435 \u0441\u044e\u0434\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0438 \u043f\u0430\u0442\u0447\u0438\ud83d\udc4d \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0431\u0430\u0433\u0438 \u0432 CUPS (CVE-2024-47175, CVE-2024-47076, CVE-2024-47176), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b 26.09.24, \u043f\u043e\u0444\u0438\u043a\u0448\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 v1.15 \u043e\u0442 04.10.24\n\nPS: \u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0441\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043f\u0440\u043e\u0434\u0430\u043d\u044b, \u0441\u043b\u0435\u0434\u0438\u0442\u0435 \u0437\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043d\u0430 printserver.ink", "creation_timestamp": "2024-10-14T07:02:16.000000Z"}, {"uuid": "6dd56b11-03a2-4514-87af-f06878a18788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/4721", "content": "#Threat_Research\n1. Watchguard Unauthenticated and Unencrypted SSO Protocol\nhttps://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006\n2. Attacking UNIX Systems via CUPS (CVE-2024-47076, CVE-2024-47115, CVE-2024-47176, CVE-2024-47177)\nhttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\n]-&gt; https://github.com/RickdeJager/cupshax", "creation_timestamp": "2024-09-27T19:48:09.000000Z"}, {"uuid": "ea84094b-2edd-4acc-bad6-bf37263722cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47072", "type": "seen", "source": "https://t.me/cvedetector/10150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47072 - XStream BinaryStreamDriver Remote Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-47072 \nPublished : Nov. 8, 2024, 12:15 a.m. | 35\u00a0minutes ago \nDescription : XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T02:08:17.000000Z"}, {"uuid": "d728ecde-057f-4ed9-991f-428c9609dc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47073", "type": "seen", "source": "https://t.me/cvedetector/10110", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47073 - DataEase JWT Token Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47073 \nPublished : Nov. 7, 2024, 6:15 p.m. | 45\u00a0minutes ago \nDescription : DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T20:16:52.000000Z"}, {"uuid": "73576341-7174-48ce-9fc9-7290f0c2660f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47079", "type": "seen", "source": "https://t.me/cvedetector/7267", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47079 - Meshtastic Firmware Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47079 \nPublished : Oct. 7, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-07T22:39:19.000000Z"}, {"uuid": "2da8ee06-8a0e-4be6-85da-f48c0ea2d264", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47074", "type": "seen", "source": "https://t.me/cvedetector/7684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47074 - DataEase PostgreSQL JDBC Deserialization Vulnerability (Remote Code Execution)\", \n  \"Content\": \"CVE ID : CVE-2024-47074 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don't filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:34.000000Z"}, {"uuid": "38127f25-289a-4de7-8941-ebc3479d1618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47078", "type": "seen", "source": "https://t.me/cvedetector/6331", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47078 - Meshtastic MQTT Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47078 \nPublished : Sept. 25, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T19:21:35.000000Z"}, {"uuid": "37e1e5f1-be90-46cc-94f8-64c1d190f8c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1491", "content": "#Threat_Research\n1. Watchguard Unauthenticated and Unencrypted SSO Protocol\nhttps://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006\n2. Attacking UNIX Systems via CUPS (CVE-2024-47076, CVE-2024-47115, CVE-2024-47176, CVE-2024-47177)\nhttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\n]-&gt; https://github.com/RickdeJager/cupshax", "creation_timestamp": "2024-09-27T19:48:09.000000Z"}, {"uuid": "d6ca8544-04cc-4adb-b65f-a3796df300ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47071", "type": "seen", "source": "https://t.me/cvedetector/6779", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47071 - \"FreePBX OSS Endpoint Manager File Access Authorization Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-47071 \nPublished : Oct. 1, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T18:36:25.000000Z"}, {"uuid": "e416238a-7853-450f-a399-104851f78f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47070", "type": "seen", "source": "https://t.me/cvedetector/6552", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47070 - Authentik X-Forwarded-For Header Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47070 \nPublished : Sept. 27, 2024, 4:15 p.m. | 38\u00a0minutes ago \nDescription : authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility of logging into any account with a known login or email address. The vulnerability requires the authentik instance to trust X-Forwarded-For header provided by the attacker, thus it is not reproducible from external hosts on a properly configured environment.  