{"vulnerability": "CVE-2024-3094", "sightings": [{"uuid": "b5cf792e-e308-43ec-af2f-97d1e2fe40bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "MISP/8111c62a-47ac-4afb-847a-479fd973078b", "content": "", "creation_timestamp": "2024-04-02T07:00:59.000000Z"}, {"uuid": "d8f41f9b-ae14-4465-b5c9-ea18f2d4cf87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/csapidus.bsky.social/post/3lfz34wd4k22y", "content": "", "creation_timestamp": "2025-01-18T10:13:05.082422Z"}, {"uuid": "c87a6ac6-38f1-4f3c-80c5-c597db1d06a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/letspartytilldawn.bsky.social/post/3lpwaprsvd223", "content": "", "creation_timestamp": "2025-05-24T13:27:02.343342Z"}, {"uuid": "233fe7db-82e7-479e-9c27-25e98a2c6146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpxm5jn2ab2u", "content": "", "creation_timestamp": "2025-05-25T02:24:14.562279Z"}, {"uuid": "0d5f3689-5040-4a03-8458-32194b5ff8fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/csse-bot.bsky.social/post/3lnmkcizfvz26", "content": "", "creation_timestamp": "2025-04-25T06:01:33.421446Z"}, {"uuid": "291b05d1-0611-470a-839d-491231489339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/it-finanzmagazin.de/post/3m3s2alfctn2k", "content": "", "creation_timestamp": "2025-10-22T14:22:50.646124Z"}, {"uuid": "28cfb24b-b6f6-4cdf-9966-d123244cf5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://www.cert.at/de/warnungen/2024/3/kritische-sicherheitslucke-in-fedora-41-und-fedora-rawhide-bibliothek-xz", "content": "", "creation_timestamp": "2024-03-29T17:57:26.000000Z"}, {"uuid": "463607f8-6673-4057-ab17-a81171bad2e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://gist.github.com/lexi-the-cute/44b0b59f5315ebad317277de6cbe55e6", "content": "", "creation_timestamp": "2025-09-10T14:17:30.000000Z"}, {"uuid": "e2df7321-041b-42b5-bfc2-6933ff87be9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lwblixndfc2m", "content": "", "creation_timestamp": "2025-08-13T10:10:33.876842Z"}, {"uuid": "41707758-6615-4b83-8f96-9a34e9734074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-4a87de48-69348e6082c43caf", "content": "", "creation_timestamp": "2025-08-14T08:12:43.164640Z"}, {"uuid": "9cfa212e-6d93-4230-ae0e-157e50dd46c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/ianzhang22/3ac8d3ab09ee9dacca7e45cc5444d0c1", "content": "", "creation_timestamp": "2025-10-08T04:18:38.000000Z"}, {"uuid": "e5c88f13-c87a-40fb-908f-60878edf1bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/ianzhang22/092b17ffecea4e530e0e67401b9ecaff", "content": "", "creation_timestamp": "2025-10-08T04:18:37.000000Z"}, {"uuid": "a5ae1b67-e967-4223-a34f-0d1147ae082a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/kubesploit.io/post/3m2hos4fmvn2x", "content": "", "creation_timestamp": "2025-10-05T18:06:04.492685Z"}, {"uuid": "725d64de-2404-4728-9c05-2a88c19ba731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/mrmps/37e0bfc1524af08c45deece8c02b46de", "content": "", "creation_timestamp": "2025-08-27T18:26:43.000000Z"}, {"uuid": "d3b1c301-5541-4fc3-b9dd-a777317d8865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:10.000000Z"}, {"uuid": "909cb6f4-c341-4c1f-9a59-4517c5d1c735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:26.000000Z"}, {"uuid": "df7650f7-8aca-4007-8626-4cd12be4325e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/kubesploit.io/post/3ly4asl3b7j25", "content": "", "creation_timestamp": "2025-09-05T18:06:07.329515Z"}, {"uuid": "65f169db-f0f5-45a2-b240-af7a31ac57bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://gist.github.com/metamaterialsuit/289ddb625cda77c9e033a04403635813", "content": "", "creation_timestamp": "2026-02-24T09:29:31.000000Z"}, {"uuid": "83540c1b-d844-44c9-938c-c566acf53807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/jonathan-gruber-1/05724c8f2229fceca85cb5694e67abbd", "content": "", "creation_timestamp": "2026-02-13T10:12:10.000000Z"}, {"uuid": "86403174-caa8-48ec-9f81-30fcb6803b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/shtofadhor/cf6606152780d998ca8bf4d288fd4b0d", "content": "", "creation_timestamp": "2026-03-04T21:29:29.000000Z"}, {"uuid": "0c4b16e8-9816-411d-a2b1-b1d88e00b827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/LHMisme420/2bd47337cd83094069095001ba9aa654", "content": "", "creation_timestamp": "2026-02-23T16:54:31.000000Z"}, {"uuid": "2e55b385-9f29-4d1e-a3d8-dca4542aecc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/getter-io/d49377af2b569344979d3e9954c49911", "content": "", "creation_timestamp": "2025-12-27T16:55:08.000000Z"}, {"uuid": "3ce8a22c-c942-4bf2-a67e-aeeb71a23013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/aprosdoketon.bsky.social/post/3mfhpyw7sck22", "content": "", "creation_timestamp": "2026-02-22T18:04:53.346618Z"}, {"uuid": "3a2285f6-f2e7-480f-97fa-de3954fe016f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/meetmarvelous/4917e8dfaf0fb2c6559ae1fafa216ccc", "content": "", "creation_timestamp": "2026-02-09T11:38:08.000000Z"}, {"uuid": "9513f818-f2dd-4d8d-8262-c37c7ab33acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3me4uktveqz2p", "content": "", "creation_timestamp": "2026-02-05T17:02:02.924519Z"}, {"uuid": "59cec124-dbd1-4bc5-8964-6dfb8ba4377f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/thecybermind.co/post/3micp2gzmg72r", "content": "", "creation_timestamp": "2026-03-30T22:20:09.541383Z"}, {"uuid": "f31ac5d4-adce-4893-bd06-dbea2496a8a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/DanielGillespie278/81f3fae3dccb6fe8f8c15e890f6a4b06", "content": "", "creation_timestamp": "2026-03-13T00:54:34.000000Z"}, {"uuid": "269dc69e-b04c-4c49-99fc-81610df794b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1260", "content": "", "creation_timestamp": "2024-04-02T04:00:00.000000Z"}, {"uuid": "3b2eb411-b392-4432-a7da-928778c5e806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://bsky.app/profile/linuxtoday.bsky.social/post/3mi2k4rc74o2x", "content": "", "creation_timestamp": "2026-03-27T16:30:39.378334Z"}, {"uuid": "2c6a996d-2e4d-41f7-ab28-fb167d0a1dbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mi5bk57nst24", "content": "", "creation_timestamp": "2026-03-28T18:35:04.132794Z"}, {"uuid": "917b792d-1ae2-4f6a-8f61-eb1296452d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://gist.github.com/alon710/2199c611ce8981e883f1ab541a397899", "content": "", "creation_timestamp": "2026-01-24T21:30:42.000000Z"}, {"uuid": "5b73843d-b4d2-438d-8d97-3e263279d638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://gist.github.com/alon710/3ba3aa2b7b17166a424b900a6c87a11f", "content": "", "creation_timestamp": "2026-01-24T21:30:41.000000Z"}, {"uuid": "a3ac15d0-88e6-45d8-ad18-46a253145c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-3094", "type": "seen", "source": "https://gist.github.com/alon710/0cf14b18a242bc246ba0f89df0d4e9e3", "content": "", "creation_timestamp": "2026-01-24T22:42:43.000000Z"}, {"uuid": "facf8a43-b110-4765-8642-38288bfbc391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://gist.github.com/hiboma/8ac6a8d6a5b013096f344ca21ca08aca", "content": "", "creation_timestamp": "2026-04-01T05:00:10.000000Z"}, {"uuid": "ceeaf3db-c08d-4ab0-806a-3710a988be3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116330885891185549", "content": "", "creation_timestamp": "2026-04-01T19:11:05.761053Z"}, {"uuid": "cd29cfa9-e6c6-4bf7-8153-ee9e89e70fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7598", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBasic POC to test CVE-2024-3094\nURL\uff1ahttps://github.com/shefirot/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-11T08:43:37.000000Z"}, {"uuid": "66848027-b5c7-4144-8598-c5210f029f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7883", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aGNU IFUNC is the real culprit behind CVE-2024-3094\nURL\uff1ahttps://github.com/robertdfrench/ifuncd-up\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T18:40:25.000000Z"}, {"uuid": "5eecb50d-a051-41f3-9fb6-c01f213b2aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7897", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aWhy GNU IFUNC is the real culprit behind CVE-2024-3094\nURL\uff1ahttps://github.com/T0X1Cx/CVE-2024-34361-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-07T21:24:29.000000Z"}, {"uuid": "4f6f46b8-2ebd-43fd-b9bc-4317d09abb70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8023", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aWhy GNU IFUNC is the real culprit behind CVE-2024-3094\nURL\uff1ahttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-19T03:58:31.000000Z"}, {"uuid": "8da8cf46-1728-4ae3-8f54-15eafcdcc74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/J5Evx8c6q8Iv1XCy46HNHVVg1axdXdjkMA5XVqtOSTRQIfc", "content": "", "creation_timestamp": "2024-03-30T07:32:09.000000Z"}, {"uuid": "8d39d472-c16c-426c-ad1b-f4f65c1bdbeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9273", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094 (XZ Backdoor) Tools\nURL\uff1ahttps://github.com/XiaomingX/cve-2024-3094-xz-backdoor\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-01T05:24:28.000000Z"}, {"uuid": "90954516-f1e0-4f04-97fc-8a20a044e4b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/TbyvnvMJG36HRPFkPQ_0bqUyF7XZabxxdc_yuEfCHFJjcrI", "content": "", "creation_timestamp": "2025-06-19T21:00:05.000000Z"}, {"uuid": "20da1f68-7a88-4bc3-bede-348a5c40725e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/n5hiS3qEoaYgDdE6GkLH0TTaANyby0B2Nr1lHoCe0gHcQSc", "content": "", "creation_timestamp": "2025-06-22T03:00:06.000000Z"}, {"uuid": "1fb82fe3-6475-456f-8712-0f82436879e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8057", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aGNU IFUNC is the real culprit behind CVE-2024-3094\nURL\uff1ahttps://github.com/higorcamposs/zabbix-security-advisories-cve-database\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-23T04:09:22.000000Z"}, {"uuid": "01e96b9e-b64c-4d28-bbca-c879b92d8a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cKure/12677", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 Illustration for XZ outbreak (CVE-2024-3094 Supply-Chain Attack)", "creation_timestamp": "2024-04-05T14:05:30.000000Z"}, {"uuid": "efa8c956-6832-484e-a511-9c6bd1b0e56e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cKure/12639", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Supply-Chain attack: Red Hat on Friday released an \"urgent security alert\" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.\n\nThe software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils versions 5.6.0 (released February 24) and 5.6.1 (released March 9).\n\nhttps://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html", "creation_timestamp": "2024-03-31T09:30:33.000000Z"}, {"uuid": "df451a6c-78d0-4c0f-98c2-fea041b9ee52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9274", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094 (XZ Backdoor) Tools\nURL\uff1ahttps://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-01T05:33:23.000000Z"}, {"uuid": "d8dd62da-8d6a-42b2-8b76-811bb98209ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/cOH3TDAW9T1B751QlDH2fXF_IvZ7hUNNyUk6t4txO43Ixoo", "content": "", "creation_timestamp": "2025-10-16T15:00:11.000000Z"}, {"uuid": "501cd221-0f55-47c0-8fd0-ced6c4b1bf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6890", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aK8S and Docker Vulnerability Check for CVE-2024-3094\nURL\uff1ahttps://github.com/teyhouse/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-30T18:46:45.000000Z"}, {"uuid": "466b483c-2283-4777-9bdc-f61732fdfd0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6888", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aHistory of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.\nURL\uff1ahttps://github.com/emirkmo/xz-backdoor-github\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-30T10:54:30.000000Z"}, {"uuid": "0811da04-3af2-4d3d-b8e1-9e6bdddbb755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6934", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is an container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot.\nURL\uff1ahttps://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-03T10:55:34.000000Z"}, {"uuid": "76710357-cd65-4954-b6fe-3e5a484ffae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/H97MW8DcOQ0HQ2edqbF4Ukf6930T9O-KaahGicp1PWMI3n4", "content": "", "creation_timestamp": "2025-11-05T15:00:12.000000Z"}, {"uuid": "41635cb0-b0e5-4721-801b-0cfddb2f05de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/_uEPSzFNr6HqJN1CCE1x2MfixnAoe1zyVBXupCwzjdQjfEc", "content": "", "creation_timestamp": "2026-04-09T21:00:05.000000Z"}, {"uuid": "12928481-720e-44e5-a4e5-9ee7335fde98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/itsec_news/4252", "content": "\u200b\u26a1\ufe0f10 \u0438\u0437 10: \u0412 Linux \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0431\u0435\u043a\u0434\u043e\u0440 (CVE-2024-3094)\n\n\ud83d\udcac\u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0434\u043b\u044f \u0441\u0436\u0430\u0442\u0438\u044f xz, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux, \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0431\u0435\u043a\u0434\u043e\u0440. \u042d\u0442\u043e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0439 \u0432 \u043f\u0430\u043a\u0435\u0442 \u0443\u0442\u0438\u043b\u0438\u0442\u044b, \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043b\u0443\u0436\u0431\u0430\u043c SSH.\n\u0418\u043d\u0436\u0435\u043d\u0435\u0440-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u0438\u0437 Microsoft \u0410\u043d\u0434\u0440\u0435\u0441 \u0424\u0440\u043e\u0443\u043d\u0434 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0431\u044d\u043a\u0434\u043e\u0440 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043d\u0435\u043c \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044e Openwall, \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0449\u0443\u044e\u0441\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux, \u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443 \u0443\u0442\u0440\u043e\u043c. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 .m4 \u0444\u0430\u0439\u043b\u044b, \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 \u0430\u0440\u0445\u0438\u0432\u044b xz \u0432\u0435\u0440\u0441\u0438\u0438 5.6.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 24 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 automake \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0441\u0436\u0430\u0442\u0438\u044f liblzma, \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0435\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u043b\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u042d\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 liblzma \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 sshd \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b Linux \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f libsystemd. \u042d\u0442\u043e\u0442 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0438\u0439 \u0437\u0430 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u044e \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0439 systemd, \u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0430 liblzma, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0433\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u0432 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 OpenSSH.\n\n\u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b .m4 \u0431\u044b\u043b\u0438 \u0441\u0438\u043b\u044c\u043d\u043e \u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u0441\u043a\u0440\u044b\u0442\u044c \u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0444\u0430\u0439\u043b\u044b \u0431\u044b\u043b\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0430 xz \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u0432\u0443\u0445 \u043b\u0435\u0442.\n\n\u00ab\u0418\u0441\u0445\u043e\u0434\u044f \u0438\u0437 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043d\u0435\u0434\u0435\u043b\u044c, \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u043b\u0438\u0431\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0431\u044b\u043b \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432\u043e\u0432\u043b\u0435\u0447\u0435\u043d \u0432 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u0443\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u043b\u0438\u0431\u043e \u0435\u0433\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0430\u0441\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u043c\u0443 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u0432\u0442\u043e\u0440\u043e\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043a\u0430\u0436\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u044b\u043c, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0435\u0433\u043e \u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0432 \u0441\u043f\u0438\u0441\u043a\u0430\u0445 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u00ab\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439\u00bb \u2014 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u0424\u0440\u043e\u0439\u043d\u0434 \u0432 \u0441\u0432\u043e\u0435\u043c \u0434\u043e\u043a\u043b\u0430\u0434\u0435, \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 xz 5.6.1. \u042d\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a valgrind \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0441\u0431\u043e\u0435\u0432, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u044b\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c.\n\n\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0431 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-3094 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043b\u043b CVSS 10, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 xz, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043a \u0432\u0435\u0440\u0441\u0438\u0438 5.4.6.\n\u0424\u0440\u043e\u0439\u043d\u0434 \u043e\u0442\u043c\u0435\u0442\u0438\u043b, \u0447\u0442\u043e \u0432\u0435\u0440\u0441\u0438\u0438 xz 5.6.0 \u0438 5.6.1 \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u043c\u0438 Linux, \u0430 \u0442\u0430\u043c, \u0433\u0434\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0432 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445.\n\nRed Hat \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0441\u0440\u043e\u0447\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043b\u044e\u0431\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Fedora Rawhide \u0438\u0437-\u0437\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 xz. \u0412 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c Fedora Linux 40 \u043a \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 xz 5.4.\n\n\u0424\u0440\u043e\u0439\u043d\u0434 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0431\u044d\u043a\u0434\u043e\u0440 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Debian. \u0421\u043e\u0432\u0435\u0442 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Debian \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0432 \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435, \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430. \u0412 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u043e, \u0447\u0442\u043e \u0432\u0435\u0440\u0441\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u0430 \u0431\u044b\u043b\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0435\u043d\u0430 \u043a 5.4.5 \u0441 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f. \u041f\u043e \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Debian \u043d\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438.\nCVE-2024-3094 \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u0438 \u043d\u0430 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 HomeBrew \u0434\u043b\u044f macOS. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043e, \u0447\u0442\u043e Kali Linux \u2014 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 \u043e\u0442 OffSec \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0442\u0435\u0441\u0442\u043e\u0432 \u043d\u0430 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u2014 \u0442\u043e\u0436\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 26 \u043f\u043e 29 \u043c\u0430\u0440\u0442\u0430\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-03-30T15:17:29.000000Z"}, {"uuid": "c4e99ff2-4a42-445b-94af-7c893d3642c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6884", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScript to detect CVE-2024-3094.