{"vulnerability": "CVE-2023-3854", "sightings": [{"uuid": "60fb107a-44a1-4c0e-899a-726ea2402822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/tradebot-elastic/0443cfb5016bed103f1940b2f336e45a", "content": "", "creation_timestamp": "2025-01-09T15:31:50.000000Z"}, {"uuid": "d5b5ca81-3a84-4217-ab7a-eda0d696a45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd", "content": "", "creation_timestamp": "2025-06-28T20:57:49.000000Z"}, {"uuid": "737b50cb-3a16-4192-b4cc-fecf97505e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/", "content": "", "creation_timestamp": "2025-07-14T08:38:17.000000Z"}, {"uuid": "c425fa7c-0b7a-4448-bc53-a8f42b2d7b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "b105d26b-baa1-49e5-ad1a-4f258f487236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "cabe9de7-7a7f-49a4-af77-4e1f8f9c0db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/bobjoe12131/4e0ac62f13008f440485d3f8f892a161", "content": "", "creation_timestamp": "2025-07-18T20:50:25.000000Z"}, {"uuid": "a2a9df87-1785-4a61-836a-5b3e266e3e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://bsky.app/profile/awesomeredshirt.bsky.social/post/3lu3sv7ywok2v", "content": "", "creation_timestamp": "2025-07-16T16:16:18.599513Z"}, {"uuid": "9ee15ef9-510d-489f-9301-bda8027ade3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-04", "content": "", "creation_timestamp": "2026-02-12T11:00:00.000000Z"}, {"uuid": "b9839440-83f7-4933-9908-ca94a6f2526b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/Deepam0404/c4435cc2480483840eb211ebef4d45a8", "content": "", "creation_timestamp": "2025-11-19T12:07:04.000000Z"}, {"uuid": "e838b227-95c0-49da-bae8-1f8e19570338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mej654xs632q", "content": "", "creation_timestamp": "2026-02-10T14:25:16.131221Z"}, {"uuid": "6cfd6976-88ce-454c-af10-b8030795128d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/Metis-Intel/b94dbfe682c0d50d18e127d4891208cb", "content": "", "creation_timestamp": "2025-12-16T03:39:35.000000Z"}, {"uuid": "040255ee-8253-4725-893c-ed1a516476f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11692", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 How Serious Is The New Curl [CVE-2023-38545] Vulnerability?\n\nhttps://www.intruder.io/blog/curl-high-rated-cve-2023-38545", "creation_timestamp": "2023-10-12T16:04:34.000000Z"}, {"uuid": "672f7875-5063-4d8c-9d79-4547421bbb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://gist.github.com/alon710/f036a2e055d7cdfc182a0c45f1513c3f", "content": "", "creation_timestamp": "2026-02-18T15:40:40.000000Z"}, {"uuid": "96b989ca-6051-41ea-9366-fdd0d3da7673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "ad1bc389-2cbd-4ccb-82b3-8dc28c913a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "3df0d14e-a0d6-4311-92a0-c04db1503c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38543", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/547", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38543\n\ud83d\udd39 Description: A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.\n\ud83d\udccf Published: 2023-11-14T23:18:08.348Z\n\ud83d\udccf Modified: 2025-01-07T18:57:48.609Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release\n2. https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver", "creation_timestamp": "2025-01-07T19:40:33.000000Z"}, {"uuid": "4108da7c-b145-43a4-a716-ef001c6930d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5438", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-38545 POC for the curl command line tool\nURL\uff1ahttps://github.com/dbrugman/CVE-2023-38545-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-16T10:13:51.000000Z"}, {"uuid": "c762d39b-a9de-43f8-a979-906e836001ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5450", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA proof of concept for testing CVE-2023-38545 against local curl\nURL\uff1ahttps://github.com/bcdannyboy/CVE-2023-38545\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-16T16:21:17.000000Z"}, {"uuid": "3e607112-2835-44cd-8728-6bd02869ebaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/BleepingComputer/18525", "content": "\u200aHyped up curl vulnerability falls short of expectations\n\ncurl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw's severity. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hyped-up-curl-vulnerability-falls-short-of-expectations/", "creation_timestamp": "2023-10-12T17:50:54.000000Z"}, {"uuid": "c2fdb887-8886-4be1-85a4-4367ed2f390c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/BleepingComputer/18524", "content": "Latest news and stories from BleepingComputer.com\nHyped up curl vulnerability falls short of expectations\n\ncurl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw's severity. [...]", "creation_timestamp": "2023-10-12T17:09:11.000000Z"}, {"uuid": "36c48482-49dd-4bac-ae4a-cbd0e166a5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/kasperskyb2b/921", "content": "\ud83e\udd2f  \u0422\u0435\u043f\u0435\u0440\u044c \u0438 curl\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 curl \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 8.4.0 \u043d\u0430 11 \u043e\u043a\u0442\u044f\u0431\u0440\u044f. \u0410\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u0444\u0438\u043a\u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438   CVE-2023-38545 \u0432 curl \u0438 libcurl.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e curl \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0432\u0435\u0437\u0434\u0435, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u0435 \u0443 \u0440\u0435\u0434\u0430\u043a\u0446\u0438\u0438 @\u041f2\u0422 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u043a\u0430\u043a \u043d\u0430 \u043a\u0430\u0440\u0442\u0438\u043d\u043a\u0435.", "creation_timestamp": "2023-10-05T15:34:35.000000Z"}, {"uuid": "bf66071b-ee33-4837-b01e-3226c522bd85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/arpsyndicate/836", "content": "#ExploitObserverAlert\n\nCVE-2023-38545\n\nDESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-38545. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.  When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes.  If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there.  The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.\n\nFIRST-EPSS: 0.000650000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-01T07:19:18.000000Z"}, {"uuid": "360bfc8a-55fc-473d-9c94-ed46e32dec80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/ctinow/151197", "content": "https://ift.tt/EvtASDu\nInternet Bug Bounty: [CVE-2023-38546] cookie injection with none file", "creation_timestamp": "2023-11-23T03:23:03.000000Z"}, {"uuid": "1d9bda59-2733-44e0-97a9-89c524aa8650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/143358", "content": "https://ift.tt/qTOQupm\ncurl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet", "creation_timestamp": "2023-10-16T14:53:05.000000Z"}, {"uuid": "7225238c-f572-4b96-b6bb-0fede1df95c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/142718", "content": "https://ift.tt/bSCI9dE\nCVE-2023-38545 Curl Vulnerability Details Finally Released", "creation_timestamp": "2023-10-12T03:49:07.000000Z"}, {"uuid": "a293839c-2685-477d-95df-fc3326440dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/ctinow/142676", "content": "https://ift.tt/LMez73f\ncurl: CVE-2023-38546: cookie injection with none file", "creation_timestamp": "2023-10-11T22:22:32.000000Z"}, {"uuid": "496cde0f-728b-4d8b-b3ad-e8c66a347c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/142546", "content": "https://ift.tt/8xBrCMe\nCVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?, (Wed, Oct 11th)", "creation_timestamp": "2023-10-11T15:12:00.000000Z"}, {"uuid": "4acc3f1d-6fc7-424c-86d9-6a128d12f94e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/142472", "content": "https://ift.tt/9FG6gpt\ncurl: CVE-2023-38545: socks5 heap buffer overflow", "creation_timestamp": "2023-10-11T10:02:57.000000Z"}, {"uuid": "1b19d7de-9cee-4259-bfc9-26a0bc7e7e0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/142516", "content": "https://ift.tt/ohWfnLX\nCurl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)", "creation_timestamp": "2023-10-11T13:23:23.000000Z"}, {"uuid": "6f88a97d-5e88-438a-8831-ee4bb8770705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/141533", "content": "https://ift.tt/IVwo5eB\nThe \u201cMost Dangerous\u201d Curl Vulnerability in Years: What You Need to Know About CVE-2023-38545", "creation_timestamp": "2023-10-06T00:07:29.000000Z"}, {"uuid": "46d033e3-86f3-4b88-8cc5-503676509e97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "Telegram/Dm2_Oh_8IJm32r8Ma3T2W_PKYczVaXynvFTeduspmbak", "content": "", "creation_timestamp": "2023-10-22T23:13:34.000000Z"}, {"uuid": "9a2d46b2-9ef6-44bd-b25d-e255d57ca4f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/cibsecurity/72484", "content": "\u203c CVE-2023-38546 \u203c\n\nThis flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met.libcurl performs transfers. In its API, an application creates \"easy handles\"that are the individual handles for single transfers.libcurl provides a function call that duplicates en easy handle called[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).If a transfer has cookies enabled when the handle is duplicated, thecookie-enable state is also cloned - but without cloning the actualcookies. If the source handle did not read any cookies from a specific file ondisk, the cloned version of the handle would instead store the file name as`none` (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source toload cookies from would then inadvertently load cookies from a file named`none` - if such a file exists and is readable in the current directory of theprogram using libcurl. And if using the correct file format of course.