{"vulnerability": "CVE-2021-3156", "sightings": [{"uuid": "eaec1b95-a58b-49c7-86c1-55286d8999a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "9da10140-22f5-44ea-832a-399469450344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971500", "content": "", "creation_timestamp": "2024-12-24T20:30:14.707979Z"}, {"uuid": "efd8e329-a1f6-468e-a347-1f8da0ce96d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f7a5df55-29cc-4c42-a2e8-7de95314d8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:37.000000Z"}, {"uuid": "03713efc-7497-4267-ac59-1be98dd7e280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-50f1a5f6-768cfe71f5758dad", "content": "", "creation_timestamp": "2025-05-30T12:09:26.248967Z"}, {"uuid": "036775d6-1b12-4961-aeb8-79be68c006a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:30.000000Z"}, {"uuid": "fdc34721-62c2-41e3-98d4-8f32f3345b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/Darkcrai86/2f210857459fb0d37570b02c1ed6553a", "content": "", "creation_timestamp": "2025-10-02T13:56:22.000000Z"}, {"uuid": "2cfd9fa0-d41a-4811-b906-d54a8bb1bc41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lvifr6mpjk2c", "content": "", "creation_timestamp": "2025-08-03T09:51:16.046451Z"}, {"uuid": "94e60052-7dd3-4bf5-91a4-ebb34a2221d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://infosec.exchange/users/BugBountyShorts/statuses/115391619199780913", "content": "", "creation_timestamp": "2025-10-17T21:26:19.003974Z"}, {"uuid": "28f60a35-659d-4ea5-ad6c-cbbcfe2b93c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/armgxxx.bsky.social/post/3mdkf4vlkee2r", "content": "", "creation_timestamp": "2026-01-29T08:37:53.261095Z"}, {"uuid": "12a5bd25-34ec-4667-8dc2-2722df9067be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/jeancristiancustodio/172110471375258e0cc858beb00f07c6", "content": "", "creation_timestamp": "2025-11-15T16:47:57.000000Z"}, {"uuid": "ca8d472a-5344-45fa-ac31-1c5439a4914c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/michaelxg.bsky.social/post/3lxx4jnn6dc2a", "content": "", "creation_timestamp": "2025-09-03T17:06:15.292034Z"}, {"uuid": "d03e5ee9-0aef-426b-afe1-98f6d369eb4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/michaelxg.bsky.social/post/3lxx4m62g3c2a", "content": "", "creation_timestamp": "2025-09-03T17:07:38.562734Z"}, {"uuid": "3e30e861-1a7a-41e4-878f-05a471a51079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:02.000000Z"}, {"uuid": "90622edb-463f-4b6d-ab44-4229afabf38d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudo_baron_samedit.rb", "content": "", "creation_timestamp": "2021-02-04T17:13:25.000000Z"}, {"uuid": "96c09990-e309-413c-982b-f6ecbdc10092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mfghuwc3tqm2", "content": "", "creation_timestamp": "2026-02-22T06:06:54.371578Z"}, {"uuid": "f3f4d4a1-4e68-4071-9f2d-727278044fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/garagon/a8d92972c465aaeac354cd11668e409a", "content": "", "creation_timestamp": "2026-02-17T13:27:41.000000Z"}, {"uuid": "7ecb07ff-4101-461f-86f1-76a4a1291f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/E2uaRG3ibx0u7X-3lCLRMt1JB-4VLbsHUeFUOFQXBK1KcJ8", "content": "", "creation_timestamp": "2026-01-02T09:00:05.000000Z"}, {"uuid": "e07aa707-2e14-43d0-8d04-edaed54a84b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b6557656-10d6-4e76-9711-368565a4bd59", "content": "", "creation_timestamp": "2026-02-02T12:27:53.330731Z"}, {"uuid": "2f1f4f05-cdbc-46b1-909e-c21cd1a8d223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-3156", "type": "seen", "source": "https://bsky.app/profile/flarestart.bsky.social/post/3mi7moakz242f", "content": "", "creation_timestamp": "2026-03-29T16:59:32.732599Z"}, {"uuid": "3c62b21b-c736-4e38-a54a-8e938a1464b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1371", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aRoot shell PoC for CVE-2021-3156\nURL\uff1ahttps://github.com/CptGibbon/CVE-2021-3156", "creation_timestamp": "2022-01-20T23:48:13.000000Z"}, {"uuid": "0dd853b2-3c41-4fc5-a7ba-a467726a2e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/527", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156: Sudo heap overflow exploit for Debian 10\nURL\uff1ahttps://github.com/0xdevil/CVE-2021-3156", "creation_timestamp": "2021-09-14T19:27:37.000000Z"}, {"uuid": "2562f8a5-ed2a-49b1-8934-5255a214c6dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/3856", "content": "\u041a\u0430\u043a\u0430\u044f \u043f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-27T15:14:09.000000Z"}, {"uuid": "0b24f68a-b357-44da-b917-248062aa3323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3805", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Test payload for CVE-2021-3156. This will cause DoS.\n\nsudoedit -s '\\' `perl -e 'print \"A\" x 65536'", "creation_timestamp": "2021-01-27T05:47:34.000000Z"}, {"uuid": "ab3a17f7-5ed8-4c98-ad5c-b5dfcd3682e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/cKure/3803", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \u26a0\ufe0f AWS statement on CVE-2021-3156.\n\nhttps://aws.amazon.com/security/security-bulletins/AWS-2021-001/", "creation_timestamp": "2021-01-27T05:39:27.000000Z"}, {"uuid": "c4c0be6f-f481-4595-aab7-9959b0c65c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3800", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 #Zeroday in sudo command. #0day. Technical details. \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-27T05:30:07.000000Z"}, {"uuid": "6daa9fff-7e15-4619-9015-58cd68034c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3799", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 \ud83d\udce2 CVE-2021-3156 | Buffer overflow in command line unescaping.\n\nhttps://www.sudo.ws/alerts/unescape_overflow.html", "creation_timestamp": "2021-01-27T05:27:10.000000Z"}, {"uuid": "c1c0503e-d11f-4c8b-8629-363b936f1e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/g7PPXzsQx3EvDhE5SPzBeDUjd4Cr-dmtNyjjylDsMmWuZRM", "content": "", "creation_timestamp": "2025-06-09T15:00:10.000000Z"}, {"uuid": "27e1ef53-6fad-4811-b537-243ef38f607e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1376", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit and Demo system for CVE-2021-3156\nURL\uff1ahttps://github.com/sharkmoos/Baron-Samedit", "creation_timestamp": "2022-01-23T16:39:13.000000Z"}, {"uuid": "e7f15874-d5aa-4ed9-94c5-18e4b00f4192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/4044", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploit Writeup for CVE-2021\u20133156 (Sudo Baron Samedit)\n\nhttps://datafarm-cybersecurity.medium.com/exploit-writeup-for-cve-2021-3156-sudo-baron-samedit-7a9a4282cb31", "creation_timestamp": "2021-02-22T08:52:25.000000Z"}, {"uuid": "69f67e65-f4bb-4de2-b6ca-e9ac76d79c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1260", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 - Sudo Baron Samedit\nURL\uff1ahttps://github.com/LiveOverflow/pwnedit", "creation_timestamp": "2022-01-03T15:13:21.000000Z"}, {"uuid": "20fa1ac0-4d40-4395-bca2-08dfd4cdef20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/718", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 exploit\nURL\uff1ahttps://github.com/Bubleh21/CVE-2021-3156", "creation_timestamp": "2021-10-20T07:39:22.000000Z"}, {"uuid": "fc8c3218-8be6-4765-adac-99e66a1a3696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1451", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit for CVE-2021-3156\nURL\uff1ahttps://github.com/litt1eb0yy/CVE-2021-3156", "creation_timestamp": "2022-01-30T07:01:57.000000Z"}, {"uuid": "aaa1dda6-4f04-43b6-9cd4-588157835a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/RC-neZPZuuAvt0t2tEgin3P3978nN6aW7gbankyPkc-L53I", "content": "", "creation_timestamp": "2025-08-25T21:00:04.000000Z"}, {"uuid": "8321f574-e86d-4a8a-9d47-5f851d45db3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1415", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 POC and Docker and Analysis write up\nURL\uff1ahttps://github.com/chenaotian/CVE-2021-3156", "creation_timestamp": "2022-01-27T02:34:14.000000Z"}, {"uuid": "7ed0468d-6526-47d7-8d7f-9da62b678887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-31562\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.