\nURL\uff1ahttps://github.com/bioless/xz_cve-2024-3094_detection\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-29T23:21:51.000000Z"}, {"uuid": "8db187f8-0532-4658-ac9d-d8aa6e649566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6883", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aVerify that your XZ Utils version is not vulnerable to CVE-2024-3094\nURL\uff1ahttps://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-29T21:14:08.000000Z"}, {"uuid": "d2f096ff-384c-4b1f-b7a7-0196f35f9482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6882", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aQuick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094)\nURL\uff1ahttps://github.com/FabioBaroni/CVE-2024-3094-checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-29T20:31:04.000000Z"}, {"uuid": "587f78ce-f6a5-41b9-8ed9-73942c48bb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6881", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aInformation for CVE-2024-3094\nURL\uff1ahttps://github.com/byinarie/CVE-2024-3094-info\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-29T17:08:40.000000Z"}, {"uuid": "18484990-06b3-4514-831b-c4a25df17551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6885", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBash script and 1-liner to validate if a system is running a vulnerable version of \\\"xz\\\" as per CVE-2024-3094\nURL\uff1ahttps://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-30T00:01:58.000000Z"}, {"uuid": "9bbdb1de-9a0e-4219-a634-facee5dd7284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6896", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aA script to detect if xz is vulnerable - CVE-2024-3094\nURL\uff1ahttps://github.com/Yuma-Tsushima07/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-31T11:13:50.000000Z"}, {"uuid": "75fef00d-075e-4fe3-ad37-ae97ee202884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6893", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094\nURL\uff1ahttps://github.com/isuruwa/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-31T05:35:03.000000Z"}, {"uuid": "77be5031-f9f3-41b1-a403-0b9e0e439175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6892", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAn ssh honeypot with the XZ backdoor. CVE-2024-3094\nURL\uff1ahttps://github.com/lockness-Ko/xz-vulnerable-honeypot\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-30T22:10:38.000000Z"}, {"uuid": "245f2b15-6202-4fdc-95d2-be76f948b712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6891", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aK8S and Docker Vulnerability Check for CVE-2024-3094\nURL\uff1ahttps://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-30T19:26:05.000000Z"}, {"uuid": "d79be7ef-f789-404d-b64e-df2de5d295f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6903", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094\nURL\uff1ahttps://github.com/mesutgungor/xz-backdoor-vulnerability\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-01T09:12:06.000000Z"}, {"uuid": "c87d7dcc-ade3-45c1-86e0-ec1109243788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6900", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aXZ-Utils\u5de5\u5177\u5e93\u6076\u610f\u540e\u95e8\u690d\u5165\u6f0f\u6d1e(CVE-2024-3094)\nURL\uff1ahttps://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-01T01:57:37.000000Z"}, {"uuid": "78b112bf-92f4-4c3d-8690-bd04cafec660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6914", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScript en bash para revisar si tienes la vulnerabilidad CVE-2024-3094.\nURL\uff1ahttps://github.com/hackingetico21/revisaxzutils\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T01:24:43.000000Z"}, {"uuid": "45fb37b0-2f59-46cc-8ad8-db579b8e933f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6910", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1anotes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)\nURL\uff1ahttps://github.com/amlweems/xzbot\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-01T16:47:02.000000Z"}, {"uuid": "62da47fb-1a02-460e-ba94-94ca9a1f9bdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6909", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aChecker - CVE-2024-3094\nURL\uff1ahttps://github.com/gustavorobertux/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-01T15:23:16.000000Z"}, {"uuid": "26296491-eadc-4afa-bb08-5f7c5f3db40d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6906", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aObsidian notes about CVE-2024-3094\nURL\uff1ahttps://github.com/reuteras/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-01T12:42:11.000000Z"}, {"uuid": "7207cc68-9895-481e-b3c8-c8df6d8b9379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6921", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094 - Checker (fix for arch etc)\nURL\uff1ahttps://github.com/pentestfunctions/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T09:00:58.000000Z"}, {"uuid": "7eacd799-f922-4953-a1dc-7ffae11ebd18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6916", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aDetectar CVE-2024-3094\nURL\uff1ahttps://github.com/ScrimForever/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T03:38:15.000000Z"}, {"uuid": "40fb6303-f507-4189-9d7d-e6fbdde6b866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6915", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-3094 XZ Backdoor Detector\nURL\uff1ahttps://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T01:58:02.000000Z"}, {"uuid": "42399c16-1bd3-4331-a689-9894021a679e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6926", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aOur current information about the CVE-2024-3094 backdoor.\nURL\uff1ahttps://github.com/CyberGuard-Foundation/CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T23:16:35.000000Z"}, {"uuid": "96681b1b-0f38-4fdf-a5b7-d7da49f22451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6925", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aapocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links\nURL\uff1ahttps://github.com/przemoc/xz-backdoor-links\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T20:19:55.000000Z"}, {"uuid": "ba82c526-b4ac-49c4-9e32-22cdf184bbcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6924", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aDockerfile and Kubernetes manifests for reproduce CVE-2024-3094\nURL\uff1ahttps://github.com/r0binak/xzk8s\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T20:10:59.000000Z"}, {"uuid": "78732365-17a0-4fde-a91a-9049b8f98de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6936", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aVerify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor\nURL\uff1ahttps://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-03T13:11:50.000000Z"}, {"uuid": "b9361ab5-7dbf-4d54-8dee-6d487efe3f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6932", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCollection of Detection, Fix, and exploit for CVE-2024-3094 \nURL\uff1ahttps://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-03T07:57:12.000000Z"}, {"uuid": "b09700ac-1c25-44c8-8f27-439888f3e0db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6942", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScans liblzma from xu-utils for backdoor (CVE-2024-3094)\nURL\uff1ahttps://github.com/weltregie/liblzma-scan\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-04T11:34:02.000000Z"}, {"uuid": "2a262589-78b7-4e35-b942-c5c105c400c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6940", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aOur current information about the CVE-2024-3094 backdoor.\nURL\uff1ahttps://github.com/iheb2b/CVE-2024-3094-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-03T22:20:58.000000Z"}, {"uuid": "25ea484c-829c-4e7d-9f74-3660a11d3478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6946", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAn Ansible playbook to check and remediate CVE-2024-3094 (XZ Backdoor)\nURL\uff1ahttps://github.com/crfearnworks/ansible-CVE-2024-3094\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-04T14:40:34.000000Z"}, {"uuid": "0ccfa5e6-c580-4fe5-be3b-3e9d4beb0eef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6950", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAn Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool.\nURL\uff1ahttps://github.com/badsectorlabs/ludus_xz_backdoor\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-05T02:00:12.000000Z"}, {"uuid": "da52b5d8-9db6-4806-bbf1-5f58ae292bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6957", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScan for files containing the signature from the `xz` backdoor (CVE-2024-3094)\nURL\uff1ahttps://github.com/Juul/xz-backdoor-scan\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-06T06:32:27.000000Z"}, {"uuid": "be1ee942-92e1-48de-9482-67af06107f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7106", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aXZ Utils CVE-2024-3094 POC for Kubernetes\nURL\uff1ahttps://github.com/neuralinhibitor/xzwhy\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-18T13:10:43.000000Z"}, {"uuid": "7b7da82b-54db-4f42-b92d-4158d0daaffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/RedPillDealer4833/138288", "content": "Someone should find that guy!\nhttps://www.armosec.io/blog/cve-2024-3094-kubernetes/", "creation_timestamp": "2024-04-01T23:20:35.000000Z"}, {"uuid": "dae9b8d3-3a4f-40ef-b28e-608861ca4fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/iDpciKSSZoAuKLzHCBxsxmN8Po66tQiLuLn1GSrxH7iP_5o", "content": "", "creation_timestamp": "2026-04-23T21:00:04.000000Z"}, {"uuid": "8c1913a5-5db5-4cbd-a125-f6c04441e9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/By3side/349", "content": "\u0411\u044d\u043a\u0434\u043e\u0440 \u0432 XZ Utils \n\n\u0412\u0447\u0435\u0440\u0430 \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0431\u0435\u043a\u0434\u043e\u0440 (CVE-2024-3094) \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 XZ \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 liblzma \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445  Linux - \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u0412\u0441\u0435 \u0443 \u043a\u043e\u0433\u043e \u0441\u0442\u043e\u0438\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f - \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0442\u0430\u043a\u043e\u0439 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u043d\u0435 \u0431\u044b\u043b\u043e \u043e\u0447\u0435\u043d\u044c \u0434\u0430\u0432\u043d\u043e!\n\n\u041a\u0440\u0430\u0442\u043a\u043e:\n- \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 5.6.0 \u0438 5.6.1.\n- \u0415\u0441\u043b\u0438 \u043e\u043d\u0438 \u0443 \u0432\u0430\u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430, \u0441\u0440\u043e\u0447\u043d\u043e \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0439\u0442\u0435 \u043f\u0440\u043e\u0448\u043b\u0443\u044e \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0438 \u0441\u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0447\u0442\u043e \u0432\u044b \u0443\u0436\u0435 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b. \n- \u041c\u0435\u043d\u044f\u0439\u0442\u0435 \u043f\u0430\u0440\u043e\u043b\u0438, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439\u0442\u0435 cron, \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043b\u043e\u0433\u0438, \u0438\u0449\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 FAQ \u043e\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Tenable \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e \u0432 \u0432\u0438\u0434\u0435 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u043e\u0432, \u0442.\u043a. \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0435\u0433\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 IP \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f.\n\n\u041d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0441\u0430\u043c\u0430\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f. \u041e\u043f\u0435\u043d\u0441\u043e\u0440\u0441 \u043d\u0435 \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0431\u0435\u043a\u0434\u043e\u0440\u043e\u0432, \u0442\u0430\u043a\u043e\u0432\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c.", "creation_timestamp": "2024-03-30T11:59:39.000000Z"}, {"uuid": "ba3c7159-e585-4fa0-b00f-f48aeb72104f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/Yz_0I0Fxhv491-raEl6MFGybyjENBbF5tAsDbTjDjAX0wLY", "content": "", "creation_timestamp": "2025-10-22T21:00:04.000000Z"}, {"uuid": "9a29f5e0-7c0f-4827-9bbd-e884c618c58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/k65Luaba8Fo3blOkMXIMaYfKgMppZ09_hRCYJGbV4Az32CA", "content": "", "creation_timestamp": "2025-10-16T21:00:05.000000Z"}, {"uuid": "a9be8e02-25c4-44bd-ab33-c537aaf088e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/4385", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043d\u0435\u0441\u043a\u0443\u0447\u043d\u044b\u043c XZ\n\n\u041f\u043e\u043b\u043d\u0430\u044f \u0440\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u0430 \u043f\u0440\u043e\u0434\u0432\u0438\u0436\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0432 \u043f\u0430\u043a\u0435\u0442 xz \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0441\u0441\u044b\u043b\u043a\u0430\u043c\u0438 \u0438 \u0442.\u0434., \u0442\u0430\u043c \u0442\u0435\u043a\u0441\u0442\u0430 \u043c\u043d\u043e\u0433\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435 \u0441\u0442\u0430\u043b \u0441\u044e\u0434\u0430 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c (\u0432\u0442\u044b\u043a\u043d\u0443\u043b \u0434\u043e\u043c\u0435\u043d .me, \u0434\u043e\u043b\u0436\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432\u043d\u0435 \u0420\u0424)\nhttps://www.opennet.me/opennews/art.shtml?num=60880\n+\nFAQ on the xz-utils backdoor\nhttps://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\n+\n\u0414\u043e\u0448\u043b\u043e \u0443\u0436\u0435 \u0438 \u0434\u043e CISA\n\nReported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094\nhttps://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094", "creation_timestamp": "2024-03-30T16:49:14.000000Z"}, {"uuid": "419cafde-9808-4c30-b23a-b3a3ea29a8c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/E2S7IdFkTtFoLBM7WX7LHdK6NnluTQpvrIlBfsXs1ueBQY4", "content": "", "creation_timestamp": "2025-09-12T09:00:05.000000Z"}, {"uuid": "330e5adb-d99d-4ac3-aa8f-2946a641254d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/201", "content": "\ud83d\udd27 CVE Exploitation Tools (2024\u20132025)\n\n1. CVE-2024-25600 \u2013 WordPress Bricks Builder RCE\n\n2. CVE-2024-24919 \u2013 Check Point Security Gateway RCE\n\n3. CVE-2024-29025 \u2013 Netty HttpPostRequestDecoder DoS\n\n4. CVE-2024-21525 \u2013 node-twain Buffer Overflow\n\n5. CVE-2024-3094 \u2013 XZ Backdoor Detector\n\n6. CVE-2024-21515 \u2013 OpenCart Reflected XSS\n\n7. CVE-2024-21552 \u2013 SuperAGI Arbitrary Code Execution\n\n8. CVE-2024-56249 \u2013 WordPress WPMasterToolKit Arbitrary File Upload\n\n9. CVE-2024-24919 \u2013 Check Point VPN Exploit\n\n10. CVE-2024-24919 \u2013 Python Exploit Script\n\nPython script to exploit CVE-2024-24919 vulnerability.\n\nGitHub: LucasKatashi/CVE-2024-24919\n\n11. CVE-2024-24919 \u2013 Exploit PoC\n\nProof-of-Concept for exploiting CVE-2024-24919.\n\nGitHub: seed1337/CVE-2024-24919-POC\n\n12. CVE-2024-24919 \u2013 Check Point Remote Access VPN Exploit\n\nScripts to exploit CVE-2024-24919 in Check Point VPNs.\n\nGitHub: Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN\n\n13. CVE-2024-25600 \u2013 Alternate Exploit Script\n\nAnother implementation to exploit Bricks Builder RCE.\n\nGitHub: meli0dasH4ck3r/cve-2024-25600\n\n14. CVE-2024-25600 \u2013 Exploit Script\n\nPython script to exploit Bricks Builder RCE vulnerability.\n\nGitHub: K3ysTr0K3R/CVE-2024-25600-EXPLOIT \n\n\n\ud83d\udd27 CVE Exploitation Tools & Frameworks\n\n1. trickest/cve\n\n\ud83d\udd17 https://github.com/trickest/cve\n\n2. PayloadsAllTheThings \u2013 CVE Exploits\n\n\ud83d\udd17 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits/README.md\n\n3. qazbnm456/awesome-cve-poc\n\n\ud83d\udd17 https://github.com/qazbnm456/awesome-cve-poc\n\n4. intel/cve-bin-tool\n\n\ud83d\udd17 https://github.com/intel/cve-bin-tool\n\n5. cve-search/cve-search\nN\n\n\ud83d\udd17 https://github.com/cve-search/cve-search\n\n6. vertoforce/CVE-Enrichment\n\n\ud83d\udd17 https://github.com/vertoforce/CVE-Enrichment\n\n7. TURROKS/CVE_Prioritizer\n\n\ud83d\udd17 https://github.com/TURROKS/CVE_Prioritizer\n\n8. clearlinux/cve-check-tool\n\n\ud83d\udd17 https://github.com/clearlinux/cve-check-tool\n\n9. cddmp/cvecheck\n\n\ud83d\udd17 https://github.com/cddmp/cvecheck\n\n10. center-for-threat-informed-defense/attack_to_cve\n\nMaps MITRE ATT&CK techniques to CVEs to characterize vulnerability impacts.\n\n\ud83d\udd17 https://github.com/center-for-threat-informed-defense/attack_to_cve\n\n\n\ud83e\uddea Specific CVE Exploit Tools\n\n11. CVE-2024-25600 Exploit Tool\n\nDesigned to exploit a vulnerability in the Bricks Builder plugin for WordPress.\n\n\ud83d\udd17 https://github.com/Chocapikk/CVE-2024-25600\n\n12. RevoltSecurities/CVE-2024-24919\n\nTool to detect and exploit CVE-2024-24919 vulnerability.\n\n\ud83d\udd17 https://github.com/RevoltSecurities/CVE-2024-24919\n\n13. ROCA Detection Tool\n\nDetects RSA keys vulnerable to the ROCA vulnerability (CVE-2017-15361).\n\n\ud83d\udd17 https://github.com/crocs-muni/roca\n\n\ud83d\udee0\ufe0f Additional Tools & Resources\n\n14. Goby\n\nA network security assessment tool that can scan for vulnerabilities and map attack surfaces.\n\n\ud83d\udd17 https://github.com/gobysec/Goby\n\n15. awesome-pentestu\n\nA curated list of penetration testing resources, including tools for CVE exploitation.\n\n\ud83d\udd17 https://github.com/enaqx/awesome-pentest\n\n16. awesome-bugbounty-tools\n\nA collection of tools useful for bug bounty hunting, some of which relate to CVE exploitation.\n\n\ud83d\udd17 https://github.com/vavkamil/awesome-bugbounty-tools\n\n17. cyberguideme/Tools\n\nA repository of various cybersecurity tools, including those for exploiting known vulnerabilities.\n\n\ud83d\udd17 https://github.com/cyberguideme/Tools\n\n\n#GrayHats", "creation_timestamp": "2025-04-18T19:33:22.000000Z"}, {"uuid": "29d61e65-a228-4919-ac87-ba3d9c3c0e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/BleepingComputer/19717", "content": "\u200aNew XZ backdoor scanner detects implant in any Linux binary\n\nFirmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...]\n\nhttps://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/", "creation_timestamp": "2024-04-02T18:52:26.000000Z"}, {"uuid": "b2489edc-2aaf-4b18-b227-34dc089f13ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/hackyourmom/12367", "content": "\ud83d\udd0d \u0414\u043e\u0441\u043b\u0456\u0434\u043d\u0438\u043a\u0438 \u0432\u0438\u044f\u0432\u0438\u043b\u0438 \u043f\u043e\u043d\u0430\u0434 35 Docker Hub-\u043e\u0431\u0440\u0430\u0437\u0456\u0432, \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0445 XZ Utils-\u0431\u0435\u043a\u0434\u043e\u0440\u043e\u043c (CVE-2024-3094), \u0432\u043a\u043b\u044e\u0447\u043d\u043e \u0437 1\ufe0f\u20e32\ufe0f\u20e3 \u043e\u0444\u0456\u0446\u0456\u0439\u043d\u0438\u043c\u0438 Debian-\u043e\u0431\u0440\u0430\u0437\u0430\u043c\u0438. \u0428\u043a\u0456\u0434\u043b\u0438\u0432\u0438\u0439 \u043a\u043e\u0434 \u0443 \u0431\u0456\u0431\u043b\u0456\u043e\u0442\u0435\u0446\u0456 liblzma/so \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u043e\u0431\u0445\u0456\u0434 \u0430\u0432\u0442\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0446\u0456\u0457 \u0442\u0430 \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432\u0456\u0434 \u0456\u043c\u0435\u043d\u0456 root \u0447\u0435\u0440\u0435\u0437 SSH \ud83d\udc7e\ud83e\udd14 #cybernews", "creation_timestamp": "2025-08-13T15:29:28.000000Z"}, {"uuid": "70f983ef-3a35-4659-ba6f-f179eab95005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3852", "content": "\ud83d\ude08 [ Kali Linux @kalilinux ]\n\nThe xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today:\n\nsudo apt update && sudo apt install --only-upgrade liblzma5\n\n\ud83d\udd17 https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/\n\ud83d\udd17 https://www.openwall.com/lists/oss-security/2024/03/29/4\n\ud83d\udd17 https://threadreaderapp.com/thread/1773786266074513523.html\n\n\ud83d\udc25 [ tweet ]\n\n\u26a0\ufe0f UPDATE ASAP \u26a0\ufe0f", "creation_timestamp": "2024-03-30T07:10:54.000000Z"}, {"uuid": "ffd55d49-447d-4942-ab59-54bd75d90237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/road_to_oscp/307", "content": "[ XZ backdoor - CVE-2024-3094 ]\n\n! Backdoor in upstream xz/liblzma leading to SSH server compromise !\n\nCheck:\nxz --version\n\n5.6.0 & 5.6.1 \u2014 v u l n e r a b l e\n\nUpdate:\nsudo apt update && sudo apt install --only-upgrade liblzma5\n\nSummary:\nhttps://boehs.org/node/everything-i-know-about-the-xz-backdoor\n\nHow it all started (email): \nhttps://www.openwall.com/lists/oss-security/2024/03/29/4\n\nGitHub Thread:\nhttps://web.archive.org/web/20240329223553/https://github.com/tukaani-project/xz/issues/92\n\nMessage from Kali Linux team:\nhttps://twitter.com/kalilinux/status/1773786266074513523\nThe xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.\n\nNote that (almost) all Linux distros could be affected!\nFor example, Fedora \u2014 Red Hat warned users to immediately stop using systems running Fedora development and experimental versions:\nhttps://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros\n\nNews:\nhttps://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor\n\nAnd from CISA:\nhttps://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\n\nSo... JiaT75 made 750 commits in 2 years and finally backdoored XZ...", "creation_timestamp": "2024-03-30T13:40:51.000000Z"}, {"uuid": "af918347-30bd-4937-a669-3cc96fffe469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6897", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAnsible playbook for patching CVE-2024-3094\nURL\uff1ahttps://github.com/Simplifi-ED/CVE-2024-3094-patcher\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-31T14:11:39.000000Z"}, {"uuid": "2e5418ef-27ad-4b7b-9ef0-f20e649a8eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6939", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThe repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094.