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T07:33:31.000000Z"}, {"uuid": "3579cfc1-cf08-449c-8865-afc2dbed1357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "Telegram/Kx47TlCntu1490zorZUl0W9pF3C_SX_UWayw0MQ5q-BW4Q", "content": "", "creation_timestamp": "2023-10-09T14:40:30.000000Z"}, {"uuid": "3156f210-c185-47d6-9787-5723d2928821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "Telegram/Kx47TlCntu1490zorZUl0W9pF3C_SX_UWayw0MQ5q-BW4Q", "content": "", "creation_timestamp": "2023-10-09T14:40:30.000000Z"}, {"uuid": "95725e6b-975b-4369-8641-e1fcdced425b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "Telegram/FUmCrmhWwvP-ORi_dMRlBZU3S3dLdvxCoSlYA2gHn_cN2A", "content": "", "creation_timestamp": "2023-10-12T08:03:11.000000Z"}, {"uuid": "b171f6f8-d30d-4a59-bcf2-5bc9ca9b2800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/cibsecurity/72480", "content": "\u203c CVE-2023-38545 \u203c\n\nThis flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means \"let the host resolve the name\" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T07:33:27.000000Z"}, {"uuid": "ed3556b7-2b20-4b3e-906b-0906b57cd62b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38547", "type": "seen", "source": "Telegram/sEqbKLGxSNqwfQkozcbXznYuS4esISD7umc3F1o2oSNAqg", "content": "", "creation_timestamp": "2023-11-07T07:17:43.000000Z"}, {"uuid": "42fb668c-d144-4595-b8d8-7585428fe5d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "Telegram/FUmCrmhWwvP-ORi_dMRlBZU3S3dLdvxCoSlYA2gHn_cN2A", "content": "", "creation_timestamp": "2023-10-12T08:03:11.000000Z"}, {"uuid": "f3452634-16e8-4e24-bf10-b4b44cd6c2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/KomunitiSiber/920", "content": "Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released\nhttps://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html\n\nPatches have been released for\u00a0two security flaws\u00a0impacting the Curl data transfer library, the most severe of which could potentially result in code execution.\nThe list of vulnerabilities is as follows -\n\nCVE-2023-38545\u00a0(CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability\nCVE-2023-38546\u00a0(CVSS score: 5.0) - Cookie injection with none file\n\nCVE-2023-38545 is the more severe of the", "creation_timestamp": "2023-10-12T06:57:55.000000Z"}, {"uuid": "d675c5bb-a225-4ea8-bfb1-932a12a1ebf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3447", "content": "https://github.com/d0rb/CVE-2023-38545\n\nsocks5 heap buffer overflow", "creation_timestamp": "2023-10-18T08:33:12.000000Z"}, {"uuid": "67d567fb-0f72-4ac7-ad10-0c2cb288c05e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38547", "type": "seen", "source": "https://t.me/KomunitiSiber/1033", "content": "Critical Flaws Discovered in Veeam ONE IT Monitoring Software \u2013 Patch Now\nhttps://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html\n\nVeeam has released\u00a0security updates\u00a0to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity.\nThe list of vulnerabilities is as follows -\n\nCVE-2023-38547\u00a0(CVSS score: 9.9) - An unspecified flaw that can be leveraged by an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration", "creation_timestamp": "2023-11-07T06:30:59.000000Z"}, {"uuid": "dc9c3eb9-814a-4e59-a37b-0057d43b3669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/KomunitiSiber/920", "content": "Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released\nhttps://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html\n\nPatches have been released for\u00a0two security flaws\u00a0impacting the Curl data transfer library, the most severe of which could potentially result in code execution.\nThe list of vulnerabilities is as follows -\n\nCVE-2023-38545\u00a0(CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability\nCVE-2023-38546\u00a0(CVSS score: 5.0) - Cookie injection with none file\n\nCVE-2023-38545 is the more severe of the", "creation_timestamp": "2023-10-12T06:57:55.000000Z"}, {"uuid": "00de02b8-1f71-4103-8494-cb32ba3775e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/KomunitiSiber/902", "content": "Security Patch for Two New Flaws in Curl Library Arriving on October 11\nhttps://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html\n\nThe maintainers of the\u00a0Curl library\u00a0have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023.\nThis\u00a0includes\u00a0a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.