\n\ud83d\udccf Published: 2022-01-21T18:17:40.000Z\n\ud83d\udccf Modified: 2025-04-16T16:47:21.698Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01", "creation_timestamp": "2025-04-16T16:56:06.000000Z"}, {"uuid": "4f4462f8-373f-40b6-ad63-af1ce9813cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/antichat/9556", "content": "Watch \"Critical Sudo Vulnerability Walkthrough // CVE-2021-3156\" on YouTube\nhttps://youtu.be/TLa2VqcGGEQ", "creation_timestamp": "2021-04-22T22:05:46.000000Z"}, {"uuid": "8f445f35-6c9f-4e43-a159-cd3869969300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/GithubRedTeam/44570", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aExploit para explotar la vulnerabilidad CVE-2025-32463\nURL\uff1ahttps://github.com/Maalfer/Sudo-CVE-2021-3156\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-19T10:02:46.000000Z"}, {"uuid": "08745a42-ddcb-436e-8e29-34d736b91ae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/368", "content": "\u0633\u0645\u0639\u062a \u0639\u0646 \u062a\u062c\u0633\u0633 \u0627\u0644\u062e\u0641\u064a \u0641\u064a \u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 \u061f\u061f\n\n\n\u0627\u0647\u0644\u0627 \u0648\u0633\u0647\u0644\u0627 \u0628\u064a\u0643 \u064a\u0639\u0632\u064a\u0632\u064a \u0641\u064a \u0645\u0642\u0627\u0644 \u062c\u062f\u064a\u062f \ud83d\ude01 \n\n\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0645\u0642\u0627\u0644 :\n\n( \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u062a\u0635\u0627\u0644 \u0644\u064a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 )\n\n\n\u0641\u064a \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0623\u062e\u0637\u0631 \u0627\u0644\u062d\u0645\u0644\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 \u0628\u0644\u063a\u062a \u0634\u0631\u0643\u0647 \n\n(  Palo Alto Networks - Unit 42  )\n\n\n\u0639\u0646 \u0646\u0634\u0627\u0637 \u0645\u0643\u062b\u0641 \u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u062a\u0647\u062f\u064a\u062f \u0645\u062a\u0642\u062f\u0645\u0629 \u062a\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CL-STA-0969 \u0642\u062f\u0631\u062a \u0627\u0646\u0647 \u062a\u0633\u062a\u0647\u062f\u0641 \u062e\u0644\u0627\u0644 \u0639\u0634\u0631 \u0627\u0634\u0647\u0631 \u0643\u0627\u0645\u0644\u0647 \u0627\u0644\u0628\u0646\u064a\u0647 \u0627\u0644\u062a\u062d\u062a\u064a\u0647 \u0627\u0644\u062d\u064a\u0648\u064a\u0647 \u0644\u064a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0627\u0633\u064a\u0627 \n\n\u0648 \u064a\u0639\u062a\u0642\u062f \u0627\u0646 \u0627\u0644\u062a\u062c\u0633\u0633 \u062f\u0627 \u0645\u0646 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062f\u0648\u0644 \ud83d\udd75\ud83c\udffb\n\n\n\u0637\u064a\u0628 \u064a\u0627 \u0633\u0628\u0627\u064a\u062f\u0631 \u062f\u0648\u0644 \u0647\u062f\u0641\u0647\u0645 \u0627\u064a \u061f\n\n\n\u0647\u062f\u0641\u0647\u0645 \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u062f\u0648\u0646 \u0627\u064a \u0639\u0644\u0645 \u0644\u064a \u0627\u064a \u0634\u062e\u0635 ( \u0633\u0631\u064a\u0647 \u062a\u0627\u0645\u0647 )\n\n\n\n\u0627\u0644\u062a\u062d\u0642\u064a\u0642\u0627\u062a \u0627\u0638\u0647\u0631\u062a \u0627\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0643\u0627\u0646 \u0645\u0646 \u0641\u0628\u0631\u0627\u064a\u0631 \u0644\u062d\u062f \u0646\u0648\u0641\u0645\u0628\u0631 2024 \u0648 \u0643\u0627\u0646 \u0627\u0644\u0647\u062f\u0641 \u0644\u0627\u0633\u0627\u0633\u064a \u0645\u0646 \u062f\u0627 \u0639\u0645\u0644 rce \u0645\u0646 \u063a\u064a\u0631 \u0644\u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a  \u0644\u064a \u062a\u0641\u0627\u0639\u0644 \u0639\u0634\u0627\u0646 \u0633\u0631\u0642\u0647 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \n\n\n\u0644\u062d\u0638\u0647 \u0628\u0633 \u0627\u064a \u0647\u0648\u0627 rce \u061f\n\n\u0628\u062e\u062a\u0635\u0627\u0631 rce \u0647\u064a\u0627 \u0647\u062c\u0645\u0647 \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647 \u0647\u062f\u0641\u0647 \u0627\u0646\u0647 \u062a\u0639\u0645\u0644 \u0627\u062e\u062a\u0631\u0627\u0642 \u0648 \u062a\u062d\u0643\u0645 \u0641\u064a shell \u0644\u064a \u0627\u0644\u0636\u062d\u064a\u0647 \u0648 \u062f\u064a \u0645\u0646 \u0627\u062e\u0637\u0631 \u0647\u062c\u0645\u0627\u062a \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647\n\n\n\u0637\u064a\u0628 \u0627\u0634\u0631\u062d \u0644\u064a\u0646\u0627 \u0645\u062b\u0627\u0644 \u0639\u0646 \u0647\u062c\u0648\u0645 \u061f\n\n\n\u0647\u0645\u0627 \u0627\u0633\u062a\u062e\u062f\u0645\u0648 \u0627\u062f\u0647 \u0627\u0633\u0645\u0647 \n\n( Cordscan )\n\n\u0628\u062d\u064a\u062b \u0627\u0646\u0647\u0645 \u064a\u062c\u0645\u0648\u0639 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0639\u0646 \u0644\u0627\u062c\u0647\u0627\u0632\u0647 \u0648 \u0644\u062d\u062f \u0648\u0642\u062a\u0646\u0627 \u0647\u0630\u0627 \u0645\u062d\u062f\u0634 \u0644\u0642\u064a \u062f\u0644\u064a\u0644\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u0639\u0645\u0644\u0648 brute-force \u0639\u0644\u0649 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SSH\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u062f\u062e\u0644\u0648 \u0641\u064a ssh \u0648 \u0632\u0631\u0639\u0648\u0627 malware \n\n\nAuthDoor : \u0648\u062d\u062f\u0629 \u0645\u0635\u0627\u062f\u0642\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0642\u0648\u0645 \u0628\u0633\u0631\u0642\u0629 \u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0648\u062a\u0648\u0641\u0631 \u0648\u0635\u0648\u0644 \u062f\u0627\u0626\u0645 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \"\u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u0633\u062d\u0631\u064a\u0629\".\n\nCordscan : \u0623\u062f\u0627\u0629 \u0644\u0641\u062d\u0635 \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0627\u0644\u062a\u0642\u0627\u0637 \u0627\u0644\u062d\u0632\u0645.\n\nGTPDOOR: \u0645\u0635\u0645\u0645\u0629 \u062e\u0635\u064a\u0635\u064b\u0627 \u0644\u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0642\u0631\u064a\u0628\u0629 \u0645\u0646 \u062a\u0628\u0627\u062f\u0644 \u062a\u062c\u0648\u0627\u0644 GPRS.\n\nEchoBackdoor: \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0633\u0644\u0628\u064a \u064a\u0633\u062a\u062e\u062f\u0645 \u062d\u0632\u0645 ICMP \u0644\u062a\u0644\u0642\u064a \u0648\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c.\n\nSGSN Emulator (sgsnemu) : \u0644\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u062c\u062f\u0631\u0627\u0646 \u0627\u0644\u0646\u0627\u0631\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0627\u0644\u0634\u0628\u0643\u0629.\n\nChronosRAT : \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0642\u0627\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0634\u0644 \u0643\u0648\u062f\u060c \u0623\u062e\u0630 \u0644\u0642\u0637\u0627\u062a \u0634\u0627\u0634\u0629\u060c \u062a\u0633\u062c\u064a\u0644 \u0636\u063a\u0637\u0627\u062a \u0627\u0644\u0645\u0641\u0627\u062a\u064a\u062d\u060c \u0625\u0644\u062e.