\nURL\uff1ahttps://github.com/TheTorjanCaptain/CVE-2024-3094-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-03T19:15:56.000000Z"}, {"uuid": "364d511c-be8b-4af9-96b0-4417708af884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/ptescalator/240", "content": "\u0427\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e OpenSSH \u0432 2024 \u0433\u043e\u0434\u0443 \ud83d\udeaa\n\n\u0412\u0437\u0433\u043b\u044f\u043d\u0435\u043c \u043d\u0430 \u0442\u0430\u0439\u043c\u043b\u0430\u0439\u043d:\n\n\u2022 \u0412\u0435\u0441\u043d\u0430. \u0411\u044d\u043a\u0434\u043e\u0440 \u0432 xz-utils (CVE-2024-3094). \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 systemd, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432 OpenSSH \u0435\u0441\u0442\u044c \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c liblzma, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0432 \u043d\u0435\u043c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438 \u0441\u0430\u043c\u0438\u043c OpenSSH \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f (\u0442\u043e \u0435\u0441\u0442\u044c \u0441\u043a\u043e\u0440\u0435\u0435 \u0440\u0435\u0447\u044c \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u044d\u0442\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u0430 \u043d\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u043d\u0430 OpenSSH).\n\n\u2022 \u0418\u044e\u043b\u044c. \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 glibc, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 regreSSHion (CVE-2024-6387) \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u043f\u0435\u0440\u0435\u0440\u043e\u0436\u0434\u0435\u043d\u043d\u0443\u044e CVE-2006-5051.\n\n\u2022 \u0412\u0441\u0435 \u0442\u043e\u0442 \u0436\u0435 \u0438\u044e\u043b\u044c. \u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0441\u0445\u043e\u0436\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-6409.\n\n\u2022 \u0410\u0432\u0433\u0443\u0441\u0442. \u0415\u0449\u0435 \u043e\u0434\u043d\u0430, \u0443\u0436\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u043d\u0430\u044f \u0434\u043b\u044f FreeBSD, CVE-2024-7589.\n\n\u2754 \u0427\u0442\u043e \u044d\u0442\u043e \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u043b\u043e\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0433\u043e\u043d\u043a\u0438\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u043d\u0430 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, regreSSHion \u2014 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u0431\u0430\u0433 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 sshd) \u2014 \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 SSH-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441 glibc. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u0438 \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e). \u041d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e PoC \u043d\u0435\u0442 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440.\n\n\u041c\u044b \u0440\u0435\u0448\u0438\u043b\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f, \u0442\u0430\u043a \u043b\u0438 \u043e\u043f\u0430\u0441\u043d\u044b \u044d\u0442\u0438 \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0438 \u043a\u0430\u043a\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0432 sshd \u043f\u0440\u0438\u0437\u0432\u0430\u043d\u044b \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043b\u0438 \u0445\u043e\u0442\u044f \u0431\u044b \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u0443\u0449\u0435\u0440\u0431 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438. \u041f\u043e\u043f\u0443\u0442\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043e\u0431\u0437\u043e\u0440 \u0438 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 OpenSSH \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\ud83d\udd23 \u0418 \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u0441\u0435 \u044d\u0442\u043e \u0441 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0430\u0437\u043e\u0439 \u0438 \u044d\u043a\u0441\u043a\u0443\u0440\u0441\u043e\u043c \u043d\u0430 30 \u0441\u0435\u043a\u0443\u043d\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0432 \u043d\u0430\u0448\u0435\u043c \u0431\u043b\u043e\u0433\u0435 \u043d\u0430 \u0425\u0430\u0431\u0440\u0435. Enjoy!\n\n#CVE #escvr\n@ptescalator", "creation_timestamp": "2025-01-30T08:33:54.000000Z"}, {"uuid": "7b75ad20-6665-42ac-8758-291e09bbfddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/2lW_VAPY7dTgBAMOHqmOlsHgXjuPlUYLIzJwxlW1R5vFC24", "content": "", "creation_timestamp": "2025-06-27T21:00:04.000000Z"}, {"uuid": "7beacd47-5f5f-4a60-91e6-7a6cd4e34629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/S3luyvJ2R7xCTSLpSlkUyEdAxTgE_nQEIWaJA9giiuBhhRI", "content": "", "creation_timestamp": "2025-06-03T15:00:07.000000Z"}, {"uuid": "e97dcda9-f728-450e-9e96-9c1b3e7a7408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/Russian_OSINT/5662", "content": "\ud83d\ude01 GNOME \u0444\u043e\u0440\u0441\u0438\u0440\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0442\u0435\u0441\u043d\u0443\u044e \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044e \u0441 systemd\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 GNOME \u0410\u0434\u0440\u0438\u0430\u043d \u0412\u043e\u0432\u043a (Adrian Vovk) \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b \u0443 \u0441\u0435\u0431\u044f \u0432 \u0431\u043b\u043e\u0433\u0435 \u043e \u043f\u043b\u0430\u043d\u0430\u0445 \u0431\u043e\u043b\u0435\u0435 \u0442\u0435\u0441\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430 GNOME \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u043e\u043c systemd.\n\n\u0415\u0441\u043b\u0438 \u0440\u0430\u043d\u044c\u0448\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043d\u0435\u0444\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433\u0438 \u0434\u043b\u044f \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432, \u0442\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442 \u044f\u0434\u0440\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u041c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0432\u0445\u043e\u0434\u0430 GDM \u0438 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0441\u0435\u0441\u0441\u0438\u0439 gnome-session \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u043f\u0440\u044f\u043c\u044b\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 systemd-userdb \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0435\u0433\u043e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432.\n\n\u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u043e\u0437\u0438\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432, \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e\u043c, \u0437\u0432\u0443\u0447\u0438\u0442 \u043f\u0440\u0430\u0433\u043c\u0430\u0442\u0438\u0447\u043d\u043e: \u043e\u0442\u043a\u0430\u0437 \u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u043c\u0438\u043d\u043e\u0440\u0438\u0442\u0430\u0440\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043d\u0430 \u0435\u0434\u0438\u043d\u043e\u043c, \u0445\u043e\u0440\u043e\u0448\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0442\u0435\u043a\u0435, \u043f\u043e\u0432\u044b\u0448\u0430\u044f \u0435\u0433\u043e \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u043d\u0443\u044e \u043b\u043e\u0433\u0438\u043a\u0443, \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0432 \u043d\u0435\u0441\u0435\u0442 \u0432 \u0441\u0435\u0431\u0435 \u0440\u044f\u0434 \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432. \n\n\u041a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0442\u043e\u0440\u044b \u0432\u044b\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043c\u043d\u0435\u043d\u0438\u0435, \u0447\u0442\u043e c \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \"\u0433\u043d\u043e\u043c\u044b\" \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u0443\u044e\u0442 \u0440\u0438\u0441\u043a\u0438. \u041d\u0435\u0434\u0430\u0432\u043d\u0438\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c XZ Utils (CVE-2024-3094). \u0410\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 liblzma, \u043e\u0442 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 libsystemd, \u0438 \u0447\u0443\u0442\u044c \u043d\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u0430\u0442\u0430\u0441\u0442\u0440\u043e\u0444\u0435.\n\n\u0413\u043b\u0430\u0432\u043d\u044b\u0439 \u0440\u0438\u0441\u043a \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043c\u043e\u043d\u043e\u043a\u0443\u043b\u044c\u0442\u0443\u0440\u044b \u0438 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0441\u0435\u0445 \u0443\u0433\u0440\u043e\u0437 \u0432 \u043e\u0434\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435. systemd \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a PID 1 \u2014 \u0441\u0430\u043c\u044b\u0439 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u041a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043d\u0438\u043c \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0432\u0441\u0435\u043c. \u0420\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 systemd \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 \u0443\u0436\u0435 \u0441\u043e\u0437\u0434\u0430\u043b\u043e \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043c\u043e\u043d\u043e\u043f\u043e\u043b\u0438\u044e, \u0430 \u0436\u0435\u0441\u0442\u043a\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 GNOME \u043e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0435\u0451 \u0446\u0435\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u0435\u0442. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 (Fedora, Debian, Ubuntu, Arch) \u043f\u0440\u0438\u043d\u044f\u043b\u0438 systemd \u043a\u0430\u043a \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e. \n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 systemd \u0438\u0441\u0442\u043e\u0440\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0435\u043b\u0430\u0441\u044c \u0438 \u0441\u043f\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c Red Hat (\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043a\u0443\u043f\u0438\u043b\u0430 IBM). \u041a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u041b\u0435\u043d\u043d\u0430\u0440\u0442\u0430 \u041f\u043e\u0442\u0442\u0435\u0440\u0438\u043d\u0433\u0430, \u0431\u044b\u043b\u0438 \u0438\u0445 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u0435\u0439\u0447\u0430\u0441 \u041f\u043e\u0442\u0442\u0435\u0440\u0438\u043d\u0433 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 Microsoft.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u0438\u0434\u044f\u0442 \u0432 \u043d\u043e\u0432\u043e\u0432\u0432\u0435\u0434\u0435\u043d\u0438\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0443 IBM/\ud83c\udfa9 Red Hat \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u044d\u043a\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 Linux, \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0432 \u0435\u0451 \u0432 \u043f\u043e\u0434\u043e\u0431\u0438\u0435 Windows.\n\n\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u0440\u0438\u0434\u0451\u0442\u0441\u044f \u043e\u0442\u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u043e\u0442 GNOME. \u041b\u0438\u0431\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u0441\u0442\u044b\u043b\u0438 (\u043a\u0430\u043a elogind), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0443\u0434\u0443\u0442 \u043c\u0435\u043d\u0435\u0435 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u043c\u0438.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u043c \u0444\u0438\u043b\u043e\u0441\u043e\u0444\u0438\u0438 Unix \u0438 Linux, \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442 \"\u043d\u0435 \u043d\u0440\u0430\u0432\u0438\u0442\u0441\u044f \u2014 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\" \u0442\u0435\u0440\u044f\u0435\u0442 \u0441\u0432\u043e\u044e \u0441\u0438\u043b\u0443, \u0442\u0430\u043a \u043a\u0430\u043a GNOME \u0434\u0435\u043b\u0430\u0435\u0442 systemd \u043f\u043e \u0441\u0443\u0442\u0438 \u0431\u0435\u0437\u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u043c.\n\n\ud83e\udd14 \u041f\u0440\u043e \u0442\u0435\u043e\u0440\u0438\u044e \u0437\u0430\u0433\u043e\u0432\u043e\u0440\u0430 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445 \u043e \u0437\u0430\u043a\u043b\u0430\u0434\u043a\u0430\u0445 \u0410\u041d\u0411 \u0432 systemd \u043b\u0443\u0447\u0448\u0435 \u0434\u0430\u0436\u0435 \u043d\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u0442\u044c \u0440\u0430\u0441\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c...\n\n\ud83c\udf83 \u041d\u0435 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u043e, \u0447\u0442\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043a\u043e\u0432 \u043a\u043e\u0440\u0438\u0446\u044b \u0438 \"\u043b\u044e\u0431\u0438\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u0433\u043e\u043d\u044f\u0442\u044c \u0432 \u043a\u0435\u0434\u0430\u0445\" \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0435.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2025-06-11T14:48:46.000000Z"}, {"uuid": "c35eb6b4-027a-4386-93ae-1b1ab3a52ad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/kasperskyb2b/1205", "content": "\ud83d\udea8 \u0411\u044d\u043a\u0434\u043e\u0440 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 Linux-\u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445\n\n\u0412\u0441\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435 \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u0438\u0437 \u043c\u0438\u0440\u0430 open source. \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u0445 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u0435\u0441\u0441\u0438\u0438 XZ \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0431\u044d\u043a\u0434\u043e\u0440 (CVE-2024-3094), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0441\u043b\u0435\u0434\u043e\u0432 \u0432 \u043b\u043e\u0433\u0430\u0445 sshd.\n\n\u0422\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 5.6.0 \u0438 5.6.1 \u0443\u0441\u043f\u0435\u043b\u0438 \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 Linux, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0432 \u043c\u0430\u0440\u0442\u0435:\n\ud83d\udd34 Alpine (5.6.0 \u2014 5.6.1-r1 )\n\ud83d\udd34 Debian (\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438) 5.5.1alpha-0.1 \u2014 5.6.1-1.\n\ud83d\udd34 Fedora Rawhide (\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438)\n\ud83d\udd34 Kali Linux \n\ud83d\udd34 openSUSE Tumbleweed \u0438 MicroOS \n\n\u0414\u0440\u044f\u043d\u044c \u043d\u0435 \u0431\u044b\u043b\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0432 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b: Debian Stable, RHEL, Suse Linux Enterprise.\nArch Linux \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u0445\u043e\u0442\u044f \u0432 \u043e\u0431\u0440\u0430\u0437\u0430\u0445 \u0431\u044b\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b, \u0438\u0437-\u0437\u0430 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u043b\u0438\u043d\u043a\u043e\u0432\u043a\u0438 openssh \u0438 liblzma \u0432 Arch \u0431\u044d\u043a\u0434\u043e\u0440 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c. \u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u043e \u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u0441\u043a\u0430\u0437\u0430\u043d\u043e \u043f\u0440\u043e Fedora 40 \u2014 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0431\u044b\u043b\u0438, \u043d\u043e \u0442\u0440\u043e\u044f\u043d \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442.\n\n\u0414\u043b\u044f \u0441\u043e\u043c\u043d\u0435\u0432\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0443\u0436\u0435 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043e Yara-\u043f\u0440\u0430\u0432\u0438\u043b\u043e.\n\u0422\u0435\u043c, \u043a\u0442\u043e \u0443\u0441\u043f\u0435\u043b \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u044f\u043d\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442.\n\n\u0414\u0435\u0442\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0434\u043b\u0438\u043b\u0430\u0441\u044c \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432 \u0441\u0435\u0431\u044f \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044e, \u0432\u044b\u0442\u0435\u0441\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438 \u0444\u0435\u0439\u043a\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0430\u0432\u043b\u0438\u0432\u0430\u043d\u0438\u044f \u043d\u0443\u0436\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043a\u0430\u043a \u0432 \u0441\u0430\u043c\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 XZ, \u0442\u0430\u043a \u0438 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445, \u043a\u0443\u0434\u0430 \u043e\u043d\u0430 \u0432\u0445\u043e\u0434\u0438\u0442.  \n\n\u041d\u0430\u0434\u0435\u0436\u0434\u044b \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u041f\u041e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0433\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b open source, \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0436\u0435\u0441\u0442\u043e\u0447\u0430\u0442 \u00ab\u0444\u0435\u0439\u0441-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u00bb \u044d\u0442\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432, \u0443 \u0440\u0435\u0434\u0430\u043a\u0446\u0438\u0438, \u0447\u0435\u0441\u0442\u043d\u043e \u0433\u043e\u0432\u043e\u0440\u044f, \u043d\u0435\u0442. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0431\u0443\u0434\u0435\u043c \u043d\u0430\u0434\u0435\u044f\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0418\u0411 \u0432 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e \u043d\u0430\u043b\u0430\u0434\u0438\u0442 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0439 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0438 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0430\u043d\u043e\u043c\u0430\u043b\u0438\u0439 \u0432 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0435 \u0432\u0441\u0435\u0439 \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b. \ud83d\ude0f\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-04-01T08:13:33.000000Z"}, {"uuid": "5e692bd4-a505-42b4-8a50-80c75a0564a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/kasperskyb2b/1210", "content": "\ud83d\udc40 \u041a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043b\u0438 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 Linux \u0431\u044d\u043a\u0434\u043e\u0440 \u0432 XZ Utils? \n\n\u041a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u0418\u0433\u043e\u0440\u044f \u041a\u0443\u0437\u043d\u0435\u0446\u043e\u0432\u0430, \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f Kaspersky GReAT:\n\n\ud83d\udcac \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u043e\u0447\u0435\u043d\u044c \u043c\u043d\u043e\u0433\u043e, \u0442\u0440\u0443\u0434\u043d\u043e \u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0440\u043e \u043a\u0430\u0436\u0434\u044b\u0439 \u043e\u0434\u043d\u043e\u0437\u043d\u0430\u0447\u043d\u043e. \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044c\u0442\u0435, \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u043b\u0438 \u0443 \u0432\u0430\u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 XZ Utils 5.6.0 \u0438\u043b\u0438 5.6.1.  \u0415\u0441\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u0430\u044f, \u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0443\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.