The issue occurs due to the password stage having a policy bound to it, which skips the password stage if the Identification stage is setup to also contain a password stage. Due to the invalid X-Forwarded-For header, which does not get validated to be an IP Address early enough, the exception happens later and the policy fails. The default blueprint doesn't correctly set `failure_result` to `True` on the policy binding meaning that due to this exception the policy returns false and the password stage is skipped. Versions 2024.8.3 and 2024.6.5 fix this issue. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T19:14:39.000000Z"}, {"uuid": "4f558d05-7e7f-44d3-aac9-3f0df06cd71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47077", "type": "seen", "source": "https://t.me/cvedetector/6550", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47077 - Authentik Multi-Application Token Impersonation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47077 \nPublished : Sept. 27, 2024, 4:15 p.m. | 38\u00a0minutes ago \nDescription : authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren't allowed to access. Anyone who has more than one proxy provider application with different trust domains or different access control is affected. Versions 2024.8.3 and 2024.6.5 fix the issue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T19:14:38.000000Z"}, {"uuid": "dda3660d-6248-49aa-a16b-1828624bd04b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "https://t.me/cvedetector/6463", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47076 - CUPS IPP Attribute Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47076 \nPublished : Sept. 26, 2024, 10:15 p.m. | 18\u00a0minutes ago \nDescription : CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T00:42:05.000000Z"}, {"uuid": "d012f6fe-2c2e-483b-a063-332a9af904c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47075", "type": "seen", "source": "https://t.me/cvedetector/6454", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47075 - LayUI DOM Clobbering Cross-site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47075 \nPublished : Sept. 26, 2024, 6:15 p.m. | 43\u00a0minutes ago \nDescription : LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T21:21:24.000000Z"}, {"uuid": "fa07bfb8-5fc2-48d7-a8ea-2e11d0a35f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47073", "type": "seen", "source": "Telegram/lGGINmA58hMfEiLj7mFjBsIisf1G-zr65QomxYwB9aZ268Hl", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "e5d022c1-a35d-4359-83ea-022e91006973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "Telegram/wf6_1JKBCzuNNq3dQU6jatGAoF0f6DzPux9cbboZAdBa3Ds", "content": "", "creation_timestamp": "2024-10-09T00:48:15.000000Z"}, {"uuid": "f1af4617-4683-4fe8-8046-9d88548a0ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/dc_main/7090", "content": "CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE\n\nPoC: https://github.com/RickdeJager/cupshax\n\npatch:\nsudo systemctl stop cups-browsed\nsudo systemctl disable cups-browsed\n\n#exploit #git #pentest #redteam", "creation_timestamp": "2024-10-08T17:36:48.000000Z"}, {"uuid": "d20b7ac9-7a7a-40f0-bbb1-4a1b1dd28186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/292", "content": "CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE\n\nPoC: https://github.com/RickdeJager/cupshax\n\npatch:\nsudo systemctl stop cups-browsed\nsudo systemctl disable cups-browsed\n\n#exploit #git #pentest #redteam", "creation_timestamp": "2024-10-08T11:44:31.000000Z"}, {"uuid": "7e1902cc-1101-472e-bcf2-ef3103ba4f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "seen", "source": "Telegram/N1DtHFsyDu8hfvxEilITvr_MpXXai-04yAKGKsC4ri00ulA", "content": "", "creation_timestamp": "2024-09-27T17:08:06.000000Z"}, {"uuid": "7e4b610b-eb62-457d-9e8a-7a951867f61b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6260", "content": "\u041a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u043e\u0441\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 CUPS, \u043c\u0430\u0441\u0441\u043e\u0432\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044f \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0432 \u043d\u0435\u043c \u0441\u0438\u0441\u0442\u0435\u043c UNIX \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u043c\u0438 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 \u043f\u0435\u0447\u0430\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0421\u0438\u043c\u043e\u043d\u0435 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0435\u0449\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0438.\n\n\u041e\u043d\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-47176, CVE-2024-47076, CVE-2024-47175 \u0438 CVE-2024-47177.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 CUPS, \u043e\u0431\u0449\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u0435\u0447\u0430\u0442\u0438 UNIX, \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c UNIX \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043f\u0435\u0447\u0430\u0442\u0438.