\n\nNoDepDNS (MyDns) : \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0628\u0644\u063a\u0629 Go \u064a\u062a\u0644\u0642\u0649 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0639\u0628\u0631 DNS \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0648\u062a UDP \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0641\u0630 53.\n\n\n\u0648 \u0627\u062e\u062a\u0631\u0642\u0648 \u0643\u0630\u0627 \u0645\u062c\u0645\u0648\u0639\u0647 \u0632\u064a :\n\nLightBasin (UNC1945): \u062a\u0633\u062a\u0647\u062f\u0641 \u0642\u0637\u0627\u0639 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0645\u0646\u0630 2016.\n\nUNC2891: \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u0627\u0644\u064a\u0629 \u0647\u0627\u062c\u0645\u062a \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0635\u0631\u0627\u0641 \u0627\u0644\u0622\u0644\u064a.\n\nUNC3886: \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0633\u062a\u063a\u0644\u062a \u062b\u063a\u0631\u0627\u062a \u0641\u064a VMware.\n\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\u0648 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u064a cves \u0632\u064a :\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\u0648 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0643\u0646\u064a\u0643\u0627\u062a \u0644\u064a \u062a\u062e\u0641\u064a \u0632\u064a :\n\n\u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0639\u0628\u0631 DNS tunneling\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0634\u063a\u0644\u064a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646 \u0643\u0646\u0642\u0627\u0637 \u0648\u0633\u064a\u0637\u0629\n\n\u0645\u0633\u062d \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\n\n\u062a\u0639\u0637\u064a\u0644 SELinux\n\n\u062a\u063a\u064a\u064a\u0631 \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0644\u062a\u0628\u062f\u0648 \u0634\u0631\u0639\u064a\u0629 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645\n\n\n\u0648 \u0643\u0627\u0646 \u0641\u064a \u0631\u062f \u0641\u0639\u0644 \u0627\u0644\u062f\u0648\u0644 \u0632\u064a \u0627\u0644\u0635\u064a\u0646 \u0648 \u0627\u0645\u0631\u064a\u0643\u0627 \n\n\n\u062d\u064a\u0646 \u0633\u0627\u0626\u0644 \u0627\u0644\u0631\u0626\u064a\u0633 \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a \u062f\u0648\u0646\u0627\u0644\u062f \u062a\u0631\u0627\u0645\u0628 \u0639\u0644\u0649 \u0642\u0646\u0627\u0629 \u0641\u0648\u0643\u0633 \u0646\u064a\u0648\u0632 \u0639\u0646 \u0647\u062c\u0645\u0627\u062a \u0635\u064a\u0646\u064a\u0629 \u0639\u0644\u0649 \u0646\u0638\u0645 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0644\u0643\u064a\u0629 \u0627\u0644\u0641\u0643\u0631\u064a\u0629 \u0642\u0627\u0644 :\n\n\u0647\u0648 \u0623\u0646\u062a \u0645\u062a\u062e\u064a\u0644 \u0627\u0646\u0646\u0627 \u0645\u0634 \u0628\u0646\u0639\u0645\u0644 \u0643\u062f\u0647 \u061f\u061f\u061f\n\n \u0627\u062d\u0646\u0627 \u0628\u0646\u0639\u0645\u0644 \u062d\u0627\u062c\u0627\u062a \u0643\u062a\u064a\u0631 \u0643\u062f\u0647 \u0627\u0644\u062f\u0646\u064a\u0627 \u0645\u0627\u0634\u064a\u0629 . \u0627\u0644\u0639\u0627\u0644\u0645 \u062f\u0647 \" \u0645\u0634 \u0633\u0647\u0644 \"\n\n\u0648\u0643\u0627\u0646 \u0627\u0644\u062d\u062f\u062b \u062f\u0627 \u062c\u0647 \u0645\u0639 \u0648\u0642\u062a \u0627\u0644\u064a \u0627\u0644\u0641\u0631\u064a\u0642 \u0627\u0644\u062a\u0642\u0646\u064a \u0627\u0644\u0635\u064a\u0646\u064a \u062d\u064a\u062b \u0642\u0627\u0644\u0648 \u0627\u0646 \u0627\u0644\u0635\u064a\u0646 \u0647\u064a\u0627 \u0627\u0644\u0633\u0628\u0628 \u0644\u0646\u0647\u0645 \u0642\u062f\u0631\u0648 \u064a\u0644\u0642\u0648 zero day  \u0641\u064a \n\n( Microsoft Exchange )\n\n\n\u0648 \u0631\u0643\u0632 \u0641\u064a \u062f\u064a\n\n\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0623\u0643\u062b\u0631 \u0645\u0646 50 \u062c\u0647\u0627\u0632 \u0639\u0627\u0626\u062f\u064a\u0646 \u0644\u0643\u064a\u0627\u0646 \u0639\u0633\u0643\u0631\u064a \u0635\u064a\u0646\u064a \u0643\u0628\u064a\u0631 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 2022 \u0648\u064a\u0648\u0644\u064a\u0648 2023 \n\n\u0648\u0632\u0639\u0645\u062a \u0627\u0644\u0635\u064a\u0646 \u0623\u0646 \u0627\u0644\u0623\u0647\u062f\u0627\u0641 \u0634\u0645\u0644\u062a \u062c\u0627\u0645\u0639\u0627\u062a \u0648\u0645\u0624\u0633\u0633\u0627\u062a \u0628\u062d\u062b\u064a\u0629 \u0648\u0634\u0631\u0643\u0627\u062a \u062a\u0639\u0645\u0644 \u0641\u064a \u0645\u062c\u0627\u0644\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0648\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0627\u0644\u0641\u0636\u0627\u0626\u064a \n\n\u0648\u0642\u062f \u0627\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0648\u0646 \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a\u0648\u0646  \u062d\u0633\u0628 \u0632\u0639\u0645 \u0627\u0644\u0635\u064a\u0646  \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 \u0648\u0646\u0648\u0641\u0645\u0628\u0631 2024\n\n\n\n\u0627\u0643\u062a\u0628\u0648 \u0644\u064a\u0627 \u0631\u0627\u064a\u0643\u0645 \u0641\u064a \u0627\u0644\u0645\u0642\u0627\u0644 \u062d\u0627\u0648\u0644\u062a \u0627\u062e\u0644\u064a \u0644\u063a\u0647 \u0627\u0644\u0639\u0631\u0628\u064a\u0647 \u0627\u0644\u0641\u0635\u062d\u0647 \u0641\u064a \u0648 \u0634\u0643\u0631\u0627 \u0639\u0644\u064a \u0642\u0631\u0627\u0626\u0647 \u0627\u0644\u0645\u0642\u0627\u0644 \ud83e\udd0d\u2728\n\n\n\u0645\u0635\u062f\u0631 : \n\n\nhttps://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html", "creation_timestamp": "2025-08-03T10:22:58.000000Z"}, {"uuid": "4ed3dac3-599c-49d4-81d9-ccec81477edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/linuxtnt/2622", "content": "\u0633\u0644\u0627\u0645.\n\u0631\u0641\u0639 \u0628\u0627\u06af \u0633\u0648\u062f:\n\n\u0627\u0633\u0645 \u0628\u0627\u06af\u06cc \u06a9\u0647 \u0647\u0633\u062a:\nThe bug (CVE-2021-3156), dubbed \u201cBaron Semedit,\n\u0646\u0627\u0645 \u062f\u0627\u0631\u0647. \u0628\u0627\u0639\u062b \u0645\u06cc\u0634\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc   \u0631\u0648\u062a \u0628\u0647 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0628\u062f\u0647 \u0628\u062f\u0648\u0646 \u0627\u06cc\u0646\u06a9\u0647 \u062f\u0631 \u0644\u06cc\u0633\u062a sudoers file   \u0628\u0627\u0634\u0647\n\n\u06af\u0641\u062a\u0646 \u0627\u0632 \u0633\u0627\u0644 2011 \u0627\u06cc\u0646 \u0628\u0627\u06af \u0628\u0648\u062f\u0647.\n\u0648\u0627\u0633\u0647 \u0628\u0631\u0631\u0633\u06cc \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062a\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062e\u0648\u062f\u062a\u0648\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f  \u0633\u0648\u062f\u0648\u060c \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u063a\u06cc\u0631 \u0631\u0648\u062a \u0648\u0627\u0631\u062f \u0633\u06cc\u0633\u062a\u0645 \u0634\u0648\u06cc\u062f \u0648 \u06cc\u06a9 \u062f\u0633\u062a\u0648\u0631 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f:\nsudoedit -s /\n\n\u0627\u06af\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0634\u0645\u0627 \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u0647 \u062e\u0637\u0627\u06cc\u06cc \u0645\u06cc\u062f\u0647 \u06a9\u0647 \u0628\u0627\nsudoedit\n\u0627\u06af\u0631 \u0647\u0645 \u0646\u0628\u0627\u0634\u0647 \u062e\u0637\u0627\u06cc\u06cc \u0628\u0627 usage\n\u062f\u0627\u062f\u0647 \u0645\u06cc\u0634\u0647.\n\n\u0648\u0627\u0633\u0647 \u0631\u0641\u0639 \u0645\u0634\u06a9\u0644 \u0627\u06cc\u0646 \u0628\u0627\u06af \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u0631\u0648 \u0628\u0632\u0646\u06cc\u062f:\n\n# For Ubuntu or Debian-based\n$ sudo apt update && sudo apt upgrade \n\n# For Arch Linuux\n$ sudo pacman -Syu\n\n#For Fedora\n$ sudo dnf update\n\n\u0628\u0639\u062f \u0627\u067e\u062f\u06cc\u062a \u0628\u0647 Sudo v1.9.5p2 \u062a\u063a\u06cc\u06cc\u0631 \u067e\u06cc\u062f\u0627 \u0645\u06cc\u06a9\u0646\u0647.