\n\n\u041f\u043e\u043a\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u0435\u0439\u0441\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-3094 \u043c\u044b \u043d\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438. \u041f\u043e\u0432\u0435\u0437\u043b\u043e, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0443 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u043f\u0430\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u0432  \u0441\u0443\u043f\u0435\u0440-\u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435 \u0438 rolling-\u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0440\u0430\u0437\u0443 \u0437\u0430\u0431\u0438\u0440\u0430\u044e\u0442 \u0441\u0432\u0435\u0436\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u043e\u0432. \u0414\u043e \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0432 \u0446\u0435\u043b\u043e\u043c \u043d\u0435 \u0443\u0441\u043f\u0435\u043b\u0438 \u0434\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f. \n\n\u0415\u0441\u043b\u0438 \u0431\u044b \u0441 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435\u043c \u00ab\u0437\u0430\u043a\u043b\u0430\u0434\u043a\u0438\u00bb \u043e\u043f\u043e\u0437\u0434\u0430\u043b\u0438, \u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u044d\u0442\u0430 \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b \u0441\u0442\u0430\u0442\u044c \u0441\u0430\u043c\u043e\u0439 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u043e\u0439 \u043d\u0430 \u044d\u043a\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u0443 Linux \u0437\u0430 \u0432\u0441\u044e \u0438\u0441\u0442\u043e\u0440\u0438\u044e \u0435\u0451 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f. \n\n@\u041f2\u0422", "creation_timestamp": "2024-04-02T17:12:38.000000Z"}, {"uuid": "f8378806-0f56-4256-be3c-6889199bea9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/cybersecgame/189", "content": "CVE-2024-3094 \u2014 \u044d\u0442\u043e \u0432\u0441\u0451, \u043a\u0430\u043a \u043c\u044b \u0442\u0443\u0442 \u043b\u044e\u0431\u0438\u043c. \n\n\u0412\u043e \u043f\u0435\u0440\u0432\u044b\u0445, \u0435\u0441\u043b\u0438 \u0432\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435 \u043b\u044e\u0431\u043e\u0439 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0439 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 linux,, \u0441\u0440\u043e\u0447\u043d\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u0432\u0430\u0441 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f, \u0442\u043e \u0431\u0438\u0448\u044c xz/liblzma \u0443 \u0432\u0430\u0441 \u0414\u041e \u0432\u0435\u0440\u0441\u0438\u0438 5.6.0. \n\n\u0412\u043e \u0432\u0442\u043e\u0440\u044b\u0445, \u043a\u0430\u043a\u0430\u044f \u0438\u0441\u0442\u043e\u0440\u0438\u044f. \u0424\u043e\u0440\u043c\u0430\u0442 xz, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0441\u0436\u0430\u0442\u0438\u044f LZMA2, \u0431\u044b\u043b \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u043d \u0432 2007 \u0433\u043e\u0434\u0443 \u0432\u043e\u0441\u0442\u043e\u0440\u0436\u0435\u043d\u043d\u044b\u043c \u0448\u0438\u0444\u0440\u043e\u043f\u0430\u043d\u043a\u043e\u043c \u043f\u043e \u0438\u043c\u0435\u043d\u0438 \u041b\u0430\u0441\u0441\u0435 \u041a\u043e\u043b\u043b\u0438\u043d. \u0412\u043e\u043e\u0431\u0449\u0435, \u043e\u043d \u0442\u0430\u043c \u0441\u043e\u0431\u0438\u0440\u0430\u043b\u0441\u044f \u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 Linux \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Slackware, \u043f\u043e\u043c\u0435\u0449\u0430\u044e\u0449\u0438\u0439\u0441\u044f \u043d\u0430 \u043e\u0434\u0438\u043d \u043a\u043e\u043c\u043f\u0430\u043a\u0442-\u0434\u0438\u0441\u043a, \u043d\u043e, \u043d\u0430\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u0443\u0434\u0438\u0442\u044c, \u0434\u043e \u044d\u0442\u043e\u0433\u043e \u0434\u0435\u043b\u043e \u043d\u0435 \u0434\u043e\u0448\u043b\u043e. \u0410 \u0432\u043e\u0442 xz \u043f\u043e\u0448\u0435\u043b \u0432 \u043c\u0430\u0441\u0441\u044b \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u043b\u0441\u044f \u041b\u0430\u0441\u0441\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0434\u043e 2022 \u0433\u043e\u0434\u0430. \n\n\u0422\u043e \u043b\u0438 \u043f\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0435 \u0441\u0432\u043e\u0435\u0439 \u044d\u043c\u043e\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0442\u043e \u043b\u0438 \u0435\u0449\u0451 \u043f\u043e \u043a\u0430\u043a\u0438\u043c \u0441\u043e\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c, \u0432 2022 \u0433\u043e\u0434\u0443, \u041b\u0430\u0441\u0441\u0435 \u0431\u044b\u043b \u0432\u0437\u044f\u0442 \u0432 \u043e\u0431\u043e\u0440\u043e\u0442 \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u0442\u0440\u0451\u0445\u0431\u0443\u043a\u0432\u0435\u043d\u043d\u043e\u0439 (\u0438\u043b\u0438, \u0441\u043a\u043e\u0440\u0435\u0435, \u0442\u0440\u0451\u0445\u0438\u0435\u0433\u0440\u043e\u0433\u043b\u0438\u0444\u043e\u0432\u043e\u0439) \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043d\u0435\u0445\u0438\u0442\u0440\u044b\u0445 (\u043d\u043e \u0434\u043b\u044f \u0436\u0435\u0440\u0442\u0432\u044b \u0432\u0435\u0441\u044c\u043c\u0430 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0445) \u043f\u0441\u0438\u0445\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u043a\u0438\u0445 \u0442\u0440\u044e\u043a\u043e\u0432 \u043f\u0440\u0438\u043d\u0443\u0436\u0434\u0451\u043d \u043a \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043d\u0435\u043a\u0438\u043c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c \u043b\u0438\u0447\u043d\u043e\u0441\u0442\u044f\u043c.\n\n\u041b\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u0438 \u043f\u043e\u0442\u043e\u043c \u043f\u0440\u043e\u0434\u0435\u043b\u0430\u043b\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0438 \u0441\u043b\u043e\u0436\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443, \u0447\u0442\u043e\u0431\u044b \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0432 xz \u044d\u0442\u043e\u0442 \u0441\u0430\u043c\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 \u0438 \u0445\u043e\u0440\u043e\u0448\u043e \u0435\u0433\u043e \u0441\u043f\u0440\u044f\u0442\u0430\u0442\u044c. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c, \u043e\u043d\u0438 \u0441\u0442\u0430\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043d\u0430\u0434 \u0441\u0430\u043c\u0438\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c. \u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043e\u043d\u0438 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f\u0442 \u0448\u0432\u0435\u0434\u0441\u043a\u0438\u0445 \u043f\u0435\u0440\u0435\u0432\u043e\u0434\u0447\u0438\u043a\u043e\u0432 \u0437\u0430 \u043f\u0435\u0440\u0435\u0432\u043e\u0434 XZ Utils \u043d\u0430 \u0448\u0432\u0435\u0434\u0441\u043a\u0438\u0439.\n\n\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u0441\u043c\u0435\u0448\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0431\u044b\u043b \u0432\u043d\u0435\u0434\u0440\u0451\u043d \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041d\u043e \u041b\u0430\u0441\u0441\u0435 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0442\u0435\u0441\u0442\u043e\u0432 \u0438 \u0432\u0441\u0451 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u043d\u0430 \u0433\u043b\u0430\u0437\u043e\u043a. \u0422\u043e \u0435\u0441\u0442\u044c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0432\u0441\u0435 \u0442\u0435\u0441\u0442\u044b \u0441\u0430\u043c\u0438. \u0421 \u043d\u0443\u043b\u044f.\n\n\u0412\u043e \u0432\u0441\u0451\u043c \u044d\u0442\u043e\u043c \u0435\u0441\u0442\u044c \u0445\u043e\u0440\u043e\u0448\u0438\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0438 \u0435\u0441\u0442\u044c \u043f\u043b\u043e\u0445\u0438\u0435.\n\n\u0418\u0437 \u0445\u043e\u0440\u043e\u0448\u0438\u0445: \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0441\u043f\u0440\u044f\u0442\u0430\u0442\u044c \u0431\u044d\u043a\u0434\u043e\u0440, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0442\u044b \u0442\u0430\u043b\u0430\u043d\u0442\u043b\u0438\u0432\u044b\u0439 \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0449\u0438\u043a, \u043d\u0435 \u0442\u0430\u043a \u043f\u0440\u043e\u0441\u0442\u043e, \u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430 \u0441\u044b\u0433\u0440\u0430\u043b\u0430 \u0432 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0435 \u0433\u043b\u0430\u0432\u043d\u0443\u044e \u0440\u043e\u043b\u044c. \u041a\u0430\u043a \u043c\u044b \u0443\u0432\u0438\u0434\u0438\u043c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0430\u043c \u043d\u0438\u0436\u0435, \u0432\u0441\u0451 \u043d\u0430\u0447\u0430\u043b\u043e\u0441\u044c \u0441 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a Microsoft  \u0410\u043d\u0434\u0440\u0435\u0441 \u0424\u0440\u0435\u043d\u0434  \u043e\u0431\u0440\u0430\u0442\u0438\u043b \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 ssh \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0442\u043e\u043c \u043f\u043e\u043b\u0435\u0437 \u0432 \u043a\u043e\u0434 \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0442\u044c\u0441\u044f. \u041f\u0440\u0438\u0447\u0451\u043c, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043e\u043d \u0437\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u043e\u0432 \u0441\u043b\u043e\u043c\u0430\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0447\u0442\u0438 \u0434\u0432\u0443\u0445\u043b\u0435\u0442\u043d\u044e\u044e \u0440\u0430\u0431\u043e\u0442\u0443: \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0438\u043c \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c.\n\n\u0418\u0437 \u043f\u043b\u043e\u0445\u0438\u0445 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0432\u0441\u0451 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435. \u041c\u044b \u0431\u0435\u0437 \u043f\u043e\u043d\u044f\u0442\u0438\u044f, \u0432 \u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0435\u0449\u0451 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445 \u044d\u0442\u0438 \u0440\u0435\u0431\u044f\u0442\u0430 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u044e\u0442 \u043c\u044d\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u043c\u0438 \u043f\u043e\u0434 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0437\u043d\u0430\u0447\u0430\u044e\u0449\u0438\u043c\u0438 \u0438\u043c\u0435\u043d\u0430\u043c\u0438. \u0414\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u043a\u0430\u0436\u0434\u044b\u043c \u0441\u043e\u0444\u0442\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u044a\u0435\u0434\u043b\u0438\u0432\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438. \n\n\u041d\u0443 \u0438 \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043c\u043e\u0437\u0433 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c \u043d\u0438\u0447\u0443\u0442\u044c \u043d\u0435 \u043c\u0435\u043d\u044c\u0448\u0435, \u0447\u0435\u043c \u0435\u0433\u043e \u043a\u043e\u0434.\n\n\u041b\u0438\u0442\u0435\u0440\u0430\u0442\u0443\u0440\u0430: \n\nhttps://www.opennet.ru/opennews/art.shtml?num=60880 \u2014 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u043f\u0440\u0438\u0432\u0435\u0434\u0448\u0438\u0445 \u043a \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0431\u044d\u043a\u0434\u043e\u0440\u0430\nhttps://mastodon.social/@AndresFreundTec/112180406142695845 \u2014 \u0410\u043d\u0434\u0440\u0435\u0441 \u0424\u0440\u0435\u043d\u0434 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u043a\u0430\u043a \u043e\u043d \u043e\u0431\u0440\u0430\u0442\u0438\u043b \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u043d\u043e\u0441\u0442\u0438 \u0441 ssh\nhttps://news.ycombinator.com/item?id=39866275 \u2014 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e \u0442\u043e, \u043a\u0430\u043a \u043d\u043e\u0432\u044b\u0435 \u043c\u044d\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u044b xz \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0431\u044d\u043a\u0434\u043e\u0440\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.", "creation_timestamp": "2024-03-30T21:09:07.000000Z"}, {"uuid": "9deba1e8-4e85-445e-8465-84b2fd918fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/175", "content": "https://github.com/amlweems/xzbot\n\nnotes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)\n#github", "creation_timestamp": "2024-04-02T18:49:27.000000Z"}, {"uuid": "4b29bdcd-8f8e-4ee6-aabc-3ba5c9cf3bd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/gIW_zzZ8Jc3unS9qNWyhXmgnmAQ4QGTMdNVUcAoQdepAmw", "content": "", "creation_timestamp": "2024-03-30T07:10:48.000000Z"}, {"uuid": "caad58b7-4a86-4305-8417-d1adb9c11aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/qVsNm-xinAf9z2V3PlM-k8mWaM_eZ4OrWB55rNSRie8mMg", "content": "", "creation_timestamp": "2024-04-02T04:07:30.000000Z"}, {"uuid": "b0d46163-8730-4948-b2cb-906664386f09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/Ozv7Gd11TeivbOo4UpJTHyd7sUF8pJqORb88zxd_aDcU", "content": "", "creation_timestamp": "2024-04-02T00:26:56.000000Z"}, {"uuid": "56a5597a-dbb7-49fe-bc81-6e53f6e91d74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/b9EQiFqv9yDf7plTFTEHCXSciDdEEr9T62h59kT5mVY7", "content": "", "creation_timestamp": "2024-03-30T23:32:22.000000Z"}, {"uuid": "f6fcf213-69bd-4fe0-b2c7-879a97d09c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/PYWy3JRYrp_CW9rZeuDmR764f-OTdoIsbx1FoofpoHde2w", "content": "", "creation_timestamp": "2024-04-02T04:01:27.000000Z"}, {"uuid": "2abc26f3-ae82-49b1-a06d-de700ec455b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/6ZyAOCp0sr6Be3kwi7KF89u8hxyMjFVyZm38MhQqhu8ZAA", "content": "", "creation_timestamp": "2024-10-01T23:42:23.000000Z"}, {"uuid": "82077bed-f9f6-4af7-8324-d9fcb63e05d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/Hacker501/2266", "content": "\u0639\u062b\u0631 \u0628\u0627\u062d\u062b\u0648\u0646 \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0641\u064a \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 5.6.0 \u06485.6.1 \u0645\u0646 \u0623\u062f\u0627\u0629 \u0641\u0643 \u0627\u0644\u0636\u063a\u0637 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 XZ Utils \u0641\u064a \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 , \u0648\u0647\u064a \u0623\u062f\u0627\u0629 \u062a\u0634\u0628\u0647 WinRAR \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 \u060c \u0648\u062a\u0645 \u0627\u0639\u0637\u0627\u0621 \u0627\u0644\u062e\u0644\u0644 \u0627\u0644\u0630\u064a \u064a\u062d\u0645\u0644 \u0627\u0644\u0631\u0645\u0632 CVE-2024-3094 \u062f\u0631\u062c\u0629 \u0639\u0627\u0644\u064a\u0629 \u0645\u0646 \u0627\u0644\u062e\u0637\u0648\u0631\u0629.\n\n\u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0648\u062c\u062f \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0627\u062d\u062b\u064a\u0646 \u0623\u0646 \u0647\u0630\u0627 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0645\u0635\u0627\u062f\u0642\u0629 sshd (\u0639\u0645\u0644\u064a\u0629 \u062e\u0627\u062f\u0645 OpenSSH)\u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0639\u0646 \u0628\u0639\u062f \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u060c \u0627\u0633\u062a\u0646\u0627\u062f\u064b\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0642\u062f \u062a\u0628\u062f\u0648 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \"\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\" \u060c \u0648\u0644\u0643\u0646 \u0627\u0644\u062d\u0642\u064a\u0642\u0629 \u0647\u064a \u0623\u0646\u0647\u0627 \"\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f ( RCE ). \u064a\u0639\u062a\u0631\u0636 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0648\u0638\u064a\u0641\u0629 RSA_public_decrypt \u060c \u0648\u064a\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0645\u0636\u064a\u0641 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0645\u0641\u062a\u0627\u062d \u0627\u0644\u062b\u0627\u0628\u062a Ed448\u060c \u0648\u0625\u0630\u0627 \u062a\u0645 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647 \u0628\u0646\u062c\u0627\u062d \u060c \u0641\u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0636\u0627\u0631\u0629 \u0627\u0644\u062a\u064a \u0645\u0631\u0631\u0647\u0627 \u0627\u0644\u0645\u0636\u064a\u0641 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 system \u060c \u062f\u0648\u0646 \u062a\u0631\u0643 \u0623\u064a \u0623\u062b\u0631 \u0641\u064a \u0633\u062c\u0644\u0627\u062a sshd.\n\n\u0627\u0644\u0634\u064a\u0621 \u0627\u0644\u0645\u0628\u0634\u0631 \u0623\u0646\u0647 \u0644\u064a\u0633\u062a \u0643\u0644 \u0623\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633 \u0645\u0635\u0627\u0628\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u060c \u0648\u0630\u0644\u0643 \u0643\u0648\u0646 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0645\u0646 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0628\u064a\u0646  26 \u064829 \u0645\u0627\u0631\u0633 \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u062a\u0648\u0632\u064a\u0639\u0629 Kali Linux \u060c \u0623\u064a \u0623\u0646 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u064a \u0642\u0627\u0645\u062a \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0641\u062a\u0631\u0629 \u0647\u064a \u0641\u0642\u0637 \u0627\u0644\u0645\u0635\u0627\u0628\u0629.\n@Hacker501", "creation_timestamp": "2024-04-02T04:27:55.000000Z"}, {"uuid": "2132632b-cb27-4d94-9e9c-688ada6ce751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/bizone_channel/1166", "content": "\ud83e\udd51 \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0443\u0433\u0440\u043e\u0437 \u0441 BI.ZONE TDR \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 XZ Utils\n\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432\u0441\u0442\u0440\u043e\u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440 \u0432 XZ Utils \u2014 \u043d\u0430\u0431\u043e\u0440 \u0443\u0442\u0438\u043b\u0438\u0442 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u041d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-3094 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u0438 \u0443\u0441\u043f\u0435\u043b\u0430 \u043e\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b Linux: Fedora, Debian, OpenSUSE \u0438 Kali Linux.\n\n\u0427\u0442\u043e\u0431\u044b \u0431\u044b\u0441\u0442\u0440\u043e \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 BI.ZONE TDR \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044e threat prediction.\n\n\u0410 \u0447\u0442\u043e \u043e\u043d\u0430 \u0432 \u0441\u0435\u0431\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0438 \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043d\u0430\u0448\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u0432 \u043d\u043e\u0432\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435.\n\n\u0427\u0438\u0442\u0430\u0442\u044c", "creation_timestamp": "2024-04-04T13:21:59.000000Z"}, {"uuid": "6c6b786d-b480-4d30-a272-82ad0dd639db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/iGW_5A0oZkZcyB-GkqlrOVgdjCeQTucngSvvwjWlsOYRomA", "content": "", "creation_timestamp": "2024-03-30T17:23:45.000000Z"}, {"uuid": "93866325-370e-4c3a-a4f5-15d5b43266de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/C7u9QpeQ92IC0QS9OsD3DCLeqLmlRefwtQGi1Kn6TAhF9g", "content": "", "creation_timestamp": "2024-04-02T19:26:11.000000Z"}, {"uuid": "a97dd0fe-1c76-4a4c-a156-2aa12676b8a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/P55dCue9-7LMN-Lc0-XDOTkh4IIUjqBqoh0vjK4epZiAs1I", "content": "", "creation_timestamp": "2024-04-02T16:08:07.000000Z"}, {"uuid": "ba7637cc-d923-4a88-a398-f58188d57b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/172", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot", "creation_timestamp": "2024-04-02T18:47:06.000000Z"}, {"uuid": "8c0ad209-af1f-4c90-8691-72456f1842a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/E1NvmT5cv7fjMNsN9m7amKF9Pnc52WoiTKu2uvjaIrXlN0Y", "content": "", "creation_timestamp": "2024-04-02T18:45:34.000000Z"}, {"uuid": "7a800989-d320-4663-8183-11290039a6b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cyber_1_world/36061", "content": "\u0627\u0644\u0646\u0627\u0633 \u0627\u0644\u0644\u064a \u0628\u064a\u0633\u062a\u062e\u062f\u0645\u0648\u0627 \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 \u0632\u064a\u064a \u0643\u062f\u0647\n\u0639\u0646\u062f\u0649 \u0644\u064a\u0643\u0645 \u0627\u062e\u0628\u0627\u0631 \u0627\u0644\u0649 \u062d\u062f \u0645\u0627 \u0645\u0642\u0644\u0642  \u0634\u0648\u064a\u0647\n\u0627\u0644\u0646\u0647\u0627\u0631\u062f\u0647 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 Backdoor \u0641\u064a \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 \u0645\u0646 \u0645\u0647\u0646\u062f\u0633 \u0633\u0648\u0641\u062a \u0648\u064a\u0631 \u0634\u063a\u0627\u0644 \u0641\u064a \u0645\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0644\u0627\u062d\u0638 \u0644\u0627\u062c \u0627\u0648 \u062a\u0623\u062e\u064a\u0631 500 \u0645\u0644\u0644\u064a \u0641\u064a \u0627\u0644\u062b\u0627\u0646\u064a\u0647 \u0641\u064a \u0627\u0644\u0628\u0631\u0648\u0633\u064a\u0633\u0648\u0631 \u0648 \u062d\u0633 \u0627\u0646 \u062f\u0647 \u0634\u0626 \u0645\u0631\u064a\u0628\n\n \n\u0648\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0640 Backdoor \u0639\u0646 \u0637\u0631\u064a\u0642 \u0645\u0643\u062a\u0628\u0629 LIBLZMA\n\u0627\u0644\u0636\u0631\u0631 \u0648\u0635\u0644 \u0644 RCE \u0639\u0646 \u0637\u0631\u064a\u0642 SSHD\n\nNumber: CVE-2024-3094\n\n\u0645\u0633\u0624\u0648\u0644\u064a\u0646 \u0627\u0644\u0627\u0646\u0638\u0645\u0629\n\nsudo apt-get update && apt-get upgrade\n\u062a\u0639\u062f\u064a\u0644 \u064a\u0627\u0634\u0628\u0627\u0628 \u0627\u0644\u0628\u0627\u0643 \u062f\u0648\u0631 \u062f\u064a \u0639\u0646\u062f \u0627\u0644\u0646\u0627\u0633 \u0627\u0644\u0644\u064a \u062d\u062f\u062b\u062a kali \u0645\u0646 \u064a\u0648\u0645 26 \u0644\u064a\u0648\u0645 29 \n\u0641\u0644\u0627\u0632\u0645 \u062a\u0639\u0645\u0644 \u062a\u062d\u062f\u064a\u062b \u062a\u0627\u0646\u064a \u062f\u0644\u0648\u0642\u062a\u064a \u0639\u0644\u0634\u0627\u0646 \u062b\u063a\u0631\u0629 \u0627\u0644\u0640 Backdoor \n\u0627\u0644\u0644\u064a \u0641\u064a \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0644\u064a \u0639\u0646\u062f\u0643 \u062f\u0644\u0648\u0642\u062a\u064a \u0645\u0645\u0643\u0646 \u062d\u062f \u064a\u0627\u062e\u062f \u0627\u0644\u0645\u0627\u0634\u064a\u0646 \u0643\u0644\u0647\u0627 \u0648\u0645\u0645\u0643\u0646 \u064a\u0631\u0641\u0639\u0647\u0627 \u0627\u0648\u0646\u0644\u0627\u064a\u0646 \u0641\u0645\u062a\u062d\u062f\u062b\u0634 \u0627\u0644\u0643\u0627\u0644\u064a \u0628 source's \n \u0645\u0646 \u0645\u0648\u0627\u0642\u0639 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629 \u062e\u0635\u0648\u0635\u0627 \u0625\u0646\u0643 \u0645\u0645\u0643\u0646 \u0645\u062a\u0643\u0648\u0646\u0634 \u0648\u0627\u062e\u062f \u0628\u0627\u0644\u0643 \u0625\u0646 \u0627\u0644\u0633\u0648\u0631\u0633\u0633 \u062f\u064a \u0628\u064a\u0628\u0642\u064a \u0641\u064a\u0647\u0627 Backdoor \u0623\u0648 \u0645\u0634 \u0635\u062d\u064a\u062d", "creation_timestamp": "2024-04-22T17:38:05.000000Z"}, {"uuid": "69815015-b9cb-4bf1-bd7c-2c771cfdd251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/4RSq0I0C4iQZhAJzQEKE6l0zYN3-fryDoOxblxQOsqyPqmKb", "content": "", "creation_timestamp": "2024-03-30T17:57:19.000000Z"}, {"uuid": "82cf6a81-e154-4c89-b829-7e927b3b2a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/mhjLvTO7kgOjFNFOYx91UXvRzSNYwc-Sopm7mB8pVgiHRAla", "content": "", "creation_timestamp": "2024-04-04T19:19:52.000000Z"}, {"uuid": "cfacbd09-2af9-4a54-9a62-c6546bf0dff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/Cyber_wise/364", "content": "An ssh honeypot with the XZ backdoor. CVE-2024-3094\n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot?s=35", "creation_timestamp": "2024-04-01T14:44:04.000000Z"}, {"uuid": "d70bc324-fed1-427c-be36-d40aacab8d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/vN3SCyQQqcB7zXYDdqLfDaroV83ugt5aM31P9hPLnbGbAqtd", "content": "", "creation_timestamp": "2024-08-31T12:47:08.000000Z"}, {"uuid": "a02b2a16-716c-45ea-a3d7-b3d7db5cf896", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/NIGQjUbXnx9gufkLY_qk9WXE5ehPCqVRH7HzPfZlAf2fCe_h", "content": "", "creation_timestamp": "2024-04-04T19:16:57.000000Z"}, {"uuid": "6bb78b00-3c9a-4513-b483-f4ba887aae18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/KLnJ-HOohSUd5k_lgqV2q_tNd3YQ0IPMWZ5dFZ2vn1e1ccaF", "content": "", "creation_timestamp": "2024-03-30T18:07:13.000000Z"}, {"uuid": "8ac2569e-6a8b-498f-9172-80e7bf5bf821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/K-HVLIcMO2H5c--vnWIEZ_jeCRlMkpBllmxGJiB0X9USPN9c", "content": "", "creation_timestamp": "2024-03-30T17:20:13.000000Z"}, {"uuid": "c00b44f1-dcc4-4b3d-812a-18cd03b61b6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/4q8lhx--T6mpEMtrrfNddAkRPXbuXwIYwsc71FZUvHV3ZiV8", "content": "", "creation_timestamp": "2024-03-30T17:20:36.000000Z"}, {"uuid": "5389acd3-56d1-4301-82a1-12d66cf2d5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/alBsn7Fip3o2Wogickoa47AGFlS3m4dIRhJmuF6gnnFnBpHc", "content": "", "creation_timestamp": "2024-03-30T16:48:05.000000Z"}, {"uuid": "0c46dade-7da7-459a-a8c8-63eb8031c742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4560", "content": "The Hacker News\nUrgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros\n\nRedHat on Friday released an \"urgent security alert\" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.