\nAdditional details about the issues and the exact version ranges", "creation_timestamp": "2023-10-09T13:49:46.000000Z"}, {"uuid": "2f185614-02eb-4071-96f2-0794ce1500ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/KomunitiSiber/902", "content": "Security Patch for Two New Flaws in Curl Library Arriving on October 11\nhttps://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html\n\nThe maintainers of the\u00a0Curl library\u00a0have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023.\nThis\u00a0includes\u00a0a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.\nAdditional details about the issues and the exact version ranges", "creation_timestamp": "2023-10-09T13:49:46.000000Z"}, {"uuid": "17fe3856-1468-40bc-ae94-b3bc491f8e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/proxy_bar/1755", "content": "VULN in CURL\nget CVE-2023-38545 - \u043f\u043e\u0438\u0433\u0440\u0430\u0442\u044c\u0441\u044f (\u0441\u0435\u0433\u043e\u0434\u043d\u044f patch)\n\n#curl", "creation_timestamp": "2023-10-11T07:49:21.000000Z"}, {"uuid": "2207904a-0048-44c1-9d56-306ae169f667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/180299", "content": "https://ift.tt/2qsDdPa\nCVE-2023-38545 | Oracle Essbase 21.5.3.0.0 Essbase Web Platform out-of-bounds write", "creation_timestamp": "2024-02-06T20:46:42.000000Z"}, {"uuid": "d1f293a8-2a8c-4c47-9aee-dec631821137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/true_secator/4944", "content": "\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0441\u043d\u043e\u0432\u043e\u0439 \u0434\u043b\u044f \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a SSL, TLS, HTTP, FTP, SMTP, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f. \n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043d\u0435\u0431\u0435\u0437\u044b\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c curl, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438 \u0438 \u0441\u0438\u0441\u0430\u0434\u043c\u0438\u043d\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 API, \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0441\u0440\u0435\u0434\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447 \u0432 \u0441\u0435\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u041d\u0430 GitHub \u0441\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u044f\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2023-38545 \u0438 \u0434\u043b\u044f \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b CVE-2023-38546. \n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 curl \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e 11 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0434\u043b\u044f \u043e\u0431\u0435\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c. \u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, CVE-2023-38545 \u0432\u043b\u0438\u044f\u0435\u0442 \u043a\u0430\u043a \u043d\u0430 curl, \u0442\u0430\u043a \u0438 \u043d\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 libcurl, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a CVE-2023-38546 \u0432\u043b\u0438\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443.\n\n\u0421\u0430\u043c\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2023-38545 \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 curl \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f. \n\n\u041a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u044e\u0442\u0441\u044f \u0432 \u0446\u0435\u043b\u044f\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u0447\u0442\u043e \u0434\u0435\u0440\u0436\u0438\u043c \u0443\u0445\u043e \u0432\u043e\u0441\u0442\u0440\u043e \u0438 \u0436\u0434\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.", "creation_timestamp": "2023-10-09T19:38:29.000000Z"}, {"uuid": "8007c956-1a54-40c5-8a64-45de52271a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/true_secator/4944", "content": "\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0441\u043d\u043e\u0432\u043e\u0439 \u0434\u043b\u044f \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a SSL, TLS, HTTP, FTP, SMTP, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f. \n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043d\u0435\u0431\u0435\u0437\u044b\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c curl, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438 \u0438 \u0441\u0438\u0441\u0430\u0434\u043c\u0438\u043d\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 API, \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0441\u0440\u0435\u0434\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447 \u0432 \u0441\u0435\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u041d\u0430 GitHub \u0441\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u044f\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2023-38545 \u0438 \u0434\u043b\u044f \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b CVE-2023-38546. \n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 curl \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e 11 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0434\u043b\u044f \u043e\u0431\u0435\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c. \u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, CVE-2023-38545 \u0432\u043b\u0438\u044f\u0435\u0442 \u043a\u0430\u043a \u043d\u0430 curl, \u0442\u0430\u043a \u0438 \u043d\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 libcurl, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a CVE-2023-38546 \u0432\u043b\u0438\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443.