\n\n\u0627\u06af\u0631 \u062f\u0633\u062a\u06cc \u0628\u062e\u0648\u0627\u0647\u06cc\u062f \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0633\u06cc\u0631 \u0628\u0631\u06cc\u062f.\nhttps://www.sudo.ws/download.html\n\n********************************************\n\n\n\u06a9\u0627\u0646\u0627\u0644 \u0645\u06a9\u0645\u0644: \u0627\u0645\u0648\u0632\u0634\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0648 \u0627\u0648\u067e\u0646 \u0633\u0648\u0631\u0633 \u0647\u0627                                   @linuxtnt\n\nTelegram\n\u0622\u0645\u0648\u0632\u0634 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0648 \u0627\u0648\u067e\u0646 \u0633\u0648\u0631\u0633\nhttps://t.me/joinchat/QPMh3Khn9izpmzqf", "creation_timestamp": "2021-01-31T03:01:04.000000Z"}, {"uuid": "c76a0064-cef9-4cdc-a81e-8854fac015d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/369", "content": "Title:\nCovert Espionage in Asia\u2019s Communication Networks\n\nHello and welcome, dear reader, to a new article \ud83d\ude01\n\nIn one of the most serious cyber espionage campaigns recently discovered, Palo Alto Networks \u2013 Unit 42 reported intense activity from an advanced threat group known as CL-STA-0969, which is believed to have targeted the critical telecommunications infrastructure of Southeast Asia over a span of ten months.\n\nIt is suspected that this operation was state-sponsored \ud83d\udd75\ud83c\udffb\n\n\n---\n\n\ud83e\udde0 So, what was their goal?\n\nTheir primary goal was to silently infiltrate and control telecom networks without detection \u2014 complete stealth.\n\nInvestigations revealed that the attacks occurred between February and November 2024, with the primary objective being Remote Code Execution (RCE) for data theft, without requiring user interaction.\n\n\n---\n\n\u26a0\ufe0f Wait \u2014 what is RCE?\n\nRCE (Remote Code Execution) is a cyberattack that allows an attacker to gain access to a system and execute commands remotely via a shell \u2014 one of the most dangerous forms of attack.\n\n\n---\n\n\ud83d\udd0d Example of the attack:\n\nThe attackers used a tool called Cordscan to gather intelligence about network devices.\nTo this day, no direct evidence has been found regarding their initial access point.\n\nThen, they performed brute-force attacks on SSH protocols, eventually gaining access and planting multiple malware payloads:\n\nAuthDoor: A malicious authentication module that steals credentials and allows persistent access using a \"magic password.\"\n\nCordscan: A network scanning and packet capturing tool.\n\nGTPDOOR: Specifically built for telecom networks near GPRS roaming exchanges.\n\nEchoBackdoor: A passive backdoor using ICMP packets for command execution and result delivery.\n\nSGSN Emulator (sgsnemu): Bypasses firewalls through network manipulation.\n\nChronosRAT: Malware capable of executing shellcode, capturing screenshots, keylogging, and more.\n\nNoDepDNS (MyDns): A Go-based backdoor that receives commands over DNS using UDP on port 53.\n\n\n\n---\n\n\ud83c\udfaf Targeted Threat Groups:\n\nThey also interacted with or mimicked operations of other known APTs:\n\nLightBasin (UNC1945): Targeting telecom since 2016.\n\nUNC2891: Financially motivated, known for ATM attacks.\n\nUNC3886: Exploited vulnerabilities in VMware systems.\n\n\n\n---\n\n\ud83e\uddf0 Tools Used:\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\n\n---\n\n\ud83d\udd13 CVEs Exploited:\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\n\n---\n\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Stealth Techniques:\n\nDNS tunneling for traffic obfuscation\n\nUsing compromised telecom infrastructure as intermediate relays\n\nLog tampering and credential wiping\n\nDisabling SELinux\n\nRenaming malicious processes to appear legitimate\n\n\n\n---\n\n\ud83c\udf0d International Response \u2013 China & USA\n\nWhen asked on Fox News about alleged Chinese cyberattacks on U.S. telecom infrastructure and intellectual property theft, former U.S. President Donald Trump responded:\n\n> \u201cYou really think we don\u2019t do that too?\nWe do a lot of things like that... the world isn\u2019t simple.\u201d\n\n\n\nThis controversy coincided with statements from a Chinese tech team claiming China was the victim, after discovering a Zero-Day vulnerability in Microsoft Exchange.\n\nThey further alleged that over 50 devices belonging to a major Chinese military entity were compromised between July 2022 and July 2023.\n\nThe Chinese claimed the targets included universities, research institutes, and satellite internet companies.\n\nAccording to their reports, U.S. hackers exploited electronic file system vulnerabilities to compromise the targets between July and November 2024.\n\n\n---\n\nSource:\nThe Hacker News \u2013 CL-STA-0969 Campaign", "creation_timestamp": "2025-08-03T10:00:38.000000Z"}, {"uuid": "e4f629ad-4038-4ef6-9877-1af981a982a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2423", "content": "Heap-based buffer overflow in Sudo (CVE-2021-3156)\n\nNice write-up and root cause analysis of the bug. \n\nSummary\n========================================================================\n\nWe discovered a heap-based buffer overflow in Sudo\n(https://www.sudo.ws/). This vulnerability:\n\n- is exploitable by any local user (normal users and system users,\n  sudoers and non-sudoers), without authentication (i.e., the attacker\n  does not need to know the user's password);\n\n- was introduced in July 2011 (commit 8255ed69), and affects all legacy\n  versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to\n  1.9.5p1, in their default configuration.\n\nWe developed three different exploits for this vulnerability, and\nobtained full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10\n(Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and\ndistributions are probably also exploitable.\n\nhttps://www.openwall.com/lists/oss-security/2021/01/26/3", "creation_timestamp": "2021-01-26T19:30:14.000000Z"}, {"uuid": "55cc4cb1-20c8-4e7b-aa2c-130f9f65e2cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5319", "content": "\u0422\u0443\u0442 \u0432 Ubuntu \u0440\u0435\u0448\u0438\u043b\u0438 \u0437\u0430\u0442\u0430\u0449\u0438\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430 Rust \u043d\u0430\u043f\u0438\u0441\u0430\u043d\n\n\u0412\u043e\u043e\u0431\u0449\u0435 \u044d\u0442\u043e \u0437\u043d\u0430\u043a\u043e\u0432\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e\n\n1. \u0410\u043d\u0430\u043b\u043e\u0433 \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\n2. \u042d\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0439 \u0448\u0430\u0433 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0443\u0442\u0438\u043b\u0438\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0435 \u0441 \"\u0438\u0441\u0442\u043e\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438\"\n\n\u042f \u043b\u0438\u0447\u043d\u043e \u043d\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0436\u0443 \u043d\u0438 \u043d\u0430 \u043a\u0430\u043a\u0438\u0435 \u043c\u043e\u0434\u043d\u044b\u0435 \"\ud83d\udca5blazing\ud83d\udcaafast\ud83d\ude80\" \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043f\u043e\u043a\u0430 \u043e\u043d\u0438 \u043d\u0435 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Canonical \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432 \u043e\u0441\u0435\u043d\u043d\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Ubuntu 25.10 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0430\u043d\u0430\u043b\u043e\u0433 \u0443\u0442\u0438\u043b\u0438\u0442\u044b sudo, \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c sudo-rs \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust. \u0412 \u043c\u0430\u0440\u0442\u0435 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0437\u0430\u043c\u0435\u043d\u044b \u0443\u0442\u0438\u043b\u0438\u0442 GNU Coreutils \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 uutils. \u041d\u0430 \u0441\u0442\u0430\u0434\u0438\u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u0437\u0430\u043c\u0435\u043d\u0435 zlib \u0438 ntpd \u043d\u0430 zlib-rs \u0438 ntpd-rs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044e Sequoia \u0432\u043c\u0435\u0441\u0442\u043e GnuPG \u0432 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 APT.