\nThe software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils", "creation_timestamp": "2024-03-30T07:10:50.000000Z"}, {"uuid": "adec4cb9-3b6f-4e81-8e79-622ae27c108c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4787", "content": "The Hacker News\nMalicious Code in XZ Utils for Linux Systems Enables Remote Code Execution\n\nThe malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed.\nThe audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund", "creation_timestamp": "2024-04-02T19:25:38.000000Z"}, {"uuid": "01249049-d387-4d83-bc98-83dd3bbd60fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/YpTEOS-0HThMULUeqVfh3nuPunEO8dLvoLbwvs118EyYdg", "content": "", "creation_timestamp": "2024-04-02T01:51:55.000000Z"}, {"uuid": "5cb41805-f9b7-483b-975f-407e11d05013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/VasileiadisAnastasis/627", "content": "\ud83d\udd78\ufe0fXZ-utils backdoor (CVE-2024-3094)\n\n\ud83d\udd16#infosec #cybersecurity #hacking #pentesting #security \n\n\ud83d\udc64beacons.ai/cyberkid1987 \n\ud83d\udc64t.me/VasileiadisAnastasis\n\ud83d\udc65t.me/infosec101", "creation_timestamp": "2024-04-02T00:58:43.000000Z"}, {"uuid": "2ac108ed-e967-492e-9a88-88f879e5cc5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/HackerNewsAR/870", "content": "\u0639\u062b\u0631 \u0628\u0627\u062d\u062b\u0648\u0646 \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0641\u064a \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 5.6.0 \u06485.6.1 \u0645\u0646 \u0623\u062f\u0627\u0629 \u0641\u0643 \u0627\u0644\u0636\u063a\u0637 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 XZ Utils \u0641\u064a \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 , \u0648\u0647\u064a \u0623\u062f\u0627\u0629 \u062a\u0634\u0628\u0647 WinRAR \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 \u060c \u0648\u062a\u0645 \u0627\u0639\u0637\u0627\u0621 \u0627\u0644\u062e\u0644\u0644 \u0627\u0644\u0630\u064a \u064a\u062d\u0645\u0644 \u0627\u0644\u0631\u0645\u0632 CVE-2024-3094 \u062f\u0631\u062c\u0629 \u0639\u0627\u0644\u064a\u0629 \u0645\u0646 \u0627\u0644\u062e\u0637\u0648\u0631\u0629.\n\n\u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0648\u062c\u062f \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0627\u062d\u062b\u064a\u0646 \u0623\u0646 \u0647\u0630\u0627 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0645\u0635\u0627\u062f\u0642\u0629 sshd (\u0639\u0645\u0644\u064a\u0629 \u062e\u0627\u062f\u0645 OpenSSH)\u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0639\u0646 \u0628\u0639\u062f \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u060c \u0627\u0633\u062a\u0646\u0627\u062f\u064b\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0642\u062f \u062a\u0628\u062f\u0648 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \"\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\" \u060c \u0648\u0644\u0643\u0646 \u0627\u0644\u062d\u0642\u064a\u0642\u0629 \u0647\u064a \u0623\u0646\u0647\u0627 \"\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f ( RCE ). \u064a\u0639\u062a\u0631\u0636 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0648\u0638\u064a\u0641\u0629 RSA_public_decrypt \u060c \u0648\u064a\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0645\u0636\u064a\u0641 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0645\u0641\u062a\u0627\u062d \u0627\u0644\u062b\u0627\u0628\u062a Ed448\u060c \u0648\u0625\u0630\u0627 \u062a\u0645 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647 \u0628\u0646\u062c\u0627\u062d \u060c \u0641\u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0636\u0627\u0631\u0629 \u0627\u0644\u062a\u064a \u0645\u0631\u0631\u0647\u0627 \u0627\u0644\u0645\u0636\u064a\u0641 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 system \u060c \u062f\u0648\u0646 \u062a\u0631\u0643 \u0623\u064a \u0623\u062b\u0631 \u0641\u064a \u0633\u062c\u0644\u0627\u062a sshd.\n\n\u0627\u0644\u0634\u064a\u0621 \u0627\u0644\u0645\u0628\u0634\u0631 \u0623\u0646\u0647 \u0644\u064a\u0633\u062a \u0643\u0644 \u0623\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633 \u0645\u0635\u0627\u0628\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u060c \u0648\u0630\u0644\u0643 \u0643\u0648\u0646 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0645\u0646 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0628\u064a\u0646  26 \u064829 \u0645\u0627\u0631\u0633 \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u062a\u0648\u0632\u064a\u0639\u0629 Kali Linux \u060c \u0623\u064a \u0623\u0646 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u064a \u0642\u0627\u0645\u062a \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0641\u062a\u0631\u0629 \u0647\u064a \u0641\u0642\u0637 \u0627\u0644\u0645\u0635\u0627\u0628\u0629.", "creation_timestamp": "2024-04-01T23:56:59.000000Z"}, {"uuid": "0c8f6753-09fe-4258-a881-b787d95a92d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/1090", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot", "creation_timestamp": "2024-03-31T14:23:04.000000Z"}, {"uuid": "887773f5-0590-4138-96d5-5fcc3a65720c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/xPeWsBrOeBmQCuZHcmfCEoQEsGrrNOaOLAjQIkCPxYMOXg", "content": "", "creation_timestamp": "2024-04-02T18:39:33.000000Z"}, {"uuid": "ad1a8ea9-54a6-4c02-919d-a387c1e73864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/Wy-eaFeIaqxi02fW8ZcWzMAs4dZ34KBUehnh8cfsm-jhCg", "content": "", "creation_timestamp": "2024-03-30T07:21:31.000000Z"}, {"uuid": "07a29b18-a8b6-4974-992e-ce1db6cfaa67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/14236", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot", "creation_timestamp": "2024-04-02T18:45:36.000000Z"}, {"uuid": "cb8ba628-0a7b-4031-9c12-f0fdf81a0ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/ZZKyQwqZpC-1xrjHYYMJNwrg1BkAi1k7ReZnJM3tGh-XFRA", "content": "", "creation_timestamp": "2024-10-01T16:51:31.000000Z"}, {"uuid": "7ac74c59-dd8d-4671-8541-05d90a163c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/915", "content": "The Hacker News\nMalicious Code in XZ Utils for Linux Systems Enables Remote Code Execution\n\nThe malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed.\nThe audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund", "creation_timestamp": "2024-04-02T19:25:38.000000Z"}, {"uuid": "033674c6-e624-423e-8b3c-6777fb69adf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/872", "content": "The Hacker News\nUrgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros\n\nRedHat on Friday released an \"urgent security alert\" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.\nThe software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils", "creation_timestamp": "2024-03-30T07:10:50.000000Z"}, {"uuid": "2877dca8-f464-4440-bdeb-fb562f13822c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/KMPteam/840", "content": "\u0639\u062b\u0631 \u0628\u0627\u062d\u062b\u0648\u0646 \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0641\u064a \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 5.6.0 \u06485.6.1 \u0645\u0646 \u0623\u062f\u0627\u0629 \u0641\u0643 \u0627\u0644\u0636\u063a\u0637 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 XZ Utils \u0641\u064a \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 , \u0648\u0647\u064a \u0623\u062f\u0627\u0629 \u062a\u0634\u0628\u0647 WinRAR \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 \u060c \u0648\u062a\u0645 \u0627\u0639\u0637\u0627\u0621 \u0627\u0644\u062e\u0644\u0644 \u0627\u0644\u0630\u064a \u064a\u062d\u0645\u0644 \u0627\u0644\u0631\u0645\u0632 CVE-2024-3094 \u062f\u0631\u062c\u0629 \u0639\u0627\u0644\u064a\u0629 \u0645\u0646 \u0627\u0644\u062e\u0637\u0648\u0631\u0629.\n\n\u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0648\u062c\u062f \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0627\u062d\u062b\u064a\u0646 \u0623\u0646 \u0647\u0630\u0627 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0645\u0635\u0627\u062f\u0642\u0629 sshd (\u0639\u0645\u0644\u064a\u0629 \u062e\u0627\u062f\u0645 OpenSSH)\u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0639\u0646 \u0628\u0639\u062f \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u060c \u0627\u0633\u062a\u0646\u0627\u062f\u064b\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0642\u062f \u062a\u0628\u062f\u0648 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \"\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\" \u060c \u0648\u0644\u0643\u0646 \u0627\u0644\u062d\u0642\u064a\u0642\u0629 \u0647\u064a \u0623\u0646\u0647\u0627 \"\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f ( RCE ). \u064a\u0639\u062a\u0631\u0636 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0648\u0638\u064a\u0641\u0629 RSA_public_decrypt \u060c \u0648\u064a\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0645\u0636\u064a\u0641 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0645\u0641\u062a\u0627\u062d \u0627\u0644\u062b\u0627\u0628\u062a Ed448\u060c \u0648\u0625\u0630\u0627 \u062a\u0645 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647 \u0628\u0646\u062c\u0627\u062d \u060c \u0641\u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0636\u0627\u0631\u0629 \u0627\u0644\u062a\u064a \u0645\u0631\u0631\u0647\u0627 \u0627\u0644\u0645\u0636\u064a\u0641 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 system \u060c \u062f\u0648\u0646 \u062a\u0631\u0643 \u0623\u064a \u0623\u062b\u0631 \u0641\u064a \u0633\u062c\u0644\u0627\u062a sshd.\n\n\u0627\u0644\u0634\u064a\u0621 \u0627\u0644\u0645\u0628\u0634\u0631 \u0623\u0646\u0647 \u0644\u064a\u0633\u062a \u0643\u0644 \u0623\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633 \u0645\u0635\u0627\u0628\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u060c \u0648\u0630\u0644\u0643 \u0643\u0648\u0646 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0645\u0646 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 \u062a\u0645 \u0632\u0631\u0639\u0647\u0627 \u0628\u064a\u0646  26 \u064829 \u0645\u0627\u0631\u0633 \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u062a\u0648\u0632\u064a\u0639\u0629 Kali Linux \u060c \u0623\u064a \u0623\u0646 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u064a \u0642\u0627\u0645\u062a \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0641\u062a\u0631\u0629 \u0647\u064a \u0641\u0642\u0637 \u0627\u0644\u0645\u0635\u0627\u0628\u0629.", "creation_timestamp": "2024-04-02T02:13:23.000000Z"}, {"uuid": "f71addbe-051f-4eb9-ac35-b0fb2f78e45e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/KomunitiSiber/1731", "content": "XZ Utils CVE-2024-3094: A Tale of Broken Trust, Curious Persistence, and a Call to Action\nhttps://www.hackerone.com/vulnerability-management/cve-2024-3094\n\nLearn about a backdoor vulnerability, its impacts, and the importance of securing open source.", "creation_timestamp": "2024-04-03T19:59:09.000000Z"}, {"uuid": "0ce9d284-d2dd-42e5-a894-97c6fe100f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/KomunitiSiber/1724", "content": "Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution\nhttps://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html\n\nThe malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed.\nThe audacious supply chain compromise, tracked as\u00a0CVE-2024-3094\u00a0(CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund", "creation_timestamp": "2024-04-02T16:16:50.000000Z"}, {"uuid": "15c5e4d2-3d7b-419f-97b1-39ecad5044f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/KomunitiSiber/1715", "content": "Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros\nhttps://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html\n\nRedHat on Friday released an \"urgent security alert\" warning that two versions of a popular data compression library called\u00a0XZ Utils\u00a0(previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.\nThe software supply chain compromise, tracked as\u00a0CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils", "creation_timestamp": "2024-03-30T07:07:02.000000Z"}, {"uuid": "03842494-1258-4e78-a7a8-902a2981d6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "Telegram/gtxx4RE8GHtJT2JlTQ_6-BG2tvbPnnnnExDfcMYJsOVIelI", "content": "", "creation_timestamp": "2025-04-16T23:00:05.000000Z"}, {"uuid": "adbadea1-335a-4b8d-bc8f-2d242eddfc49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/M_3_7_1/35254", "content": "\u200f\u0627\u0630\u0627 \u0643\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 #Linux \u0648\u062a\u062d\u0628 \u062a\u062a\u0627\u0643\u062f \u0627\u0646\u0643 \u063a\u064a\u0631 \u0645\u0635\u0627\u0628 \u0628\u062b\u063a\u0631\u0629 \ud83d\udc48 CVE-2024-3094 \ud83d\udc49\n\n\u0627\u0633\u062a\u062e\u062f\u0645 \u0647\u0630\u0647 \u0627\u0644\u0627\u062f\u0627\u0629\nhttps://github.com/jfrog/cve-2024-3094-tools/tree/main/cve-2024-3094-detector", "creation_timestamp": "2024-07-16T02:05:58.000000Z"}, {"uuid": "fcbae249-a996-4418-b797-d4bd04718a2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/4072", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot", "creation_timestamp": "2024-03-31T13:52:41.000000Z"}, {"uuid": "b6c54268-c507-4ecd-a49d-266f54ccf052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/28351", "content": "\ud83d\udd27 CVE Exploitation Tools (2024\u20132025)\n\n1. CVE-2024-25600 \u2013 WordPress Bricks Builder RCE\n\n2. CVE-2024-24919 \u2013 Check Point Security Gateway RCE\n\n3. CVE-2024-29025 \u2013 Netty HttpPostRequestDecoder DoS\n\n4. CVE-2024-21525 \u2013 node-twain Buffer Overflow\n\n5. CVE-2024-3094 \u2013 XZ Backdoor Detector\n\n6. CVE-2024-21515 \u2013 OpenCart Reflected XSS\n\n7. CVE-2024-21552 \u2013 SuperAGI Arbitrary Code Execution\n\n8. CVE-2024-56249 \u2013 WordPress WPMasterToolKit Arbitrary File Upload\n\n9. CVE-2024-24919 \u2013 Check Point VPN Exploit\n\n10. CVE-2024-24919 \u2013 Python Exploit Script\n\nPython script to exploit CVE-2024-24919 vulnerability.\n\nGitHub: LucasKatashi/CVE-2024-24919\n\n11. CVE-2024-24919 \u2013 Exploit PoC\n\nProof-of-Concept for exploiting CVE-2024-24919.\n\nGitHub: seed1337/CVE-2024-24919-POC\n\n12. CVE-2024-24919 \u2013 Check Point Remote Access VPN Exploit\n\nScripts to exploit CVE-2024-24919 in Check Point VPNs.\n\nGitHub: Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN\n\n13. CVE-2024-25600 \u2013 Alternate Exploit Script\n\nAnother implementation to exploit Bricks Builder RCE.\n\nGitHub: meli0dasH4ck3r/cve-2024-25600\n\n14. CVE-2024-25600 \u2013 Exploit Script\n\nPython script to exploit Bricks Builder RCE vulnerability.\n\nGitHub: K3ysTr0K3R/CVE-2024-25600-EXPLOIT \n\n\n\ud83d\udd27 CVE Exploitation Tools & Frameworks\n\n1. trickest/cve\n\n\ud83d\udd17 https://github.com/trickest/cve\n\n2. PayloadsAllTheThings \u2013 CVE Exploits\n\n\ud83d\udd17 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits/README.md\n\n3. qazbnm456/awesome-cve-poc\n\n\ud83d\udd17 https://github.com/qazbnm456/awesome-cve-poc\n\n4. intel/cve-bin-tool\n\n\ud83d\udd17 https://github.com/intel/cve-bin-tool\n\n5. cve-search/cve-search\nN\n\n\ud83d\udd17 https://github.com/cve-search/cve-search\n\n6. vertoforce/CVE-Enrichment\n\n\ud83d\udd17 https://github.com/vertoforce/CVE-Enrichment\n\n7. TURROKS/CVE_Prioritizer\n\n\ud83d\udd17 https://github.com/TURROKS/CVE_Prioritizer\n\n8. clearlinux/cve-check-tool\n\n\ud83d\udd17 https://github.com/clearlinux/cve-check-tool\n\n9. cddmp/cvecheck\n\n\ud83d\udd17 https://github.com/cddmp/cvecheck\n\n10. center-for-threat-informed-defense/attack_to_cve\n\nMaps MITRE ATT&CK techniques to CVEs to characterize vulnerability impacts.\n\n\ud83d\udd17 https://github.com/center-for-threat-informed-defense/attack_to_cve\n\n\n\ud83e\uddea Specific CVE Exploit Tools\n\n11. CVE-2024-25600 Exploit Tool\n\nDesigned to exploit a vulnerability in the Bricks Builder plugin for WordPress.\n\n\ud83d\udd17 https://github.com/Chocapikk/CVE-2024-25600\n\n12. RevoltSecurities/CVE-2024-24919\n\nTool to detect and exploit CVE-2024-24919 vulnerability.\n\n\ud83d\udd17 https://github.com/RevoltSecurities/CVE-2024-24919\n\n13. ROCA Detection Tool\n\nDetects RSA keys vulnerable to the ROCA vulnerability (CVE-2017-15361).\n\n\ud83d\udd17 https://github.com/crocs-muni/roca\n\n\ud83d\udee0\ufe0f Additional Tools & Resources\n\n14. Goby\n\nA network security assessment tool that can scan for vulnerabilities and map attack surfaces.\n\n\ud83d\udd17 https://github.com/gobysec/Goby\n\n15. awesome-pentestu\n\nA curated list of penetration testing resources, including tools for CVE exploitation.\n\n\ud83d\udd17 https://github.com/enaqx/awesome-pentest\n\n16. awesome-bugbounty-tools\n\nA collection of tools useful for bug bounty hunting, some of which relate to CVE exploitation.\n\n\ud83d\udd17 https://github.com/vavkamil/awesome-bugbounty-tools\n\n17. cyberguideme/Tools\n\nA repository of various cybersecurity tools, including those for exploiting known vulnerabilities.\n\n\ud83d\udd17 https://github.com/cyberguideme/Tools\n\n\n#GrayHats", "creation_timestamp": "2025-04-18T21:33:21.000000Z"}, {"uuid": "f6df1752-0795-4182-9eb4-45de62008f92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1984", "content": "xzbot (CVE-2024-3094)\n*\n\u0420\u0430\u0441\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u044f\nhoneypot\n+ \u0422\u0435\u0441\u0442\u043e\u0432\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f xz backdoor\n*\n\u041f\u043e\u0434\u043e\u0431\u0440\u0430\u0442\u044c\n\n#xz #backdoor", "creation_timestamp": "2024-04-02T15:22:35.000000Z"}, {"uuid": "fe538318-b76d-46f6-b0ee-595c074f6ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1981", "content": "xz-vulnerable-honeypot \n*\nSSH-\u0445\u0430\u043d\u0438\u043f\u043e\u0442 \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c XZ. CVE-2024-3094\n*\ndownload\n\n#xz #docker #honeypot", "creation_timestamp": "2024-03-31T12:21:35.000000Z"}, {"uuid": "410ce906-8858-49bb-9255-64f1c845614d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/breachdetector/492545", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"What is the CVE-2024-3094 Attack ? (Current Vulnerability)\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"10 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-10T19:24:21.000000Z"}, {"uuid": "d057df55-621e-4673-be86-ccb5b31277ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/breachdetector/494988", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2024-3094: What is Linux and Application Security ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"13 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-13T14:45:03.000000Z"}, {"uuid": "48c43ed8-8494-4f68-bd4e-4feb0b92df7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/breachdetector/494985", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2024-3094: Linux ve Uygulama G\u00fcvenli\u011fi Nedir ? T\u00fcrk\u00e7e Anlat\u0131m\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"13 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-13T14:19:58.000000Z"}, {"uuid": "703315ad-959e-4719-921e-ea79408b42e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/breachdetector/492546", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2024-3094 Sald\u0131r\u0131s\u0131 Nedir ? (G\u00fcncel A\u00e7\u0131k)\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"10 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-10T19:24:23.000000Z"}, {"uuid": "6c4d32b5-4d95-45bd-8f46-801d4ab2e921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "Telegram/r0ciHr8chfatJJIvASQMx6qY6x86dmTloz6LNAhDK7_nKxk", "content": "", "creation_timestamp": "2024-03-30T15:02:12.000000Z"}, {"uuid": "c5ed6811-4148-417e-8056-d778d2402aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cybersecs/2791", "content": "\u041f\u0435\u0440\u0435\u0432\u0456\u0440\u043a\u0430 \u043d\u0430 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0434\u043e CVE-2024-3094 \u044f\u043a\u0430 \u043f\u0440\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u044c \u0434\u043e\u00a0 RCE \u0432 \u0434\u0456\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u0437 \u0432\u0435\u0440\u0441\u0456\u0454\u044e xz 5.6.0 5.6.1. $ xz -v \u0430\u0431\u043e xz -- version .