\n\n\u0421\u0430\u043c\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2023-38545 \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 curl \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f. \n\n\u041a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u044e\u0442\u0441\u044f \u0432 \u0446\u0435\u043b\u044f\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u0447\u0442\u043e \u0434\u0435\u0440\u0436\u0438\u043c \u0443\u0445\u043e \u0432\u043e\u0441\u0442\u0440\u043e \u0438 \u0436\u0434\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.", "creation_timestamp": "2023-10-09T19:38:29.000000Z"}, {"uuid": "45a8978d-34bd-4bb4-9074-67bc370ebe1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38547", "type": "seen", "source": "https://t.me/true_secator/5055", "content": "Veeam \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Veeam ONE, \u0434\u0432\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 RCE (9,8 \u0438 9,9/10 \u0431\u0430\u0437\u043e\u0432\u044b\u0445 \u043e\u0446\u0435\u043d\u043e\u043a CVSS).\n\nCVE-2023-38547 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438 \u0441 SQL-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 Veeam ONE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-38548 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u043a\u043b\u0438\u0435\u043d\u0442\u0443 Veeam ONE - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c NTLM-\u0445\u0435\u0448 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-38549), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2023-41723 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0430\u0441\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 (\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f).\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Veeam ONE \u0432\u043f\u043b\u043e\u0442\u044c \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Veeam ONE 12 P20230314 (12.0.1.2591), Veeam ONE 11a\u00a0(11.0.1.1880) \u0438 Veeam ONE 11\u00a0(11.0.0.1379).\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 450 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Fortune 500 \u0438 Global 2000, \u0442\u043e \u0441\u043a\u043e\u0440\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2023-11-07T16:20:06.000000Z"}, {"uuid": "ab2bef7b-5a66-405b-8898-6adfa787ff26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38548", "type": "seen", "source": "https://t.me/true_secator/5055", "content": "Veeam \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Veeam ONE, \u0434\u0432\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 RCE (9,8 \u0438 9,9/10 \u0431\u0430\u0437\u043e\u0432\u044b\u0445 \u043e\u0446\u0435\u043d\u043e\u043a CVSS).\n\nCVE-2023-38547 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438 \u0441 SQL-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 Veeam ONE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-38548 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u043a\u043b\u0438\u0435\u043d\u0442\u0443 Veeam ONE - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c NTLM-\u0445\u0435\u0448 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-38549), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2023-41723 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0430\u0441\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 (\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f).\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Veeam ONE \u0432\u043f\u043b\u043e\u0442\u044c \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Veeam ONE 12 P20230314 (12.0.1.2591), Veeam ONE 11a\u00a0(11.0.1.1880) \u0438 Veeam ONE 11\u00a0(11.0.0.1379).\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 450 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Fortune 500 \u0438 Global 2000, \u0442\u043e \u0441\u043a\u043e\u0440\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2023-11-07T16:20:06.000000Z"}, {"uuid": "610b5add-f43a-4d3a-a371-fd83152a0a7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38549", "type": "seen", "source": "https://t.me/true_secator/5055", "content": "Veeam \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Veeam ONE, \u0434\u0432\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 RCE (9,8 \u0438 9,9/10 \u0431\u0430\u0437\u043e\u0432\u044b\u0445 \u043e\u0446\u0435\u043d\u043e\u043a CVSS).