\n\n\u0412 sudo-rs \u043f\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0430 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438 sudo \u0438 su, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c sudo-rs \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0439 \u0437\u0430\u043c\u0435\u043d\u044b sudo \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u0414\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u0435 \u0436\u0435\u043b\u0430\u044e\u0449\u0438\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u0430 uutils \u0438 sudo-rs, \u0432 Ubuntu 25.10 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u043a\u0430\u0442\u0430 \u043d\u0430 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442 coreutils \u0438 sudo.\n. . .\n\u0417\u0430\u043c\u0435\u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0441 \u043e\u0433\u043b\u044f\u0434\u043a\u043e\u0439 \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c, \u043d\u0430\u0434\u0451\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u044c. \u041f\u043e\u0441\u0442\u0430\u0432\u043a\u0430 \u0443\u0442\u0438\u043b\u0438\u0442, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust, \u0434\u0430\u0441\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u043a \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u0445\u043e\u0434 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430. \u0415\u0441\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u0437\u043d\u0430\u043d \u0443\u0434\u0430\u0447\u043d\u044b\u043c, \u0442\u043e \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043d\u0430 Rust \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 LTS-\u0432\u0435\u0442\u043a\u0435 Ubuntu 26.04.\n\u0412 Ubuntu 25.10 \u0440\u0435\u0448\u0435\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Rust\nhttps://www.opennet.ru/opennews/art.shtml?num=63197\n\n\u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Rust \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c. \u0412\u043e\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u044b CVE \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0435\u0441\u044f \u043a sudo\n\n- CVE-2019-18634 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/saleemrashid/sudo-cve-2019-18634/)\n\n- CVE-2021-3156 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/worawit/CVE-2021-3156)\n\n\u041d\u043e sudo-rs \u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u0435\u0449\u0451 \u043c\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u044b, \u0447\u0442\u043e \u0431\u044b \"\u043e\u0431\u043a\u0430\u0442\u0430\u0442\u044c\u0441\u044f\" \u0441 \u043b\u043e\u0433\u0438\u043a\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b. \u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2023-42456\n\nFor example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames...The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access.\nhttp://cve.org/CVERecord?id=CVE-2023-42456\n\nGitHub \u043f\u0440\u043e\u0435\u043a\u0442\u0430\nhttps://github.com/trifectatechfoundation/sudo-rs", "creation_timestamp": "2025-05-07T21:41:33.000000Z"}, {"uuid": "7df8f913-da61-4415-8d70-b4220c868aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/fmCydS8g_rr1eZoXRtWSbnkmJ-MKQbhzsJWUs4lxQafZcasJ", "content": "", "creation_timestamp": "2021-02-01T06:18:24.000000Z"}, {"uuid": "5386e87e-5e7c-44f7-bdf0-f712936cf156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/BleepingComputer/9045", "content": "Latest macOS Big Sur also has SUDO root privilege escalation flaw\n\nRecently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. [...]\n\nhttps://www.bleepingcomputer.com/news/security/latest-macos-big-sur-also-has-sudo-root-privilege-escalation-flaw/", "creation_timestamp": "2021-02-03T11:31:25.000000Z"}, {"uuid": "f847ef0e-4655-4582-9b07-e118284f3212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/infobes/301", "content": "CVE-2021-26855/27065 - ProxyLogon MS Exchange Server RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-22986 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-27076 - A Replay-style Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-21193:\nGoogle Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-27076:\nReplay Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-27889, CVE-2021-27890:\nMyBB RCE Chain\nhttps://blog.sonarsource.com/mybb-remote-code-execution-chain", "creation_timestamp": "2021-03-22T10:14:45.000000Z"}, {"uuid": "8aac3476-888b-4440-b298-1c42a1c7d6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/Rg02G1EeA15TwWZ1pSDugSv9c8R7BSyf-8mnTk8tekiQrLs", "content": "", "creation_timestamp": "2025-07-18T15:00:06.000000Z"}, {"uuid": "aec2381b-c697-4f26-aa58-a6cb5fa7d45a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/ctinow/28130", "content": "Recently discovered CVE-2021-3156 SUDO bug also affects macOS Big Sur\n\nhttps://ift.tt/39KmRKZ", "creation_timestamp": "2021-02-03T18:02:25.000000Z"}, {"uuid": "7e9efbb2-9ff6-424a-afc1-b1b0f3184f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/alexmakus/3884", "content": "\u0432 macOS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442 \u0441 \u0444\u0438\u043a\u0441\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 sudo \n\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed by updating to sudo version 1.9.5p2.\nCVE-2021-3156: Qualys\n\nhttps://support.apple.com/en-us/HT212177", "creation_timestamp": "2021-02-09T19:47:42.000000Z"}, {"uuid": "eff8aa56-d55b-4941-ad8c-449251a366f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "ca154f73-0a4f-4349-b474-4acf6d774000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/7XG3Qhyveq0sd-sorvBusAou1bYnK4tFO-cr4qbsp7Vd2w0", "content": "", "creation_timestamp": "2024-08-28T07:50:25.000000Z"}, {"uuid": "cd12d3e9-f4c8-498c-a36e-d2bd65894c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/arpsyndicate/872", "content": "#ExploitObserverAlert\n\nCVE-2021-3156\n\nDESCRIPTION: Exploit Observer has 324 entries related to CVE-2021-3156. Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.\n\nFIRST-EPSS: 0.965750000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-02T01:12:34.000000Z"}, {"uuid": "aba9d0d7-c2f8-489e-a86c-bb3da225c7a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"}, {"uuid": "7bbc954c-936c-4928-bbbe-40bcae973fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/aAToEbDNA_gNIUhyoA2hljK3gxWeXOko5fP_6rpSBJwcFeM", "content": "", "creation_timestamp": "2021-01-27T09:00:26.000000Z"}, {"uuid": "9b00e88b-76ae-47ba-b1dd-9aa3c19de01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/9ZPtMGQ2NTqDlQjOJ_KORtJHj6LrGXIkN7PF8Qy11_r0aZ9d", "content": "", "creation_timestamp": "2025-02-06T02:39:19.000000Z"}, {"uuid": "6451916a-bb0d-4506-a2fb-7e289742e1df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/arpsyndicate/1983", "content": "#ExploitObserverAlert\n\nCVE-2021-3156\n\nDESCRIPTION: Exploit Observer has 373 entries related to CVE-2021-3156. Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.\n\nFIRST-EPSS: 0.965750000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T12:32:10.000000Z"}, {"uuid": "5280bd48-5ba6-40bf-8f1b-c3e113ff5cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/5ubDiOPhpE3YXrILNQXATGJJi9BbUr-zrtzW-n3816ppGAI", "content": "", "creation_timestamp": "2025-02-11T10:00:05.000000Z"}, {"uuid": "ae609f88-19c1-4b93-adab-06e372f6dd16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/S7Ipgu0vMt50c0baWnLK9ZDMGJrzeFNEpMbERuEw4Udr-Q", "content": "", "creation_timestamp": "2021-03-20T03:08:49.000000Z"}, {"uuid": "73838298-e907-4b98-ba5d-6c8d99b2012f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"}, {"uuid": "974d7926-f476-43fb-a897-0c12bd6435f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/leaked_databases/480", "content": "_NOT_ a leaked database but still worth mentioning, since this exploit will greatly increase the capabilities of every skid with a webshell: \n\nSudo has been vulnerable for about 10 years. Good thing I run everything as root already :)\n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-28T08:21:20.000000Z"}, {"uuid": "761eed57-cd00-4e5e-9d0e-be32af0cbcd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/5890", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Positive Technologies \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0430\u0446\u0438\u0438 ExCobalt \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u043c \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 GoRed \u043d\u0430 \u0431\u0430\u0437\u0435 Golang.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 ExCobalt \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2016 \u0433\u043e\u0434\u0430, \u0438\u0437 \u0447\u0438\u0441\u043b\u0430, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0431\u044b\u0432\u0448\u0438\u0445 \u0447\u043b\u0435\u043d\u043e\u0432 \u0431\u0430\u043d\u0434\u044b Cobalt.\n\nCobalt\u00a0\u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u00a0\u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, \u043e\u0442\u043b\u0438\u0447\u0430\u044f\u0441\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 CobInt, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u0432 2022 \u0433\u043e\u0434\u0443.\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0420\u0424 \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0441\u0435\u043a\u0442\u043e\u0440\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0433\u043e\u0441\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438, \u043c\u0435\u0442\u0430\u043b\u043b\u0443\u0440\u0433\u0438\u044e, \u0433\u043e\u0440\u043d\u043e\u0434\u043e\u0431\u044b\u0432\u0430\u044e\u0449\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0440\u0435\u0434\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u0430\u00a0\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0447\u0442\u043e \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439.\n\n\u041c\u0435\u0442\u043e\u0434\u043e\u043b\u043e\u0433\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u044b ExCobalt \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Metasploit, Mimikatz, ProcDump, SMBExec, Spark RAT\u00a0\u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 EoP-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Linux (CVE-2019-13272, CVE-2021-3156, CVE-2021- 4034 \u0438 CVE-2022-2586).\n\n\u041f\u0440\u0435\u0442\u0435\u0440\u043f\u0435\u0432\u0448\u0438\u0439 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f GoRed \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u0445, \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u041e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 RPC \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0441 C2.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0440\u044f\u0434 \u0444\u043e\u043d\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0449\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438. \u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443.\n\nExCobalt \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u043d\u043e\u0432\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u0443\u044f \u043c\u0435\u0442\u043e\u0434\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c GoRed\u00a0\u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0430\u0435\u0442 \u0432\u0441\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e \u0441\u0431\u043e\u0440\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432\u044b, \u043f\u043e\u0432\u044b\u0448\u0430\u044f \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u044c \u043a\u0430\u043a \u0432\u043d\u0443\u0442\u0440\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0442\u0430\u043a \u0438 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 C2.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, ExCobalt \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442 \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u044c \u0438 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u043f\u043e\u043b\u043d\u044f\u044f \u0441\u0432\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u044e\u0442 \u0433\u0440\u0443\u043f\u043f\u0435 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0438 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043a \u0435\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0441\u043b\u0430\u0431\u044b\u0445 \u0441\u0442\u043e\u0440\u043e\u043d \u0436\u0435\u0440\u0442\u0432\u044b.", "creation_timestamp": "2024-06-24T14:33:41.000000Z"}, {"uuid": "71bdf008-7f84-44d2-9e1e-75e9bba214b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/Fp_2ZLBngiOhyv14CIKtit6DO5l30RGjm7oxvF-OGmjIyA", "content": "", "creation_timestamp": "2021-03-20T03:03:09.000000Z"}, {"uuid": "0acb30df-7351-454a-97f3-7da15f42b881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/381", "content": "CVE-2021-3156 sudo Vulnerability that affects most Linux Systems\n\n#cve-2021-3156 #BufferOverflow #Exploit #InfoSec #Ubuntu #CyberSecurity #Linux\n\nhttps://reconshell.com/cve-2021-3156-sudo-vulnerability-that-affects-most-linux-systems/", "creation_timestamp": "2021-01-30T05:33:24.000000Z"}, {"uuid": "12c961bd-9a9d-433e-bb34-002d2c8ac558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/1389", "content": "\u200b\u200b\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u0443\u044e (\u043d\u043e \u043d\u0435 \u0441\u0432\u0435\u0436\u0443\u044e) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-3156 aka Baron Samedit \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u044e\u0431\u044b\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 \u0438\u044e\u043b\u044f 2011 \u0433\u043e\u0434\u0430. \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u043e\u043c \u0440\u0443\u0442\u043e\u0432\u044b\u0445 \u043f\u0440\u0430\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Qualys \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0442\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u0440\u0430\u0432\u0430 \u0432 Ubuntu 20.04, Debian 10 \u0438 Fedora 33.  \u041d\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0441\u0440\u0430\u0437\u0443 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e CVE-2021-3156 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\nQualys \u043a\u0430\u043a \u0432 \u0432\u043e\u0434\u0443 \u0433\u043b\u044f\u0434\u0435\u043b\u0438. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Hacker Fantastic, \u0432 \u043c\u0438\u0440\u0443 \u041c\u044d\u0442\u044c\u044e \u0425\u0438\u043a\u043a\u0438, \u0441\u043e\u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 CTO Hacker House, \u0441\u043e\u043e\u0431\u0449\u0438\u043b, \u0447\u0442\u043e MacOS Big Sur \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445 \u043a \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044e \u0425\u0438\u043a\u043a\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0440\u0430\u0431\u043e\u0442\u043e\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f macOS \u043e\u0442 Apple \u043e\u0448\u0438\u0431\u043a\u0443 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442. \u0412\u0438\u0434\u0438\u043c\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043f\u0430\u0442\u0447.", "creation_timestamp": "2021-02-03T09:49:03.000000Z"}, {"uuid": "d6cfaca9-af6d-4c9a-8429-4053c5ef5ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/1418", "content": "\u200b\u200b\u0420\u043e\u0432\u043d\u043e \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 macOS \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-3156 aka Baron Samedit \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043b\u044e\u0431\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0440\u0443\u0442\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u042d\u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u043e \u043d\u0435 RCE, \u043d\u043e \u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0433\u043e \u0442\u043e\u0436\u0435 \u043c\u0430\u043b\u043e. \n\n\u0425\u043e\u0440\u043e\u0448\u0430\u044f \u043d\u043e\u0432\u043e\u0441\u0442\u044c - Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f macOS Big Sur, Catalina \u0438 Mojave, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u043e\u0448\u0438\u0431\u043a\u0443. \n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 macOS \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2021-02-10T08:03:55.000000Z"}, {"uuid": "b8f76c07-f1f5-40a7-bcbd-e7c85525ca02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/1372", "content": "\u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Qualys, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u044f\u0432\u043d\u044b\u0435 \u043a\u043e\u0441\u044f\u043a\u0438 \u0441 SolarWinds Orion, \u0443\u043c\u0435\u0435\u0442 \u0438 \u0432 \u0445\u043e\u0440\u043e\u0448\u0438\u0439 \u0438\u043d\u0444\u043e\u0441\u0435\u043a.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u044e\u0431\u044b\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0430\u0436 \u0441 \u0438\u044e\u043b\u044f 2011 \u0433\u043e\u0434\u0430. \u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 CVE-2021-3156 \u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Baron Samedit.\n\nQualys \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0442\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0440\u0443\u0442\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u0432 Ubuntu 20.04, Debian 10 \u0438 Fedora 33. \u041a\u0430\u043a \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0435\u0439 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 nix-\u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c sudo \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.9.5p2, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0448\u043b\u0430 \u0432\u0447\u0435\u0440\u0430.", "creation_timestamp": "2021-01-27T13:50:05.000000Z"}, {"uuid": "e7377b53-00a5-46eb-85dc-360882149093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31567", "type": "seen", "source": "https://t.me/cibsecurity/36480", "content": "\u203c CVE-2021-31567 \u203c\n\nAuthenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T22:21:59.000000Z"}, {"uuid": "108d309f-b0a1-4f87-90b2-f98273b05837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/alexpolyarny/57f43c066e9cb8be3a2418763cab2f75", "content": "", "creation_timestamp": "2026-04-30T15:29:18.000000Z"}, {"uuid": "fcaeb227-5500-449a-886f-95f7401069a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/4_8a_MkvOFnrbdUYNrDIriL7lct5WgzqHUY09JdVCm76MA", "content": "", "creation_timestamp": "2021-02-27T14:23:48.000000Z"}, {"uuid": "815fa54f-8b0a-4c06-b8f0-a444b66e305d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2807", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 22-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-3177 - Python3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2021-21973 - VMware vCenter SSRF\nhttps://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1\nCVE-2017-0005 - Windows GDI EoP\nhttps://t.me/cybersecuritytechnologies/443\nCVE-2021-24093 - Win Graph. Component RCE\nhttps://t.me/cybersecuritytechnologies/2806\nCVE-2021-25281/25282 - SaltStack Exploit\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-25281\nCVE-2018-19518 - PHP IMAP Vuln.\nhttps://t.me/cybersecuritytechnologies/1649", "creation_timestamp": "2021-03-01T11:00:27.000000Z"}, {"uuid": "d1195315-2a20-4c22-965b-99bbce73376e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/cibsecurity/22691", "content": "\u203c CVE-2021-3156 \u203c\n\nSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-27T00:36:47.000000Z"}, {"uuid": "ad2ad608-a40e-41a4-960f-e224317c88e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/thehackernews/1030", "content": "Apple releases a security patch for 10-year-old macOS SUDO root privilege escalation vulnerability, tracked as CVE-2021-3156, and also called \"Baron Samedit.\"\n\nRead details \u2014 https://thehackernews.com/2021/02/apple-patches-10-year-old-macos-sudo.html", "creation_timestamp": "2021-02-10T11:35:33.000000Z"}, {"uuid": "a4ee4dc6-f936-4b77-a691-8202a6f0e2db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31562", "type": "seen", "source": "https://t.me/cibsecurity/36049", "content": "\u203c CVE-2021-31562 \u203c\n\nThe SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T22:13:42.000000Z"}, {"uuid": "03d94c43-565e-41f2-b8b1-5301649369d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/bY_MpS1ko59Bih8aJrT0olVpy6o50zhn89cufYuKiR0JOQ", "content": "", "creation_timestamp": "2021-01-27T16:41:29.000000Z"}, {"uuid": "636a8372-b3ec-4f54-8ec6-50ddd80615fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/itsecalert/130", "content": "\u26a0\ufe0fBuffer overflow in sudo (linux utility) - \u2757\ufe0f affects most distributions/versions - CVE-2021-3156\nWhile a local user is required to exploit this vulnerability, even the account 'nobody' can exploit this vulnerability. An unprivileged user can gain root privileges on affected hosts!\n\nCheck if you are affected!\nTo check if you are affected, run sudoedit -s / as non-root user. If the response is sudoedit: your system is vulnerable.