\u00a0\u00a0 \u042f\u043a\u0449\u043e \u0432\u0435\u0440\u0441\u0456\u044f 5.4.5 \u0430\u0431\u043e \u043c\u0435\u043d\u0448\u0430 - \u0432\u0441\u0435 \u0434\u043e\u0431\u0440\u0435. \u042f\u043a\u0449\u043e \u043d\u0456 \u0440\u043e\u0431\u0438\u043c\u043e \u0430\u0443\u0434\u0438\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u0438 \u043d\u0430 \u0432\u0442\u0440\u0443\u0447\u0430\u043d\u043d\u044f \u0432\u0438\u043c\u043a\u043d\u0443\u0432\u0448\u0438 ssh \u0437\u043e\u0432\u043d\u0456. \u041f\u0456\u0441\u043b\u044f \u0447\u043e\u0433\u043e \u0432\u0456\u0434\u043a\u0430\u0442\u0443\u0454\u043c\u043e \u0432\u0435\u0440\u0441\u0456\u044e \u0431\u0456\u0431\u043b\u0456\u043e\u0442\u0435\u043a\u0438 xz/liblzma. \u042f\u043a\u0449\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u043c\u043e \u043f\u0438\u043b\u044c\u043d\u0443\u0454\u043c\u043e \u0442\u0430 \u0432\u0438\u043c\u0438\u043a\u0430\u0454\u043c\u043e \u0441\u0441\u0445, \u0456 \u0443\u0441\u0435 \u0449\u043e \u043c\u043e\u0436\u0435 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438 \u0446\u044e \u0431\u0456\u0431\u043b\u0456\u043e\u0442\u0435\u043a\u0443. \u0414\u0435\u044f\u043a\u0456 \u0432\u0435\u0440\u0441\u0456\u0457 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0456\u0432 \u043c\u043e\u0436\u0443\u0442\u044c \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438 \u0457\u0457 \u0442\u0435\u0436.", "creation_timestamp": "2024-07-24T15:36:04.000000Z"}, {"uuid": "015c9d8b-51ad-440c-9f02-785c1492f7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/CyberSecurityIL/41601", "content": "\u05e9\u05d1\u05d5\u05e2 \u05d8\u05d5\u05d1, \u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05d7\u05d3\u05e9\u05d4 (\u05d3\u05d9\u05e8\u05d5\u05d2 10/10) \u05d4\u05e7\u05d9\u05d9\u05de\u05ea \u05d1\u05d7\u05dc\u05e7 \u05de\u05d4\u05d4\u05e4\u05e6\u05d5\u05ea \u05e9\u05dc \u05dc\u05d9\u05e0\u05d5\u05e7\u05e1 - CVE-2024-3094 \u26a0\ufe0f\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05d7\u05d3\u05e9\u05d4 \u05d4\u05d9\u05d0 \u05d1\u05e1\u05e4\u05e8\u05d9\u05d9\u05ea XZ Utils \u05d1\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea 5.6.0 \u05d5-5.6.1 \u05d5\u05d4\u05d4\u05de\u05dc\u05e6\u05d4 \u05d4\u05d9\u05d0 \u05dc\u05e9\u05e0\u05de\u05da \u05d7\u05d6\u05e8\u05d4 \u05dc\u05d2\u05e8\u05e1\u05d0 5.4.6.\n\n\u05d0\u05d6\u05d4\u05e8\u05d5\u05ea \u05d5\u05d4\u05e1\u05d1\u05e8\u05d9\u05dd \u05e2\u05dc \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05d7\u05d3\u05e9\u05d4 \u05d9\u05e6\u05d0\u05d5 \u05e2\u05dc \u05d9\u05d3\u05d9 CISA, Redhat, Debian, Kali \u05d5\u05e2\u05d5\u05d3.\n\n\u05e0\u05ea\u05d9 \u05de\u05e7\u05d1\u05d5\u05e6\u05ea \u05d4\u05d3\u05d9\u05d5\u05e0\u05d9\u05dd \u05d4\u05e4\u05e0\u05d4 \u05d0\u05ea \u05ea\u05e9\u05d5\u05de\u05ea \u05dc\u05d9\u05d1\u05d9 \u05dc\u05e9\u05e8\u05e9\u05d5\u05e8 \u05d1\u05d5 \u05e0\u05d8\u05e2\u05df \u05db\u05d9 \u05de\u05d9 \u05e9\u05d0\u05d7\u05e8\u05d0\u05d9 \u05dc\u05d9\u05e6\u05d9\u05e8\u05ea \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05d5\u05d0 \u05dc\u05d0 \u05e4\u05d7\u05d5\u05ea \u05de\u05d0\u05e9\u05e8 \u05d0\u05d7\u05d3 \u05de\u05d4\u05ea\u05d5\u05e8\u05de\u05d9\u05dd \u05d4\u05d5\u05d5\u05ea\u05d9\u05e7\u05d9\u05dd \u05e9\u05dc \u05d4\u05e1\u05e4\u05e8\u05d9\u05d4, \u05e0\u05e8\u05d0\u05d4 \u05db\u05d9 \u05d4\u05d7\u05d3\u05e8\u05ea \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05ea\u05d5\u05db\u05e0\u05e0\u05d4 \u05de\u05e8\u05d0\u05e9 \u05d1\u05e7\u05e4\u05d9\u05d3\u05d4.\n\n(\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e4\u05d5\u05e8\u05e1\u05de\u05d4 \u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d4\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea \u05d1\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9 \u05d1\u05e2\u05e8\u05d1).\n\nhttps://t.me/CyberSecurityIL/4904\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2024-03-30T18:30:59.000000Z"}, {"uuid": "b9a99e52-cbe5-40fe-954c-1f922b940a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/true_secator/5587", "content": "\u034f\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u0430\u044f \u043d\u0430 open source \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432 \u043d\u0430\u0431\u043e\u0440 \u0443\u0442\u0438\u043b\u0438\u0442 XZ Utils \u0431\u044b\u043b \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u0431\u044d\u043a\u0434\u043e\u0440, \u043f\u0440\u043e\u0441\u043e\u0447\u0438\u0432\u0448\u0438\u0439\u0441\u044f \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 Linux.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0441\u0430\u043c\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0431\u044b\u043b\u0430 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u043d\u0430\u0437\u0430\u0434 \u0438 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u043b\u0430 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432 \u0441\u0435\u0431\u044f \u0441\u043e\u0446\u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044e, \u0432\u044b\u0442\u0435\u0441\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u043c\u044d\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438 \u0444\u0435\u0439\u043a\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0430\u0432\u043b\u0438\u0432\u0430\u043d\u0438\u044f \u043d\u0443\u0436\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0432 XZ \u0438 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u0441 \u043d\u0435\u0439.  \n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043d\u0430\u0431\u043e\u0440 \u0443\u0442\u0438\u043b\u0438\u0442 XZ Utils \u0432\u0435\u0440\u0441\u0438\u0439 5.6.0 (\u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e 24 \u0444\u0435\u0432\u0440\u0430\u043b\u044f) \u0438 5.6.1 (\u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e 9 \u043c\u0430\u0440\u0442\u0430).\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e\u043c \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f Linux \u0438 macOS, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0441\u043f\u0435\u043b \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0440\u044f\u0434 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0445 \u0441\u0431\u043e\u0440\u043e\u043a.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 (CVE-2024-3094 c CVSS 10) \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0441\u043b\u0435\u0434\u043e\u0432 \u0432 \u043b\u043e\u0433\u0430\u0445 sshd.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0443 Microsoft \u0410\u043d\u0434\u0440\u0435\u0441\u0443 \u0424\u0440\u043e\u0439\u043d\u0434\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e\u00a0\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435\u00a0\u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443.\n\n\u0422\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 5.6.0 \u0438 5.6.1 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 Linux, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0432 \u043c\u0430\u0440\u0442\u0435: Alpine 5.6.0 - 5.6.1-r1, Debian (\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438) 5.5.1alpha-0.1 - 5.6.1-1, Fedora Rawhide (\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), Kali Linux, openSUSE Tumbleweed \u0438 MicroOS.\n\n\u041d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, Debian Stable.\n\n\u041f\u043e Arch Linux \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0432 \u0432\u0438\u0434\u0443 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u043b\u0438\u043d\u043a\u043e\u0432\u043a\u0438 openssh \u0438 liblzma \u0432 Arch \u0431\u044d\u043a\u0434\u043e\u0440 \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e \u0438 \u043f\u043e Fedora 40.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432 \u043d\u0438\u0445 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 XZ Utils. \u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e Yara-\u043f\u0440\u0430\u0432\u0438\u043b\u043e.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u043b\u043e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442.\n\n\u0410\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c, \u043e\u0434\u043d\u0430\u043a\u043e \u0441\u043b\u043e\u0436\u043d\u044b\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0440\u0430\u0431\u043e\u0442\u044b \u044d\u0442\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0438 \u0445\u0440\u043e\u043d\u043e\u043b\u043e\u0433\u0438\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0443\u0447\u0430\u0441\u0442\u0438\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0438\u0437\u043e\u0449\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u043d\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u043a\u0435\u043f\u0441\u0438\u0441 \u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u043b\u043e \u00ab\u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u0430\u043d\u043d\u043e\u0435 \u043f\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0441\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u00ab\u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0438 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432\u00bb.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-04-01T13:06:05.000000Z"}, {"uuid": "1c9ee6d6-2d25-4d08-bc77-eae3be15318c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5596", "content": "\u041f\u043e \u0441\u043b\u0435\u0434\u0430\u043c \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a XZ Utils (CVE-2024-3094) \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Binarly \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0441\u043a\u0430\u043d\u0435\u0440 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 \u0432 \u043b\u044e\u0431\u043e\u043c \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435 Linux.\n\n\u0417\u0430\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u0432 \u043e\u0441\u043d\u043e\u0432\u0443 \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043f\u043e\u0434\u0445\u043e\u0434 \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445 \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0441\u0442\u0440\u043e\u043a, \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u0435 \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0445\u044d\u0448\u0435\u0439 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 YARA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043b\u043e\u0436\u043d\u044b\u043c \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u044f\u043c.\n\nBinarly \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u043a\u0430\u043d\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432 \u0432 \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 GNU (IFUNC).\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043e\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u044b, \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u043a\u0430\u043a \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0440\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u043e\u0432 IFUNC.\n\n\u0410\u0442\u0440\u0438\u0431\u0443\u0442 IFUNC \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0430 GCC \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0434\u043d\u043e\u0439 \u0438 \u0442\u043e\u0439 \u0436\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u0431\u0438\u0440\u0430\u044e\u0442\u0441\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u0440\u0438\u0442\u0435\u0440\u0438\u0435\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0442\u0438\u043f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430.\n\n\u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c XZ \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0430\u0442\u0440\u0438\u0431\u0443\u0442 GNU Indirect Function (ifunc), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0443 GCC \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0442\u044c \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u044b\u0435 \u0432\u044b\u0437\u043e\u0432\u044b \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 XZ \u0438\u0437\u043c\u0435\u043d\u044f\u0435\u0442 \u0432\u044b\u0437\u043e\u0432\u044b ifunc \u0434\u043b\u044f \u0437\u0430\u043c\u0435\u043d\u044b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 is_arch_extension_supported, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c cpuid \u0434\u043b\u044f \u0432\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u044b\u0437\u043e\u0432\u0430 _get_cpuid, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 (\u0442.\u0435. liblzma_la-crc64-fast.o), \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u0438\u0441\u043a\u0430\u0436\u0435\u043d\u043d\u044b\u0435 _get_cpuid().\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u044d\u0442\u043e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c, \u0438\u0437\u043c\u0435\u043d\u044f\u044f \u0432\u044b\u0437\u043e\u0432\u044b IFUNC \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0423\u0442\u0438\u043b\u0438\u0442\u0430 Binarly \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0435\u043a\u0442\u0430 XZ Utils, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0438\u043c\u0435\u044e\u0442 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0441\u0442\u044c.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043e \u043d\u0430 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0447\u0435\u0441\u043a\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b, \u0435\u0441\u043b\u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0433\u0434\u0435-\u0442\u043e \u0435\u0449\u0435, \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0435\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u0438 \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0421\u043a\u0430\u043d\u0435\u0440 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0430 xz.fail, \u043a\u0443\u0434\u0430 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0438\u0445 \u0447\u0438\u0441\u043b\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Binarly \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 API \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2024-04-03T14:57:26.000000Z"}, {"uuid": "1fa114ad-f674-4cca-899d-c69ab822bed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/ctinow/213425", "content": "https://ift.tt/Ov0Bbht\nBeware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)", "creation_timestamp": "2024-03-29T20:31:25.000000Z"}, {"uuid": "254568ae-c757-4f43-b693-ac938039ea90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/ctinow/213717", "content": "https://ift.tt/IwXnih4\nBinarly released the free online scanner to detect the CVE-2024-3094 Backdoor", "creation_timestamp": "2024-04-02T20:16:49.000000Z"}, {"uuid": "a18228fb-0c20-409a-8c3f-13e1525283b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/ctinow/213599", "content": "https://ift.tt/qkuIg2H\nBackdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)", "creation_timestamp": "2024-04-02T01:21:05.000000Z"}, {"uuid": "6ea09189-2c91-4e6f-a4be-2a8433285a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/ctinow/213415", "content": "https://ift.tt/PCVHtBh\nReported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094", "creation_timestamp": "2024-03-29T19:26:24.000000Z"}, {"uuid": "0c24c6b6-698d-40cc-ae90-55c2f59d9639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/MuhammadAlush0997/488", "content": "\u200f\u0627\u0630\u0627 \u0643\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 #Linux \u0648\u062a\u062d\u0628 \u062a\u062a\u0627\u0643\u062f \u0627\u0646\u0643 \u063a\u064a\u0631 \u0645\u0635\u0627\u0628 \u0628\u062b\u063a\u0631\u0629 \ud83d\udc48 CVE-2024-3094 \ud83d\udc49\n\n\u0627\u0633\u062a\u062e\u062f\u0645 \u0647\u0630\u0647 \u0627\u0644\u0627\u062f\u0627\u0629\nhttps://github.com/jfrog/cve-2024-3094-tools/tree/main/cve-2024-3094-detector\n\n\u062c\u0645\u064a\u0639 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u064a \u0627\u0644\u0635\u0648\u0631\u0629 \ud83d\udc46\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-04-05T03:09:34.000000Z"}, {"uuid": "4f2550e9-5692-41b1-95e1-2dd33dd5aefb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/MuhammadAlush0997/479", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u062e\u0637\u064a\u0631\u0647 \u062d\u0627\u0644\u064a\u0627\u064b \u0644\u0623\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633 \n\n\u0645\u0633\u062a\u0648\u0649 \u062a\u0639\u0642\u064a\u062f \u0627\u0644\u0647\u062c\u0648\u0645 \u0644\u0647\u0627 XZ \u0645\u062b\u064a\u0631 \u0644\u0644\u0625\u0639\u062c\u0627\u0628 \u0644\u0644\u063a\u0627\u064a\u0629 \n\n\u0643\u0644 \u0634\u064a\u0621 \u064a\u0642\u0627\u0644 \u0648\u064a\u0644\u062e\u0635 \u0628\u0634\u0643\u0644 \u062c\u064a\u062f \u0647\u0646\u0627 \ud83d\udc46\n\u200e#xz \u200e#xzbackdoor CVE-2024-3094\n\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-04-01T04:05:59.000000Z"}, {"uuid": "0b269ef7-4107-4dce-8520-51b67614d9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/solar_security/1184", "content": "\u0412 \u0447\u0435\u0442\u0432\u0435\u0440\u0433 \u043c\u044b \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u043b\u0438, \u043f\u043e\u0447\u0435\u043c\u0443 \u043d\u0435\u043b\u044c\u0437\u044f \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u041f\u041e, \u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0434\u043e\u043a\u0430\u0436\u0435\u043c \u044d\u0442\u043e \u043d\u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435.\n\n\u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0434\u043b\u044f \u0441\u0436\u0430\u0442\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 XZ Utils \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440 CVE-2024-3094. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u043e\u0439\u0442\u0438 sshd \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0430\u043a\u0435\u0442 XZ Utils \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 \u0438 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 Linux, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u0442\u044b\u0441\u044f\u0447\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0438\u0445 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u0432\u043d\u0435\u0434\u0440\u0438\u043b \u043e\u0434\u0438\u043d \u0438\u0437 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 XZ. \u042d\u0442\u043e \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0434\u0432\u0430 \u0433\u043e\u0434\u0430.\n\n\u0427\u0442\u043e\u0431\u044b \u043d\u0435 \u0441\u0442\u0430\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u0442\u0430\u043a\u043e\u0439 \u0430\u0442\u0430\u043a\u0438, \u043d\u0443\u0436\u0435\u043d \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a \u2014 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, Solar appScreener. \u041c\u043e\u0434\u0443\u043b\u044c SCS \u043e\u0446\u0435\u043d\u0438\u0442 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0434\u043e\u0432\u0435\u0440\u0438\u044f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u043c \u0430\u0432\u0442\u043e\u0440\u0430 \u0438 \u043f\u043e\u0434\u0441\u043a\u0430\u0436\u0435\u0442, \u043c\u043e\u0436\u043d\u043e \u043b\u0438 \u043d\u0430 \u043d\u0435\u0433\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c\u0441\u044f.\n\n\u041d\u0430 \u043a\u0430\u0440\u0442\u0438\u043d\u043a\u0435 \u2013 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043d\u0430\u0448\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430-\u0441\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u044f CVE-2024-3094. \u041e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e \u043a\u0440\u0438\u0442\u0435\u0440\u0438\u044e \u00ab\u200e\u0410\u0432\u0442\u043e\u0440\u0441\u043a\u0438\u0439 \u0441\u043e\u0441\u0442\u0430\u0432\u00bb \u043d\u0438\u0437\u043a\u0430\u044f, Solar appScreener \u0441\u0447\u0438\u0442\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0430 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442 \u043d\u0435 \u0441\u0442\u043e\u0438\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u044b \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e.", "creation_timestamp": "2024-04-06T11:02:25.000000Z"}, {"uuid": "8c6c381a-17c6-4e72-9af2-aaba04625f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/theninjaway1337/1500", "content": "Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros\n\nRedHat on Friday released an \"urgent security alert\" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.\n\nThe software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils versions 5.6.0 (released February 24) and 5.6.1 (released March 9).\n\n5.6.0 & 5.6.1 \u2014 vuln\n\nhttps://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html", "creation_timestamp": "2024-03-30T08:33:08.000000Z"}, {"uuid": "94f07e65-2aec-4a3b-8973-8a2bff571ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/188", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nhttps://github.com/lockness-Ko/xz-vulnerable-honeypot", "creation_timestamp": "2024-04-02T18:47:06.000000Z"}, {"uuid": "1555bf6b-7434-4624-8b67-64fabe139d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/191", "content": "https://github.com/amlweems/xzbot\n\nnotes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)\n#github", "creation_timestamp": "2024-04-02T18:49:27.000000Z"}, {"uuid": "b022383d-c900-4f78-b9c4-458afcf254b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/MuhammadAlush0997/478", "content": "\u062b\u063a\u0631\u0647 \u062e\u0637\u064a\u0631\u0647 \u062c\u062f\u0627\u064b #Backdoor \u0641\u064a \u0627\u063a\u0644\u0628 \u0627\u0646\u0638\u0645\u0647 #\u0644\u064a\u0646\u0643\u0633 \n\n\u0627\u0635\u062f\u0631\u062a RedHat \u062a\u062d\u0630\u064a\u0631 \u0628\u062e\u0635\u0648\u0635 \u0648\u062c\u0648\u062f \u0628\u0648\u0627\u0628\u0647 \u062e\u0644\u0641\u064a\u0629 ( Backdoor ) \u0645\u0632\u0631\u0648\u0639 \u0641\u064a \u0645\u0643\u062a\u0628\u0647 XZ Utils \u0627\u0644\u062e\u0627\u0635\u0647 \u0628\u0636\u063a\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u062b\u0628\u062a\u0647 \u0645\u0633\u0628\u0642\u0627\u064b \u0639\u0644\u0649 \u0627\u0644\u0643\u062b\u064a\u0631 \u0645\u0646 \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 \u0627\u0644\u0645\u0634\u0647\u0648\u0631\u0629.