\n\nCVE-2023-38547 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438 \u0441 SQL-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 Veeam ONE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-38548 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u043a\u043b\u0438\u0435\u043d\u0442\u0443 Veeam ONE - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c NTLM-\u0445\u0435\u0448 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-38549), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2023-41723 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0430\u0441\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 (\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f).\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Veeam ONE \u0432\u043f\u043b\u043e\u0442\u044c \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Veeam ONE 12 P20230314 (12.0.1.2591), Veeam ONE 11a\u00a0(11.0.1.1880) \u0438 Veeam ONE 11\u00a0(11.0.0.1379).\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 450 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Fortune 500 \u0438 Global 2000, \u0442\u043e \u0441\u043a\u043e\u0440\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2023-11-07T16:20:06.000000Z"}, {"uuid": "8d338094-ea2c-4cbf-b3ac-b768a726edcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38541", "type": "seen", "source": "https://t.me/ctinow/185707", "content": "https://ift.tt/SlIm9h4\nCVE-2023-38541 | Intel HID Event Filter Driver prior 2.2.2.1 on Win10 insecure inherited permissions (intel-sa-00964)", "creation_timestamp": "2024-02-15T17:26:24.000000Z"}, {"uuid": "306df521-5e94-46af-a89e-b8ffcee47842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/182226", "content": "https://ift.tt/wyqjD5O\nCVE-2023-38545 | Oracle MySQL Cluster 8.0.34 and prior/8.1.0 out-of-bounds write", "creation_timestamp": "2024-02-09T19:57:13.000000Z"}, {"uuid": "fa99555e-7368-47f1-ad3c-c4b2f15d3159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/180229", "content": "https://ift.tt/T9smRou\nCVE-2023-38545 | Oracle Database up to 19.21/21.12/23.3 Oracle Spatial/Graph denial of service", "creation_timestamp": "2024-02-06T18:41:43.000000Z"}, {"uuid": "fe476876-b52c-4acc-bd16-48c91c65190b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/ctinow/181756", "content": "https://ift.tt/JyUgNwi\nCVE-2023-38545 | Oracle HTTP Server 12.2.1.4.0 Third Party out-of-bounds write", "creation_timestamp": "2024-02-09T01:46:30.000000Z"}, {"uuid": "07bf8025-cc6a-4128-ad66-4a0bd7d9d835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38541", "type": "seen", "source": "https://t.me/ctinow/170412", "content": "https://ift.tt/XQqZ51a\nCVE-2023-38541", "creation_timestamp": "2024-01-19T21:27:21.000000Z"}, {"uuid": "dbcc7d2c-7550-428f-8586-ae6d8774d82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/thehackernews/3996", "content": "\ud83d\udce2 Security Advisory : Two major security flaws in the Curl data transfer library exposed. CVE-2023-38545, the worst of them, could lead to code execution. \n \nLearn more about them here: https://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html \n \nPatch your systems and software immediately.", "creation_timestamp": "2023-10-12T06:43:32.000000Z"}, {"uuid": "b60aae59-8429-4298-9e99-103b88fa4176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/GDSpace/962", "content": "\u041f\u0440\u043e\u0436\u0435\u043a\u0442\u043e\u0440 \u043f\u043e \u0418\u0411, \u0432\u044b\u043f\u0443\u0441\u043a \u21166 (08.10.2023). \u0417\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u044d\u043f\u0438\u0437\u043e\u0434. \u0412 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043c\u044b \u0433\u043e\u0432\u043e\u0440\u0438\u043b\u0438 \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0438.\n\n\u041c\u044b \u044d\u0442\u043e:\n\n\ud83d\udd38 \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u041b\u0435\u043e\u043d\u043e\u0432, \"\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043f\u0440\u043e\u0447\u0435\u0435\"\n\ud83d\udd38 \u041b\u0435\u0432 \u041f\u0430\u043b\u0435\u0439, \"\u0412\u0435\u0441\u0442\u0438 \u0438\u0437 \u041f\u0430\u043b\u0435\u0439\"\n\ud83d\udd38 \u041c\u0430\u043a\u0441\u0438\u043c \u0425\u0430\u0440\u0430\u0441\u043a, \"Global Digital Space\"\n\n00:00 \u0417\u0434\u043e\u0440\u043e\u0432\u0430\u0435\u043c\u0441\u044f, \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430\u043c \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430\n02:18 \u0421\u0430\u0448\u0430 \u0432\u044b\u0448\u0435\u043b \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 \u0432 Positive Technologies \u0438 \u0447\u0435\u043c \u0436\u0435 \u043e\u043d \u0442\u0430\u043c \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043d\u0438\u043c\u0430\u0442\u044c\u0441\u044f\n04:50 RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Exim (CVE-2023-42115)\n08:16 SSRF/RCE \u0432 TorchServe (CVE-2023-43654, CVE-2022-1471), ShellTorch\n12:05 \u0412 Cisco Emergency Responder \u043d\u0430\u0448\u043b\u0438 root-\u043e\u0432\u044b\u0435 \u0443\u0447\u0451\u0442\u043a\u0438 \u0441 \u0437\u0430\u0445\u0430\u0440\u0434\u043a\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0430\u0440\u043e\u043b\u044f\u043c\u0438 (CVE-2023-20101)\n16:44 \u041d\u043e\u0432\u044b\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 OpenPubkey\n17:56 EoP \u0438\u043b\u0438 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Atlassian Confluence (CVE-2023-22515)\n23:42 \u0413\u0440\u044f\u0434\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c cURL \u0438 libcurl (CVE-2023-38545)\n27:07 \u041d\u043e\u0432\u0430\u044f bug bounty \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u041c\u0438\u043d\u0446\u0438\u0444\u0440\u044b\n30:32 \u0421\u0438\u0441\u0442\u0435\u043c\u0430 \u0431\u0440\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \"\u041b\u0435\u043e\u043d\u0430\u0440\u0434\u043e\" \u0432\u043d\u043e\u0432\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0430\u0441\u044c DDOS-\u0430\u0442\u0430\u043a\u0435 \u0438\u0437-\u0437\u0430 \u0440\u0443\u0431\u0435\u0436\u0430\n35:22 \u042d\u043a\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u0430 Xiaomi \u0432\u044b\u0448\u043b\u0430 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u043f\u043e \u0432\u0441\u0435\u0439 \u0420\u043e\u0441\u0441\u0438\u0438\n36:38 Qualys-\u044b \u043d\u0430\u0440\u0435\u0441\u0435\u0440\u0447\u0438\u043b\u0438 EoP/LPE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e \u0432\u0441\u0435\u0445 Linux-\u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0430\u0445, \u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u0432 glibc (CVE-2023-4911)\n39:19 XSpider-\u0443 25 \u043b\u0435\u0442. \u0420\u043e\u0432\u043d\u043e \u043a\u0430\u043a \u0438 \u0432\u0441\u0435\u043c\u0443 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u043c\u0443 Vulnerability Management-\u0443. \u041e\u0431\u0441\u0443\u0436\u0434\u0430\u0435\u043c \u0432 \u043a\u0430\u043a\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443 \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u0442\u0441\u044f VM.\n46:42 \u041f\u0440\u043e\u0449\u0430\u043d\u0438\u0435 \u043e\u0442 Mr. X\n\n@avleonovrus #\u041f\u0440\u043e\u0436\u0435\u043a\u0442\u043e\u0440\u041f\u043e\u0418\u0411 #PositiveTechnologies #Exim #TorchServe #Cisco #OpenPubkey #Atlassian #Confluence #cURL #libcurl #bugbounty #\u041c\u0438\u043d\u0446\u0438\u0444\u0440\u044b #\u041b\u0435\u043e\u043d\u0430\u0440\u0434\u043e #Xiaomi #Qualys #Linux #glibc #XSpider #VulnerabilityManagement #MaxPatrolVM", "creation_timestamp": "2023-10-09T21:14:14.000000Z"}, {"uuid": "fc982103-9043-4857-8a5c-1b6363e72e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3854", "type": "seen", "source": "https://t.me/cibsecurity/67132", "content": "\u203c CVE-2023-3854 \u203c\n\nA vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-24T02:25:37.000000Z"}, {"uuid": "1a5f7a91-b065-4037-8015-db821d30fbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/thehackernews/3979", "content": "\ud83d\udea8 Heads up, Developers! Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023. \n \nRead: https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html \n \nCVE-2023-38545 & CVE-2023-38546 pose risks; details under wraps.", "creation_timestamp": "2023-10-09T12:36:14.000000Z"}, {"uuid": "2fc39f7d-22b8-456f-9029-e0d2933c4362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/thehackernews/3979", "content": "\ud83d\udea8 Heads up, Developers! Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023. \n \nRead: https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html \n \nCVE-2023-38545 & CVE-2023-38546 pose risks; details under wraps.", "creation_timestamp": "2023-10-09T12:36:14.000000Z"}, {"uuid": "358fcb53-0a0c-4cc9-8301-8173a92756b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9218", "content": "#exploit\n1. CVE-2023-20198:\nCisco ISO XE Software Web Management User Interface Vulnerability\nhttps://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software\n]-> PoC: https://github.com/Tounsi007/CVE-2023-20198\n]-> Checkscript: https://github.com/Atea-Redteam/CVE-2023-20198\n\n2. CVE-2023-36728:\nWindows SQL Server Pre-Auth Overflow Read\nhttps://v-v.space/2023/10/16/sqlserver-dos-CVE-2023-36728\n\n3. CVE-2023-38545:\nSocks5 heap buffer overflow\nhttps://github.com/d0rb/CVE-2023-38545", "creation_timestamp": "2023-10-19T09:31:44.000000Z"}, {"uuid": "d6425dcc-4bb6-4649-b87e-9e675ce3f877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38546", "type": "seen", "source": "https://t.me/SecLabNews/14403", "content": "Curl 8.4.0: \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0441\u044f \u0432 \u0434\u043e\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u2716\ufe0f \u041d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f curl \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2023-38545 \u0438 CVE-2023-38546, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043a\u0430\u043a libcurl, \u0442\u0430\u043a \u0438 curl.