\n\nThe following \"sudo\" versions are vulnerable\n* All legacy versions from 1.8.2 to 1.8.31p2\n* All stable versions from 1.9.0 to 1.9.5p1\n\nSeverity: \ud83d\udd38High\n\nAdditional information\nhttps://yt.gl/sudobufferoverflow\n\n#alert #severityHigh #vulnerability #linux #sudo \n\n\ud83c\udf1f Feel free to discuss this issue in @itsectalk \ud83d\udc4d Please vote if this information was helpful to you.", "creation_timestamp": "2021-01-27T10:50:52.000000Z"}, {"uuid": "e8145227-f0f4-4c44-9763-061a53b107a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2577", "content": "#exploit\nCVE-2021-3156 (\"Baron Samedit\"):\nHeap-Based Buffer Overflow in Sudo\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit\n// affects all legacy versions from 1.8.2 to 1.8.31p2, all stable versions from 1.9.0 to 1.9.5p1 in their default configuration", "creation_timestamp": "2024-10-09T19:50:12.000000Z"}, {"uuid": "708be98a-a3db-4960-9a24-f07e197cd2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2605", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (january 1-31)\nCVE-2021-3156:\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-16875:\nhttps://t.me/cybersecuritytechnologies/1751\nCVE-2020-29583:\nhttps://t.me/cybersecuritytechnologies/2386\nCVE-2021-2109:\nhttps://t.me/cybersecuritytechnologies/2540\nCVE-2020-17519:\nhttps://t.me/cybersecuritytechnologies/2473\nCVE-2020-25684/25685/25686:\nhttps://t.me/cybersecuritytechnologies/2534\nCVE-2021-3011:\nhttps://t.me/cybersecuritytechnologies/2447", "creation_timestamp": "2025-01-04T20:01:45.000000Z"}, {"uuid": "2c31665c-0efb-48d8-a9c2-c4eff16ea61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2661", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 1-7)\nCVE-2020-1350 - Exploit SIGRed/Windows DNS Server RCE\nhttps://t.me/cybersecuritytechnologies/1422\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-7961 - Arbitrary code execution via JSONWS\nhttps://t.me/cybersecuritytechnologies/869\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2019-9041 - ZzzCMS RCE\nhttps://mobile.twitter.com/i/web/status/1357931580098899970\nCVE-2021-22122 - XSS vulnerability in FortiWeb\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-22122\nCVE-2019-5127 - A cmd injection in YouPHPTube Encoder\nhttps://mobile.twitter.com/i/web/status/1357546718821142528\nCVE-2020-17523 - Apache Shiro pathMatches Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/2650", "creation_timestamp": "2024-05-22T06:15:17.000000Z"}, {"uuid": "2ed80b67-8c8b-4a16-813c-d7d90a19f1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2955", "content": "#Analytics\n10 most exploited vulnerabilities of the week (march 15 - 21)\nCVE-2021-26855/27065 - ProxyLogon MS Exchange Server RCE\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-22986/22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-27076 - A Replay-style Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-21193:\nGoogle Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-27076:\nReplay Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-27889, CVE-2021-27890:\nMyBB RCE Chain\nhttps://blog.sonarsource.com/mybb-remote-code-execution-chain", "creation_timestamp": "2021-03-29T05:54:18.000000Z"}, {"uuid": "d49c57aa-f21a-453f-85a9-52ac65b999b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3219", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 19-25)\nCVE-2021-3156 Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 Win kernel 0-day\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-22893 Pulse SecureVPN RCE\nhttps://t.me/cybersecuritytechnologies/3185\nCVE-2021-22204 Improper neutralization of user data in DjVu\nhttps://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800\nCVE-2021-26415 Win Installer EoP\nhttps://t.me/cybersecuritytechnologies/3186\nCVE-2021-3493 OverlayFS PE\nhttps://t.me/cybersecuritytechnologies/3164\nCVE-2021-26413 Win Installer Spoofing\nhttps://t.me/cybersecuritytechnologies/3176\nCVE-2016-7836 SKYSEA Client View Arbitrary Code Exec\nhttps://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software\nCVE-2021-27905 Apache Solr SSRF\nhttps://t.me/cybersecuritytechnologies/3213", "creation_timestamp": "2021-04-26T11:02:21.000000Z"}, {"uuid": "6d974098-b5d4-4f46-878d-0a5b84d71478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2815", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (feb 1-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2021-24074, CVE-2021-24094, CVE-2021-24086 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday", "creation_timestamp": "2021-03-03T05:37:03.000000Z"}, {"uuid": "b3475a40-433e-4139-9e1e-1cd35a794f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2712", "content": "#Blue_Team_Techniques\n1. Auditd CVE 2021-3156\nhttps://www.archcloudlabs.com/projects/auditd-cve-2021-3156\n2. Linux IPC inspection tool\nhttps://github.com/guardicore/ipcdump", "creation_timestamp": "2021-02-15T12:00:33.000000Z"}, {"uuid": "2a6dc345-51d8-4e5d-9a64-1b023128d058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2708", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 8-14)\nCVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT in targeted attack\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2020-2037 - Palo Alto PAN-OS vulnerability\nhttps://t.me/cybersecuritytechnologies/2687\nCVE-2021-24074, CVE-2021-24086, CVE-2021-24094 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE vulnerability\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-21017 - Acrobat Reader DC\u00a0a heap-based buffer overflow vulnerability\nhttps://threatpost.com/critical-adobe-windows-flaw/163789\nCVE-2020-24581 - D-Link DSL-2888A AU_2.31_V1x - RCE\nhttps://t.me/cybersecuritytechnologies/2670", "creation_timestamp": "2021-02-15T11:00:19.000000Z"}, {"uuid": "f9aaf8c1-5934-4aab-b3e3-cbfe8db80178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2759", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 15-21)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1647 - MS Defender RCE Vulnerability\nhttps://www.anquanke.com/post/id/231625\nCVE-2020-10759 - Dazed Blesbok\nhttps://t.me/cybersecuritytechnologies/1243\nCVE-2021-21976 - VMware Post-Auth RCE in vSphere Replication\nCVE-2021-3177 - Python 3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2020-8625 - A vulnerability in BIND's GSSAPI\nhttps://kb.isc.org/docs/cve-2020-8625\nCVE-2021-20655\nhttps://jvn.jp/en/jp/JVN58774946/index.html\nCVE-2021-1366 - A vulnerability in the interprocess communication channel of Cisco AnyConnect Secure Client\nhttps://www.coresecurity.com/core-labs/articles/analysis-cisco-anyconnect-posture-hostscan-local-privilege-escalation-cve-2021", "creation_timestamp": "2021-02-22T14:45:11.000000Z"}, {"uuid": "314980f8-bc4e-45b0-aa30-d2bcb7a977e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/alexpolyarny/91b373b7118a0abcbd4bfeac4a2d9236", "content": "", "creation_timestamp": "2026-04-30T15:27:08.000000Z"}, {"uuid": "aaf34067-07c1-4498-8ebf-ab615e893c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/LearnExploit/1950", "content": "CVE-2021-3156\n\n\u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc Root \u0628\u06af\u06cc\u0631\u06cc\u062f !\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0633\u0631\u0631\u06cc\u0632\u0650 \u0628\u0627\u0641\u0631 \u0647\u06cc\u067e \u062f\u0631 sudo \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0648\u062a \u0628\u06af\u06cc\u0631\u0646\u062f . \n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc sudo ( \u0627\u0632 1.8.2 \u062a\u0627  1.8.31p2 ) \u0648 \u062a\u0645\u0627\u0645 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u067e\u0627\u06cc\u062f\u0627\u0631 \u0622\u0646 ( \u0627\u0632 1.9.0 \u062a\u0627 1.9.5p1 ) \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc \u06af\u06cc\u0631\u0646\u062f. \n\n\u067e\u06cc\u0634\u0646\u0647\u0627\u062f \u0645\u06cc\u0634\u0647 \u0647\u0631\u0686\u06cc \u0633\u0631\u06cc\u0639 \u062a\u0631 sudo  \u0631\u0648 \u0627\u0632 \u0644\u06cc\u0646\u06a9\u06cc \u06a9\u0647 \u067e\u0627\u06cc\u06cc\u0646 \u0647\u0633\u062a  \u0628\u0647 \u0646\u0633\u062e\u0647 1.9.5p2 \u0622\u067e\u062f\u06cc\u062a \u06a9\u0646\u06cc\u062f . \n\nCVE-2021-3156\n\nSudo \n\niliyahr\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2021-01-28T13:11:39.000000Z"}, {"uuid": "b4c5efb7-9c8e-4883-a4eb-7ff72f45c4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/dc7342/39207", "content": "\u041a\u0430\u043a\u0430\u044f \u043f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-28T02:13:09.000000Z"}, {"uuid": "71ed0c26-a9d6-4bd5-8f3a-f011ee1e048c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/dc7342/39216", "content": "PoC \u043d\u0430 sudo https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156", "creation_timestamp": "2021-01-30T07:06:12.000000Z"}]}