\n\u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0627\u0644\u062e\u0644\u0641\u064a\u0629 \u062a\u0645 \u0627\u062e\u0641\u0627\u0626\u0647\u0627 \u0628\u0637\u0631\u064a\u0642\u0647 \u0645\u0639\u0642\u062f\u0647 \u0641\u064a \u0627\u0644\u0643\u0648\u062f ( obfuscations ).\n\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u062e\u0644\u0627\u0644 SSH\n\n\ud83d\udccc \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u062e\u0637\u0648\u0631\u0647 10\n\n\ud83d\udccc \u0631\u0642\u0645 \u0627\u0644\u062b\u063a\u0631\u0647 CVE-2024-3094\n\n\u0627\u0644\u0631\u0627\u0628\u0637 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3094\n\n\u200f\u0628\u0648\u0627\u0628\u0629 \u062e\u0644\u0641\u064a\u0629 \u0641\u064a \u0627\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633\n\u0627\u0643\u062a\u0634\u0641 \u0627\u062d\u062f \u0628\u0627\u062d\u062b\u064a \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062b\u063a\u0631\u0629 \u0648\u0647\u064a \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0628\u0648\u0628\u0647 \u062e\u0644\u0641\u064a\u0629 \u0641\u064a XZ Utils \u0648\u0647\u064a \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0645\u0643\u062a\u0628\u0629 \u0645\u062a\u062e\u0635\u0635\u0629 \u0641\u064a \u0636\u063a\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a\u060c \u0648\u062a\u062a\u064a\u062d \u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0627\u0644\u062e\u0644\u0641\u064a\u0647 \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0628\u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SSH.\n\u0648\u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u062d\u062a \u062a\u0643\u0648\u064a\u062f CVE-2024-3094 \u0648\u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0643 10 \u0627\u0648 \u062e\u0637\u064a\u0631\u0629 \u0644\u0644\u063a\u0627\u064a\u0629.\n\u0637\u0628\u0639\u0627\u064b \u0643\u062b\u064a\u0631 \u0645\u0646 \u0646\u0633\u062e \u0644\u064a\u0646\u0643\u0633 \u0645\u0635\u0627\u0628\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0645\u0627 \u0641\u064a\u0647\u0627 \u0643\u0627\u0644\u064a \u0644\u064a\u0646\u0643\u0633 \u0648 Opensuse \u0648\u0628\u0639\u0636 \u0646\u0633\u062e Debian \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\u064a\u0629.\n\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-03-30T23:59:53.000000Z"}, {"uuid": "91464a2a-9cb7-46d3-a30b-6646c6c2126d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/information_security_channel/51920", "content": "Behind Enemy Lines: Understanding the Threat of the XZ Backdoor\nhttps://www.offsec.com/offsec/xz-backdoor/\n\nThe following is an excerpt from our new module on the recent XZ Utils backdoor, CVE-2024-3094.\n\u00a0\nOn Mar 29, 2024, at 12:00PM ET, Andres Freund posted (https://www.openwall.com/lists/oss-security/2024/03/29/4) on the Openwall mailing list about a backdoor he discovered in the XZ Utils (https://github.com/tukaani-project/xz) package. The backdoor targeted the OpenSSH (https://www.openssh.com/) binary, allowing remote code execution on impacted machines. This backdoor was not located in the GitHub repository, but only in release versions of the package, which hid its presence.\nGiven that XZ Utils had been installed (directly or indirectly) on billions of Linux systems worldwide, this finding stunned the international Linux and infosec communities.\nUnderstanding the Timeline of the Attack\nIn late 2021,\n... Read more \u00bb (https://www.offsec.com/offsec/xz-backdoor/)\nThe post Behind Enemy Lines: Understanding the Threat of the XZ Backdoor (https://www.offsec.com/offsec/xz-backdoor/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2024-04-09T20:13:46.000000Z"}, {"uuid": "cfc6958e-070e-41fd-9427-68c7d3df04df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/thehackernews/4779", "content": "\u26a1 Critical Supply Chain Compromise: Backdoor in XZ Utils allows RCE. \n \nSee how to detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. \n \nRead: https://thn.news/critical-rce-xz-utils", "creation_timestamp": "2024-04-04T18:17:45.000000Z"}, {"uuid": "a4787cb8-0a36-48aa-a00b-c8296f2f7c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/anti_malware/17158", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Binarly \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439 \u043e\u043d\u043b\u0430\u0439\u043d-\u0441\u043a\u0430\u043d\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u044f\u0432\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Linux, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0432 XZ Utils \u2014 CVE-2024-3094.", "creation_timestamp": "2024-08-20T16:59:18.000000Z"}, {"uuid": "c545d41e-7a8b-4f67-bfe6-1a90a475cfe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/SecLabNews/15031", "content": "Linux \u043f\u043e\u0440\u0430\u0437\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS \n\n\ud83c\udd98 \u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0434\u043b\u044f \u0441\u0436\u0430\u0442\u0438\u044f xz, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux, \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u0441\u043e\u0437\u0434\u0430\u044e\u0449\u0438\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\ud83d\udd0d \u0418\u043d\u0436\u0435\u043d\u0435\u0440-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u0438\u0437 Microsoft \u0410\u043d\u0434\u0440\u0435\u0441 \u0424\u0440\u043e\u0443\u043d\u0434 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 .m4 \u0444\u0430\u0439\u043b\u044b \u0432 \u0430\u0440\u0445\u0438\u0432\u0430\u0445 xz, \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0441\u0436\u0430\u0442\u0438\u044f liblzma \u0434\u043b\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\ud83d\udee1  \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0431 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2024-3094, \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.\n\n#\u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #Linux #CVE2024_3094 @SecLabNews", "creation_timestamp": "2024-04-01T07:31:55.000000Z"}, {"uuid": "3134f399-10f8-4f2b-adec-f3a4d9f7d937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cultofwire/1341", "content": "CVE-2025-31115: XZ Utils Hit Again with High-Severity Multithreaded Decoder Bug\n\n\u0421\u043a\u0443\u0447\u0430\u043b\u0438 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 XZ Utils? \u0418\u0445 \u0435\u0441\u0442\u044c \u0443 \u043c\u0435\u043d\u044f.\n\n\u0412 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u0445 \u0441\u0435\u0433\u043e\u0434\u043d\u044f XZ Utils \u0438 \u0441\u043d\u043e\u0432\u0430 CVE \u0432 \u043d\u0451\u043c: CVE-2025-31115 c CVSS: 8.7. CVE-2025-31115 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 XZ Utils \u0441 5.3.3alpha \u043f\u043e 5.8.0, \u043f\u0440\u0438\u0432\u043e\u0434\u044f \u043a \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0435\u0435 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u043c \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0435, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0439 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043d\u0435\u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u043e\u043c\u0443 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u0432\u044b\u0448\u043b\u043e. \u0412\u0435\u0440\u0441\u0438\u044f XZ Utils 5.8.1 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043e \u043a \u0432\u0435\u0442\u043a\u0430\u043c v5.4, v5.6, v5.8 \u0438 master \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f xz Git.\n\n\u041d\u0435 \u0442\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e (\u0434\u0430 \u0438 EPSS \u043f\u043e\u043a\u0430 0.05), \u043a\u0430\u043a CVE-2024-3094 (\u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u0437\u0430\u0431\u044b\u043b \u0441\u0442\u0430\u0442\u044c\u0438 \u043d\u0430 Wikipedia \u0438 Akamai), \u043d\u043e \u043b\u0443\u0447\u0448\u0435 \u043d\u0435 \u0437\u0430\u0442\u044f\u0433\u0438\u0432\u0430\u0442\u044c \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c.", "creation_timestamp": "2025-04-07T11:18:55.000000Z"}, {"uuid": "a96866d3-cc07-455c-b1f8-0d0296a9d6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cultofwire/1273", "content": "The Hidden Economy of Open Source Software\n\n\u041a Open Source \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0434\u0441\u0447\u0451\u0442\u0430 \u0446\u0435\u043d\u043d\u043e\u0441\u0442\u0438 (\u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u0435 \u0446\u0435\u043d\u044b \u043d\u0430 \u043f\u0440\u043e\u0434\u0430\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e), \u0438 \u0432\u0441\u0435\u0433\u043e 5% \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 OSS \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0442 \u0437\u0430 96% \u0435\u0433\u043e \u0441\u0442\u043e\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0432 XZ Utils (CVE-2024-3094), \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0441\u0436\u0430\u0442\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0448\u0438\u0440\u043e\u043a\u0438\u043c \u0441\u043f\u0435\u043a\u0442\u0440\u043e\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 Linux, \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c. \u0425\u043e\u0442\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0447\u0430\u0441\u0442\u043e \u043d\u0435 \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043d\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b\u044f, \u043e\u043d\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0430\u0436\u043d\u0435\u0439\u0448\u0438\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0441\u0432\u044f\u0437\u044c \u043c\u0435\u0436\u0434\u0443 \u043c\u0430\u0448\u0438\u043d\u0430\u043c\u0438.\n\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0441\u0442\u0430\u043b\u043e \u043a\u0440\u0430\u0435\u0443\u0433\u043e\u043b\u044c\u043d\u044b\u043c \u043a\u0430\u043c\u043d\u0435\u043c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438, \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0432\u0441\u0435: \u043e\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0441\u0442\u0430\u0440\u0442\u0430\u043f\u043e\u0432 \u0434\u043e \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0439. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0438 \u043e\u0441\u043d\u043e\u0432\u043e\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0443\u044e \u0440\u043e\u043b\u044c \u0432 \u043f\u0440\u043e\u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0438 \u0438\u043d\u043d\u043e\u0432\u0430\u0446\u0438\u0439, \u0438\u0441\u0442\u0438\u043d\u043d\u0430\u044f \u044d\u043a\u043e\u043d\u043e\u043c\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0446\u0435\u043d\u043d\u043e\u0441\u0442\u044c OSS \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0435\u0438\u0437\u0432\u0435\u0434\u0430\u043d\u043d\u043e\u0439 \u0442\u0435\u0440\u0440\u0438\u0442\u043e\u0440\u0438\u0435\u0439.\n\u041d\u043e \u0442\u0430\u043a \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0430\u0441\u0443\u0449\u043d\u0430\u044f, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0413\u0430\u0440\u0432\u0430\u0440\u0434\u0441\u043a\u043e\u0439 \u0448\u043a\u043e\u043b\u044b \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u041c\u0430\u043d\u0443\u044d\u043b\u044c \u0425\u043e\u0444\u0444\u043c\u0430\u043d\u043d, \u0424\u0440\u044d\u043d\u043a \u041d\u044d\u0433\u043b \u0438 \u042f\u043d\u0443\u043e \u0427\u0436\u043e\u0443 \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u0442\u0435\u043c\u0443 \u0432\u043b\u0438\u044f\u043d\u0438\u044f Open Source \u043d\u0430 \u043e\u0442\u0440\u0430\u0441\u043b\u044c.\n\n\u0422\u0435\u043a\u0441\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f The Value of Open Source Software \u0432 pdf.", "creation_timestamp": "2024-05-15T11:04:53.000000Z"}, {"uuid": "fb9aa3ed-2c30-4d69-ab46-890884bec872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/cultofwire/1353", "content": "Fifty Years of Open Source Software Supply Chain Security\n\nTL;DR\n\u0420\u0430\u0441\u0441 \u041a\u043e\u043a\u0441 (\u044d\u043a\u0441-\u043b\u0438\u0434\u0435\u0440 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043f\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 Go) \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442 \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u044e \u0443\u0433\u0440\u043e\u0437 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 50 \u043b\u0435\u0442. \u041e\u043d \u0441\u0440\u0430\u0432\u043d\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u0442\u043e\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u0442\u044c \u043d\u0435\u0438\u0437\u043c\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u044d\u0442\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438.\u200b\n\n\u0412 \u043c\u0430\u0440\u0442\u0435 \u0434\u0430\u043b\u0451\u043a\u043e\u0433\u043e 1972 \u0433\u043e\u0434\u0430, \u0412\u0412\u0421 \u0421\u0428\u0410 \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Honeywell Multics, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c, \u043c\u043e\u0436\u043d\u043e \u043b\u0438 \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445. \u041e\u0442\u0447\u0435\u0442 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 1974 \u0433\u043e\u0434\u0430, \u0433\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0432\u044b\u0432\u043e\u0434\u0443, \u0447\u0442\u043e Multics, \u0445\u043e\u0442\u044c \u0438 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d \u043b\u0443\u0447\u0448\u0435 \u0441\u0432\u043e\u0438\u0445 \u0430\u043d\u0430\u043b\u043e\u0433\u043e\u0432, \u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0430\u0437\u0443\u043c\u043d\u043e\u0439 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0412 \u043e\u0442\u0447\u0435\u0442\u0435 \u0433\u043e\u0432\u043e\u0440\u0438\u043b\u043e\u0441\u044c \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0432 \u043d\u0435\u0432\u0438\u043d\u043d\u044b\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432. \u041f\u0440\u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e, \u043e\u0447\u0435\u043d\u044c \u043c\u0430\u043b\u043e\u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u0441\u0438\u0433\u043d\u0430\u043b\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0447\u0438\u0442\u0430\u0442\u044c \u0438\u043b\u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0441\u043b\u043e\u0432\u043e \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430. \u042d\u0442\u043e \u043a\u0440\u043e\u0448\u0435\u0447\u043d\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u043e\u0434\u0440\u044b\u0432\u0430\u043b\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438 \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u043a\u0430 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0442\u0430\u043a\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0434\u0435\u043b\u0430\u043d\u043e \u0438 \u0441\u043a\u0440\u044b\u0442\u043e.\n\u0418 \u044d\u0442\u043e\u0442 \u043e\u0442\u0447\u0451\u0442 \u043c\u043e\u0436\u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0432 \u043c\u0438\u0440\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u0422\u0430\u043a \u0436\u0435 \u043d\u0435 \u043e\u0431\u043e\u0448\u043b\u043e\u0441\u044c \u0438 \u0431\u0435\u0437 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 liblzma\\xz (CVE-2024-3094), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u044f\u0440\u043a\u0438\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0422\u0435\u0437\u0438\u0441\u043d\u043e:\n- \u0417\u0430 50 \u043b\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435 \u0440\u0435\u0448\u0438\u043b\u0430\u0441\u044c \u0441\u0430\u043c\u0430 \u0441\u043e\u0431\u043e\u0439 \u0438 \u0441\u0442\u0430\u043b\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0435\u0439.\n- \u0420\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u043f\u043e\u0438\u0441\u043a \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u0436\u043d\u044b \u0438 \u0432\u0430\u0436\u043d\u044b.\n- \u041f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u044f\u0437\u044b\u043a\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n- \u0421\u0442\u043e\u0438\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u041f\u041e.\n- \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0442\u043e\u0436\u0435 \u0445\u043e\u0440\u043e\u0448\u0435\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435.", "creation_timestamp": "2025-04-25T12:13:04.000000Z"}, {"uuid": "19ee58eb-b619-44ac-804a-dc19895001c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/8552", "content": "XZ Utils CVE-2024-3094: A Tale of Broken Trust, Curious Persistence, and a Call to Action\n\nhttps://www.hackerone.com/vulnerability-management/cve-2024-3094", "creation_timestamp": "2024-04-08T10:45:24.000000Z"}, {"uuid": "e26a7385-76e5-494b-9d7d-5d46c4b3355e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/Russian_OSINT/3927", "content": "\ud83d\ude15 \u0412 \u043d\u0430\u0431\u043e\u0440 \u0443\u0442\u0438\u043b\u0438\u0442 XZ Utils \u0431\u044b\u043b \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043f\u0430\u043b \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 Linux\n\n\u0421\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u0441\u0442\u0440\u043e\u0438\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043d\u0430\u0431\u043e\u0440 \u0443\u0442\u0438\u043b\u0438\u0442 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u0435\u0441\u0441\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XZ Utils \u0432\u0435\u0440\u0441\u0438\u0439 5.6.0 \u0438 5.6.1. \u0427\u0442\u043e \u0435\u0449\u0435 \u0445\u0443\u0436\u0435, \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0441 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c \u0443\u0441\u043f\u0435\u043b\u0438 \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0445 \u0441\u0431\u043e\u0440\u043e\u043a Linux, \u0442\u0430\u043a \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u0443\u044e \u0437\u0430\u043a\u043b\u0430\u0434\u043a\u0443 \u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0441\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u043d\u043e\u043c\u0435\u0440 CVE-2024-3094.\n\n\ud83d\udc69\u200d\ud83d\udcbb\u041a\u0430\u043a\u0438\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 Linux \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0443\u0442\u0438\u043b\u0438\u0442\u044b, \u0430 \u043a\u0430\u043a\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b?\n\n\u0422\u043e\u0447\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e XZ Utils \u0432\u0435\u0440\u0441\u0438\u0439 5.6.0 \u0438 5.6.1 \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux:\n\n\u25aa\ufe0fKali Linux, \u043d\u043e \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u043b\u043e\u0433\u0430, \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043c\u0435\u0436\u0434\u0443 26 \u0438 29 \u043c\u0430\u0440\u0442\u0430 (\u0432 \u0431\u043b\u043e\u0433\u0435 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u043f\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0443\u0442\u0438\u043b\u0438\u0442);\n\u25aa\ufe0fopenSUSE Tumbleweed \u0438 openSUSE MicroOS, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441 7 \u043f\u043e 28 \u043c\u0430\u0440\u0442\u0430;\n\u25aa\ufe0fFedora 41, Fedora Rawhide \u0438 Fedora Linux 40 beta;\n\u25aa\ufe0fDebian (\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0435, \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438);\n\u25aa\ufe0fArch Linux \u2013 \u043e\u0431\u0440\u0430\u0437\u044b \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 29 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044f 29 \u043c\u0430\u0440\u0442\u0430. \u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 archlinux \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0447\u0442\u043e \u0438\u0437-\u0437\u0430 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0435\u0439 \u0438\u043c\u043f\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u0432 Arch Linux \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0435 \u0431\u0443\u0434\u0435\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u0432\u0441\u0435-\u0442\u0430\u043a\u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\ud83d\udee1\u041d\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b, \u043f\u043e \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, Debian Stable. \u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b \u0438\u043c\u0435\u0435\u0442 \u0441\u043c\u044b\u0441\u043b \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432 \u043d\u0438\u0445 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 XZ Utils.