\n\n\u0412\u0441\u0435 \u043e\u043d\u0438 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u044e\u0442 \u0447\u0430\u0441\u0442\u044c\u044e \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440, \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 CUPS \u0436\u0435\u0440\u0442\u0432\u044b, \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u0430 PPD \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0435\u0433\u043e \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 PPD, \u043a\u043e\u0433\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 (\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439) \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u041a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430\u0448\u043b\u0438 \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0432 \u043e\u0442\u0447\u0435\u0442\u0430\u0445 Akamai, Rapid7, Elastic, Tenable, Qualys, DataDog \u0438 AquaSec, \u043d\u043e \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u043b\u0438 \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0432 X \u0434\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041d\u043e \u043d\u0435 \u0442\u0430\u043a \u0432\u0441\u0435 \u043f\u043b\u043e\u0445\u043e, \u0432\u0435\u0434\u044c \u043e\u0448\u0438\u0431\u043a\u0430\u043c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u043d\u0435 \u0432\u0441\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b Linux (\u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435), \u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u043b\u0438\u0448\u044c \u0432 \u043e\u0447\u0435\u043d\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445, \u0442\u0430\u043a \u0447\u0442\u043e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 (CVSS 9,9), \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u043c\u043d\u043e\u0433\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u0430\u0432\u044b\u0448\u0435\u043d\u0430.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e\u043c\u0438\u043c\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439, \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0438 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 PoC, \u0447\u0442\u043e \u0438 \u0432\u044b\u0437\u0432\u0430\u043b\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043f\u043e\u0438\u0441\u043a\u0430 UDP-\u043f\u043e\u0440\u0442\u0430 631, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440 CUPS \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0435\u0442 \u043d\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u044b, \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0449\u0438\u0435 \u043e \u0441\u0432\u043e\u0435\u043c \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e CUPS \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Shodan, \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u043e\u043b\u0435\u0435 75\u00a0000 \u0441\u0438\u0441\u0442\u0435\u043c, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c CUPS, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 107\u00a0000, \u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438 \u0431\u043e\u043b\u044c\u0448\u0435.\n\n\u0421\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0435. \u041f\u0440\u043e\u0441\u0442\u043e \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c CUPS. \n\n\u041d\u043e \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0431\u0435\u0437 \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0435\u0433\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c.", "creation_timestamp": "2024-09-30T13:11:39.000000Z"}, {"uuid": "6df2382a-bb5e-41da-b006-96a9a4fbaf13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1539", "content": "CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE\n\nblog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/\n\nPoC: https://github.com/RickdeJager/cupshax\n\npatch:\nsudo systemctl stop cups-browsed\nsudo systemctl disable cups-browsed\n\n#exploit #git #pentest #redteam", "creation_timestamp": "2024-09-27T12:56:55.000000Z"}, {"uuid": "1b1bda51-93b8-43ff-ab60-7915b117d96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "Telegram/Yfjl9RN0GeLXY9bMmWue6ZMJ8Qhlf06phKHOC1P1-O3oUDs", "content": "", "creation_timestamp": "2024-09-27T18:50:19.000000Z"}, {"uuid": "13bf11d7-5629-49de-9e0a-7eea174731d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11196", "content": "#Threat_Research\n1. Watchguard Unauthenticated and Unencrypted SSO Protocol\nhttps://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006\n2. Attacking UNIX Systems via CUPS (CVE-2024-47076, CVE-2024-47115, CVE-2024-47176, CVE-2024-47177)\nhttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\n]-&gt; https://github.com/RickdeJager/cupshax", "creation_timestamp": "2024-09-28T07:25:32.000000Z"}, {"uuid": "1e6e9886-7cdf-4529-b562-b48a0e1403c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47076", "type": "published-proof-of-concept", "source": "Telegram/TAtjTOaDEPJ1bR_5ctFOaG1Hic1PWf8X_vOVFA5gLQr4", "content": "", "creation_timestamp": "2024-11-11T18:35:39.000000Z"}]}