\n\n\u2716\ufe0f \u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u0437 \u0441\u0435\u0431\u044f \u043e\u0448\u0438\u0431\u043a\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 cookie \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e libcurl.\n\n\u2716\ufe0f \u0414\u0430\u043d\u0438\u044d\u043b\u044c \u0421\u0442\u0435\u043d\u0431\u0435\u0440\u0433 \u043f\u0440\u0438\u0437\u043d\u0430\u043b, \u0447\u0442\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 curl \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0431\u044b, \u0435\u0441\u043b\u0438 \u0431\u044b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0431\u044b\u043b \u043d\u0430\u043f\u0438\u0441\u0430\u043d \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u043c \u044f\u0437\u044b\u043a\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441 \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043e\u0431\u044a\u0451\u043c\u043e\u043c \u043f\u0430\u043c\u044f\u0442\u0438, \u0430 \u043d\u0435 \u043d\u0430 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u043c \u044f\u0437\u044b\u043a\u0435 C.\n\n#curl #\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @SecLabNews", "creation_timestamp": "2023-10-11T21:31:49.000000Z"}, {"uuid": "0bfc333c-46f1-4c8f-9504-9b4e4c01e646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "https://t.me/SecLabNews/14403", "content": "Curl 8.4.0: \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0441\u044f \u0432 \u0434\u043e\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u2716\ufe0f \u041d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f curl \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2023-38545 \u0438 CVE-2023-38546, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043a\u0430\u043a libcurl, \u0442\u0430\u043a \u0438 curl.\n\n\u2716\ufe0f \u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u0437 \u0441\u0435\u0431\u044f \u043e\u0448\u0438\u0431\u043a\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 cookie \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e libcurl.\n\n\u2716\ufe0f \u0414\u0430\u043d\u0438\u044d\u043b\u044c \u0421\u0442\u0435\u043d\u0431\u0435\u0440\u0433 \u043f\u0440\u0438\u0437\u043d\u0430\u043b, \u0447\u0442\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 curl \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0431\u044b, \u0435\u0441\u043b\u0438 \u0431\u044b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0431\u044b\u043b \u043d\u0430\u043f\u0438\u0441\u0430\u043d \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u043c \u044f\u0437\u044b\u043a\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441 \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043e\u0431\u044a\u0451\u043c\u043e\u043c \u043f\u0430\u043c\u044f\u0442\u0438, \u0430 \u043d\u0435 \u043d\u0430 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u043c \u044f\u0437\u044b\u043a\u0435 C.\n\n#curl #\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @SecLabNews", "creation_timestamp": "2023-10-11T21:31:49.000000Z"}, {"uuid": "97cfacb9-b4f0-48c4-8cc5-9aac5e5bb293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1312", "content": "https://github.com/d0rb/CVE-2023-38545\nsocks5 heap buffer overflow\n#github", "creation_timestamp": "2023-10-18T05:05:28.000000Z"}, {"uuid": "81a98ae9-de8b-44b0-81a9-c0205886041d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "seen", "source": "Telegram/xcKmU7jr_o-giILMGeN0XaPtOOAzTUc3Z69-kegmYXI0gk0", "content": "", "creation_timestamp": "2023-10-12T19:16:51.000000Z"}, {"uuid": "2424b992-8c89-4fee-a491-f5fc68e4f962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1407", "content": "#exploit\n1. CVE-2023-20198:\nCisco ISO XE Software Web Management User Interface Vulnerability\nhttps://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software\n]-> Checkscript: https://github.com/Atea-Redteam/CVE-2023-20198\n\n2. CVE-2023-36728:\nWindows SQL Server Pre-Auth Overflow Read\nhttps://v-v.space/2023/10/16/sqlserver-dos-CVE-2023-36728\n\n3. CVE-2023-38545:\nSocks5 heap buffer overflow\nhttps://github.com/d0rb/CVE-2023-38545", "creation_timestamp": "2024-08-16T08:34:05.000000Z"}, {"uuid": "6fbbf86f-dda1-4dda-818d-8c9133875749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38545", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1361", "content": "https://github.com/UTsweetyfish/CVE-2023-38545", "creation_timestamp": "2024-08-16T08:33:56.000000Z"}]}