\n\n\ud83e\udd16 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0432\u0448\u0438\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u0432 \u043c\u0430\u0440\u0442\u0435 \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 XZ Utils (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043a \u0432\u0435\u0440\u0441\u0438\u0438 5.4.6).\n\n\ud83d\ude0d \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435:\nhttps://www.kaspersky.ru/blog/cve-2024-3094-vulnerability-backdoor/37222\n\n\u270b @Russian_OSINT", "creation_timestamp": "2024-04-01T11:08:44.000000Z"}, {"uuid": "633ddfe6-31fb-4731-8796-c76bc10a648f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2233", "content": "https://github.com/amlweems/xzbot\n\nnotes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)\n#github", "creation_timestamp": "2024-04-06T00:37:11.000000Z"}, {"uuid": "b38d4f91-c04c-44a2-9eae-9cf29a9a651b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2215", "content": "https://github.com/emirkmo/xz-backdoor-github\n\nHistory of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.\n#github #\u5206\u6790", "creation_timestamp": "2024-03-30T15:54:17.000000Z"}, {"uuid": "25c63c65-73c9-4449-8918-b3a7f2ca58fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2223", "content": "https://github.com/lockness-Ko/xz-vulnerable-honeypot\n\nAn ssh honeypot with the XZ backdoor. CVE-2024-3094\n#github #tools", "creation_timestamp": "2024-04-20T16:11:25.000000Z"}, {"uuid": "2fc8890f-bdab-4fcc-a32d-869e7f6519d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/S_E_Reborn/4645", "content": "\u041f\u043e \u0441\u043b\u0435\u0434\u0430\u043c \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a XZ Utils (CVE-2024-3094) \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Binarly \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0441\u043a\u0430\u043d\u0435\u0440 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 \u0432 \u043b\u044e\u0431\u043e\u043c \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435 Linux.\n\n\u0417\u0430\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u0432 \u043e\u0441\u043d\u043e\u0432\u0443 \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043f\u043e\u0434\u0445\u043e\u0434 \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445 \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0441\u0442\u0440\u043e\u043a, \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u0435 \u0432 \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0445\u044d\u0448\u0435\u0439 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 YARA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043b\u043e\u0436\u043d\u044b\u043c \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u044f\u043c.\n\nBinarly \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u043a\u0430\u043d\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432 \u0432 \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 GNU (IFUNC).\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043e\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u044b, \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u043a\u0430\u043a \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0440\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u043e\u0432 IFUNC.\n\n\u0410\u0442\u0440\u0438\u0431\u0443\u0442 IFUNC \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0430 GCC \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0434\u043d\u043e\u0439 \u0438 \u0442\u043e\u0439 \u0436\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u0431\u0438\u0440\u0430\u044e\u0442\u0441\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u0440\u0438\u0442\u0435\u0440\u0438\u0435\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0442\u0438\u043f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430.\n\n\u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c XZ \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0430\u0442\u0440\u0438\u0431\u0443\u0442 GNU Indirect Function (ifunc), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0443 GCC \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0442\u044c \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u044b\u0435 \u0432\u044b\u0437\u043e\u0432\u044b \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 XZ \u0438\u0437\u043c\u0435\u043d\u044f\u0435\u0442 \u0432\u044b\u0437\u043e\u0432\u044b ifunc \u0434\u043b\u044f \u0437\u0430\u043c\u0435\u043d\u044b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 is_arch_extension_supported, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c cpuid \u0434\u043b\u044f \u0432\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u044b\u0437\u043e\u0432\u0430 _get_cpuid, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 (\u0442.\u0435. liblzma_la-crc64-fast.o), \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u0438\u0441\u043a\u0430\u0436\u0435\u043d\u043d\u044b\u0435 _get_cpuid().\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u044d\u0442\u043e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c, \u0438\u0437\u043c\u0435\u043d\u044f\u044f \u0432\u044b\u0437\u043e\u0432\u044b IFUNC \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0423\u0442\u0438\u043b\u0438\u0442\u0430 Binarly \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0435\u043a\u0442\u0430 XZ Utils, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0438\u043c\u0435\u044e\u0442 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0441\u0442\u044c.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043e \u043d\u0430 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0447\u0435\u0441\u043a\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b, \u0435\u0441\u043b\u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0433\u0434\u0435-\u0442\u043e \u0435\u0449\u0435, \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0435\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u0438 \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0421\u043a\u0430\u043d\u0435\u0440 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0430 xz.fail, \u043a\u0443\u0434\u0430 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0438\u0445 \u0447\u0438\u0441\u043b\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Binarly \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 API \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2024-04-03T18:49:22.000000Z"}, {"uuid": "622796aa-d5db-4698-bf75-21103d359b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/MuhammadAlush0997/82346", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u062e\u0637\u064a\u0631\u0647 \u062d\u0627\u0644\u064a\u0627\u064b \u0644\u0623\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633 \n\n\u0645\u0633\u062a\u0648\u0649 \u062a\u0639\u0642\u064a\u062f \u0627\u0644\u0647\u062c\u0648\u0645 \u0644\u0647\u0627 XZ \u0645\u062b\u064a\u0631 \u0644\u0644\u0625\u0639\u062c\u0627\u0628 \u0644\u0644\u063a\u0627\u064a\u0629 \n\n\u0643\u0644 \u0634\u064a\u0621 \u064a\u0642\u0627\u0644 \u0648\u064a\u0644\u062e\u0635 \u0628\u0634\u0643\u0644 \u062c\u064a\u062f \u0647\u0646\u0627 \ud83d\udc46\n\u200e#xz \u200e#xzbackdoor CVE-2024-3094\n\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-04-01T04:05:59.000000Z"}, {"uuid": "4ca6406c-f84e-4042-9107-ef3ea65278db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/secinfosex/52", "content": "\u2b55\ufe0f CVE-2024-3094: \u0411\u0435\u043a\u0434\u043e\u0440 \u0432 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0435 xz 5.6.0-5.6.1.\n\n\u0421\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0435 - \u0441 \u043a\u043e\u043d\u0446\u0430 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u0430\u0440\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 xz - The Tukaani Project -  \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u043d\u0435\u043f\u043b\u043e\u0445\u043e \u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0431\u0435\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u0435\u043a \u0432 \u043f\u0430\u043a\u0435\u0442\u044b \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux.\n\n\u0411\u0435\u043a\u0434\u043e\u0440 \u043d\u0430\u0448\u0435\u043b Andres Freund, \u043e\u0431\u0440\u0430\u0442\u0438\u0432 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 ssh \u0432 \u0441\u0432\u043e\u0435\u043c Debian sid \u0434\u0438\u0441\u0442\u0440\u0435, \u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0442\u0435\u0441\u0442\u0430\u0445, \u0437\u0430 \u0447\u0442\u043e \u0435\u043c\u0443 \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0441\u043f\u0430\u0441\u0438\u0431\u043e.\n\n\u0421\u0430\u043c \u0431\u0435\u043a\u0434\u043e\u0440 \u0437\u0430\u0442\u0435\u0439\u043b\u0438\u0432\u044b\u0439, \u0441\u043e\u0441\u0442\u0430\u0432\u043d\u043e\u0439  - \u0437\u0430\u0441\u0443\u043d\u0443\u043b\u0438 \u0432 git \u0441\u0431\u043e\u0440\u043a\u0443 \u043c\u0430\u043a\u0440\u043e\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 $builddir/src/liblzma/Makefile,  \u0434\u0430\u043b\u0435\u0435 \u0432\u044b\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0435\u0442 \u043f\u0435\u0439\u043b\u043e\u0430\u0434 \u0447\u0430\u0441\u0442\u044f\u043c\u0438 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0445 \u0431\u043b\u043e\u0431\u043e\u0432, \u043f\u043e\u0434\u0441\u0443\u043d\u0443\u0442\u044b\u0445 \u0437\u0430\u0440\u0430\u043d\u0435\u0435 \u043a\u0430\u043a \u0430\u0440\u0445\u0438\u0432\u044b \u0434\u043b\u044f \u0442\u0435\u0441\u0442\u043e\u0432, \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442\u0441\u044f \u0432 \u0441\u0431\u043e\u0440\u043a\u0443, \u0438 \u0432 \u0438\u0442\u043e\u0433\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0441\u0435\u0431\u0435 \u0441\u0442\u0430\u0440\u0442 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \n\n\u0411\u0435\u043a\u0434\u043e\u0440\u0430 \u0438 \u0440\u0435\u0432\u0435\u0440\u0441\u0430 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442, \u043d\u043e \u043f\u043e \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043e\u043d \u043a\u0430\u043a-\u0442\u043e \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 ssh, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0437\u0430\u0439\u0442\u0438 \u043d\u0430 \u0432\u0430\u0448 \u0445\u043e\u0441\u0442 \u0432 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u043a\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043e \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 Debian sid, Fedora 41/Fedora rawhide, Kali, OpenSUSE.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e: \n\ud83d\udc49 https://www.openwall.com/lists/oss-security/2024/03/29/4\n\ud83d\udc49 https://boehs.org/node/everything-i-know-about-the-xz-backdoor", "creation_timestamp": "2024-03-30T05:39:08.000000Z"}, {"uuid": "f8360b33-ec2d-4fde-b172-383019648d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/MuhammadAlush0997/82333", "content": "\u062b\u063a\u0631\u0647 \u062e\u0637\u064a\u0631\u0647 \u062c\u062f\u0627\u064b #Backdoor \u0641\u064a \u0627\u063a\u0644\u0628 \u0627\u0646\u0638\u0645\u0647 #\u0644\u064a\u0646\u0643\u0633 \n\n\u0627\u0635\u062f\u0631\u062a RedHat \u062a\u062d\u0630\u064a\u0631 \u0628\u062e\u0635\u0648\u0635 \u0648\u062c\u0648\u062f \u0628\u0648\u0627\u0628\u0647 \u062e\u0644\u0641\u064a\u0629 ( Backdoor ) \u0645\u0632\u0631\u0648\u0639 \u0641\u064a \u0645\u0643\u062a\u0628\u0647 XZ Utils \u0627\u0644\u062e\u0627\u0635\u0647 \u0628\u0636\u063a\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u062b\u0628\u062a\u0647 \u0645\u0633\u0628\u0642\u0627\u064b \u0639\u0644\u0649 \u0627\u0644\u0643\u062b\u064a\u0631 \u0645\u0646 \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 \u0627\u0644\u0645\u0634\u0647\u0648\u0631\u0629.\n\u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0627\u0644\u062e\u0644\u0641\u064a\u0629 \u062a\u0645 \u0627\u062e\u0641\u0627\u0626\u0647\u0627 \u0628\u0637\u0631\u064a\u0642\u0647 \u0645\u0639\u0642\u062f\u0647 \u0641\u064a \u0627\u0644\u0643\u0648\u062f ( obfuscations ).\n\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u062e\u0644\u0627\u0644 SSH\n\n\ud83d\udccc \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u062e\u0637\u0648\u0631\u0647 10\n\n\ud83d\udccc \u0631\u0642\u0645 \u0627\u0644\u062b\u063a\u0631\u0647 CVE-2024-3094\n\n\u0627\u0644\u0631\u0627\u0628\u0637 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3094\n\n\u200f\u0628\u0648\u0627\u0628\u0629 \u062e\u0644\u0641\u064a\u0629 \u0641\u064a \u0627\u0646\u0638\u0645\u0629 \u0644\u064a\u0646\u0643\u0633\n\u0627\u0643\u062a\u0634\u0641 \u0627\u062d\u062f \u0628\u0627\u062d\u062b\u064a \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062b\u063a\u0631\u0629 \u0648\u0647\u064a \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0628\u0648\u0628\u0647 \u062e\u0644\u0641\u064a\u0629 \u0641\u064a XZ Utils \u0648\u0647\u064a \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0645\u0643\u062a\u0628\u0629 \u0645\u062a\u062e\u0635\u0635\u0629 \u0641\u064a \u0636\u063a\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a\u060c \u0648\u062a\u062a\u064a\u062d \u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0627\u0644\u062e\u0644\u0641\u064a\u0647 \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0628\u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SSH.\n\u0648\u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u062d\u062a \u062a\u0643\u0648\u064a\u062f CVE-2024-3094 \u0648\u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0643 10 \u0627\u0648 \u062e\u0637\u064a\u0631\u0629 \u0644\u0644\u063a\u0627\u064a\u0629.\n\u0637\u0628\u0639\u0627\u064b \u0643\u062b\u064a\u0631 \u0645\u0646 \u0646\u0633\u062e \u0644\u064a\u0646\u0643\u0633 \u0645\u0635\u0627\u0628\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0645\u0627 \u0641\u064a\u0647\u0627 \u0643\u0627\u0644\u064a \u0644\u064a\u0646\u0643\u0633 \u0648 Opensuse \u0648\u0628\u0639\u0636 \u0646\u0633\u062e Debian \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\u064a\u0629.\n\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-03-30T23:59:53.000000Z"}, {"uuid": "447c7cac-9cb1-426f-b901-8fc5c7607b7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/MuhammadAlush0997/82462", "content": "\u200f\u0627\u0630\u0627 \u0643\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 #Linux \u0648\u062a\u062d\u0628 \u062a\u062a\u0627\u0643\u062f \u0627\u0646\u0643 \u063a\u064a\u0631 \u0645\u0635\u0627\u0628 \u0628\u062b\u063a\u0631\u0629 \ud83d\udc48 CVE-2024-3094 \ud83d\udc49\n\n\u0627\u0633\u062a\u062e\u062f\u0645 \u0647\u0630\u0647 \u0627\u0644\u0627\u062f\u0627\u0629\nhttps://github.com/jfrog/cve-2024-3094-tools/tree/main/cve-2024-3094-detector\n\n\u062c\u0645\u064a\u0639 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u064a \u0627\u0644\u0635\u0648\u0631\u0629 \ud83d\udc46\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f\n\nt.me/MuhammadAlush0997\n\n\u062a\u0627\u0628\u0639\u0646\u064a \u0639\u0644\u0649 :\nTelegram | instagram | facebook | Twitter | YouTube", "creation_timestamp": "2024-04-05T03:09:34.000000Z"}, {"uuid": "f0ede033-a498-4e42-affb-fa662ab8e8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/CybNux/6121", "content": "\u0643\u0627\u0631\u062b\u0629 KaLi linux \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 XZ Utils (CVE-2024-3094) | \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0627\u0646!\n\nhttps://youtu.be/r10OuTdQnBo", "creation_timestamp": "2024-04-01T21:01:22.000000Z"}, {"uuid": "11ced70a-4cc6-47ac-9d23-8e472d5f1041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10647", "content": "#tools\n#Blue_Team_Techniques\n1. MDE_Enum - tool to extract and display detailed information about Windows Defender exclusions and ASR rules\nhttps://github.com/0xsp-SRD/MDE_Enum\n2. CVE-2024-3094 (XZ Utils) Checker\nhttps://github.com/FabioBaroni/CVE-2024-3094-checker", "creation_timestamp": "2024-06-09T12:47:01.000000Z"}, {"uuid": "410f7397-ccd1-4200-b923-485a212544c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/CybNux/6068", "content": "\u062b\u063a\u0631\u0629 \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u0627\u064b #Backdoor \u0641\u064a \u0627\u063a\u0644\u0628 \u0627\u0646\u0638\u0645\u0629 #\u0644\u064a\u0646\u0643\u0633 \n\n\u0627\u0635\u062f\u0631\u062a RedHat \u062a\u062d\u0630\u064a\u0631 \u0628\u062e\u0635\u0648\u0635 \u0648\u062c\u0648\u062f \u0628\u0648\u0627\u0628\u0647 \u062e\u0644\u0641\u064a\u0629 ( Backdoor ) \u0645\u0632\u0631\u0648\u0639 \u0641\u064a \u0645\u0643\u062a\u0628\u0629 XZ Utils \u0627\u0644\u062e\u0627\u0635\u0647 \u0628\u0636\u063a\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u062b\u0628\u062a\u0647 \u0645\u0633\u0628\u0642\u0627\u064b \u0639\u0644\u0649 \u0627\u0644\u0643\u062b\u064a\u0631 \u0645\u0646 \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0644\u064a\u0646\u0643\u0633 \u0627\u0644\u0645\u0634\u0647\u0648\u0631\u0629.\n\u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0627\u0644\u062e\u0644\u0641\u064a\u0629 \u062a\u0645 \u0627\u062e\u0641\u0627\u0626\u0647\u0627 \u0628\u0637\u0631\u064a\u0642\u0629 \u0645\u0639\u0642\u062f\u0647 \u0641\u064a \u0627\u0644\u0643\u0648\u062f ( obfuscations ).\n\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u062e\u0644\u0627\u0644 SSH\n\n\ud83d\udccc \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 10\n\n\ud83d\udccc \u0631\u0642\u0645 \u0627\u0644\u062b\u063a\u0631\u0647 CVE-2024-3094\n\n\u0627\u0644\u0631\u0627\u0628\u0637 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3094\n\n\u3030\ufe0f\u2796\u2796\u2796\u2796\u2796\u2796\u3030\ufe0f", "creation_timestamp": "2024-03-30T23:57:30.000000Z"}, {"uuid": "8ba8d8f2-c9a4-428c-b846-98b85dd7be4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "seen", "source": "https://t.me/CybNux/6089", "content": "\ud83d\udfe5\ud83d\udfe7\ud83d\udfe8 \u062a\u0646\u0628\u064a\u0647:  \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0648\u0627\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 Linux\n\u25fe\ufe0f \u0625\u0630\u0627 \u0643\u0627\u0646 \u062c\u0647\u0627\u0632\u0643 \u0627\u0644\u0634\u062e\u0635\u064a \u064a\u0639\u0645\u0644 \u0628\u0625\u062d\u062f\u0649 \u062a\u0648\u0632\u064a\u0639\u0627\u062a \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 Linux \u0623\u0648 \u0643\u0646\u062a  \u0645\u0633\u0626\u0648\u0644\u0627\u064b \u0639\u0646 \u0625\u062f\u0627\u0631\u0629 \u062e\u0648\u0627\u062f\u0645 \u062a\u0639\u0645\u0644 \u0628\u0647\u0630\u0627 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0641\u064a\u062c\u0628 \u0639\u0644\u064a\u0643 \u0627\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u0648\u062c\u0648\u062f \u0627\u0644\u0645\u0643\u062a\u0628\u0629 XZ Utils \u0641\u064a \u062c\u0647\u0627\u0632\u0643 \u0648\u0645\u0627 \u0647\u0648 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0630\u064a \u062a\u0639\u0645\u0644 \u0639\u0644\u064a\u0647\u060c \u0647\u0630\u0647 \u0627\u0644\u0645\u0643\u062a\u0628\u0629 \u0645\u062e\u062a\u0635\u0629 \u0628\u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u0636\u063a\u0648\u0637\u0629 \u0648\u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0645\u0624\u062e\u0631\u0627\u064b \u0639\u0646 \u0648\u062c\u0648\u062f \u062e\u0644\u0644 \u062e\u0637\u064a\u0631 \u062c\u062f\u0627\u064b \u0628\u0647\u0627 (CVSS 10.0) (CVE-2024-3094) \u064a\u0642\u0648\u0645 \u0628\u0641\u062a\u062d \u0628\u0648\u0627\u0628\u0629 \u062e\u0644\u0641\u064a\u0629 \u062f\u0627\u062e\u0644 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0639\u0628\u0631 \u0627\u0644\u0634\u0628\u0643\u0629 \u0645\u0646 \u062a\u062e\u0637\u064a \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0641\u064a \u0628\u0631\u062a\u0648\u0643\u0648\u0644 SSH \u0648\u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0648\u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0639\u0644\u064a\u0647.\n\n\ud83d\udd34 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0645\u0646 \u0627\u0644\u0645\u0643\u062a\u0628\u0629 XZ Utils \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0647\u0630\u0627 \u0627\u0644\u062e\u0637\u0631 \u0647\u064a 5.6.0 \u0648 5.6.1 \n\n\ud83d\udd34 \u064a\u062a\u0645 \u0627\u0633\u062a\u0639\u0645\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u0645\u0643\u062a\u0628\u0629 \u0641\u064a \u0628\u0639\u0636 \u062a\u0648\u0632\u064a\u0639\u0627\u062a Linux \u0645\u062b\u0644: Fedora \u060c Ubuntu \u060c Debian \u060c Arch \u060c CentOS \u060c openSUSE\n\n\ud83d\udca1\u062a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0631\u0642\u0645 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0645\u0631: xz --version  \n\n\ud83d\udca1\u064a\u0646\u0635\u062d \u0628\u0634\u062f\u0629 \u0641\u064a \u062d\u0627\u0644 \u0648\u062c\u0648\u062f \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0645\u062a\u0636\u0631\u0631 \u0628\u062c\u0647\u0627\u0632\u0643 \u0623\u0646 \u062a\u0642\u0648\u0645 \u0628\u062a\u063a\u064a\u064a\u0631\u0647 \u0627\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0642\u062f\u064a\u0645 5.4.5", "creation_timestamp": "2024-04-01T00:58:46.000000Z"}, {"uuid": "dc6ed78f-1d2f-489c-8c0a-2006bf143f3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/6428", "content": "CVE-2024-3094 - An ssh honeypot with the XZ backdoor. \n\nGithub\n\n#CVE #Honeypot #Backdoor \n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-03-31T15:46:39.000000Z"}, {"uuid": "7880397a-5e1c-420a-9a41-3b9b6c64c7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "exploited", "source": "https://t.me/club31337/1781", "content": "Backdoor in upstream xz/liblzma leading to ssh server compromise\n\nhttps://www.openwall.com/lists/oss-security/2024/03/29/4\n\nhttps://www.mend.io/blog/critical-backdoor-found-xz-utils-cve-2024-3094/", "creation_timestamp": "2024-11-11T01:56:44.000000Z"}]}