{"vulnerability": "CVE-2024-3992", "sightings": [{"uuid": "bffaad40-fd8e-4de7-8649-226f6292b97a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m4ykn4dukj2u", "content": "", "creation_timestamp": "2025-11-06T21:57:21.108689Z"}, {"uuid": "e04d59ac-0367-4f4c-bd62-2f3bc100d925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7963", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aDetection method for Exim vulnerability CVE-2024-39929 \nURL\uff1ahttps://github.com/rxerium/CVE-2024-39929\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-12T18:06:28.000000Z"}, {"uuid": "5d3a66f9-9ccb-4e74-b996-e02036a3b154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m5xrylbhgn2g", "content": "", "creation_timestamp": "2025-11-19T08:01:34.053095Z"}, {"uuid": "3fdef306-a28c-4f63-bc7d-ca0ba25dadbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8118", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC to test CVE-2024-39929 against EXIM mail servers\nURL\uff1ahttps://github.com/michael-david-fry/CVE-2024-39929\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-29T15:13:51.000000Z"}, {"uuid": "3e9a69a7-7498-4c26-af78-ca7f336d7d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39924", "type": "published-proof-of-concept", "source": "Telegram/06GZocrCG6eOyV53sFao3hKZD1hDVJHM749gzYRHtjl7dUE", "content": "", "creation_timestamp": "2025-06-02T21:00:04.000000Z"}, {"uuid": "ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39926\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:34:10.932Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/html-injection-in-vaultwarden", "creation_timestamp": "2025-01-09T18:21:02.000000Z"}, {"uuid": "069d74be-e15d-46c5-b07e-d0c4bea5624e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39925\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:35:37.275Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/releases\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/missing-rotation-of-the-organization-key", "creation_timestamp": "2025-01-09T18:20:55.000000Z"}, {"uuid": "3244e81c-2bc8-4f42-a69d-5daee24aa80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39924", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1012", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39924\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:36:27.993Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access", "creation_timestamp": "2025-01-09T18:20:37.000000Z"}, {"uuid": "798177f6-360f-4e68-a59e-9d56bd7d5c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39927", "type": "seen", "source": "https://t.me/cvedetector/521", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39927 - Out-of-bounds write vulnerability exists in Ricoh\", \n  \"Content\": \"CVE ID : CVE-2024-39927 \nPublished : July 10, 2024, 7:15 a.m. | 18\u00a0minutes ago \nDescription : Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T09:39:24.000000Z"}, {"uuid": "8f17862a-2df4-433f-b7cf-2a115888aa32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39924", "type": "published-proof-of-concept", "source": "Telegram/tENtBr4-AgzEshVJe9a1k0f1fpj6B-5mE7bzJtZ3VBv8iXQ", "content": "", "creation_timestamp": "2025-06-02T19:00:05.000000Z"}, {"uuid": "23572304-2dd2-424e-b792-3feff8d04846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/kasperskyb2b/1340", "content": "\ud83d\udd0e \u0412\u0430\u0436\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83c\udd94 \u041f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0438 spearphishing \u0432 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0430\u0445.  \u041d\u043e\u0432\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f LLM, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0438\u043c \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0440\u0430\u0441\u0441\u044b\u043b\u043e\u043a, \u0430 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u0442\u0435\u0447\u043a\u0438 \u041f\u0414 \u0434\u0430\u044e\u0442 \u043d\u0443\u0436\u043d\u044b\u0435 \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f.\n\n\ud83c\udf83 APT CloudSorcerer \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u044b. C2 \u2014 \u043d\u0430 Github, \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f \u2014 \u0447\u0435\u0440\u0435\u0437 Dropbox \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\n\n\ud83d\udd34 \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 CRYSTALRAY, \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0447\u0435\u0440\u0435\u0437 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b n-day, \u0440\u0435\u0437\u043a\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431 \u0441\u0432\u043e\u0435\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438. \u041d\u0430 \u043f\u043e\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0412\u041f\u041e SSH-snake, \u044d\u0442\u043e\u0442 open source \u0447\u0435\u0440\u0432\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438. \u0426\u0435\u043b\u044c\u044e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u043e\u0440\u043e\u0432\u0441\u0442\u0432\u043e \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0438\u043d\u0433.\n\n\u270f\ufe0f \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0446\u0438\u0444\u0440\u044b \u0438\u0437 Cloudflare appsec report: \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0443 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 33% \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 API endpoints, \u0447\u0435\u043c \u043e\u043d\u0430 \u0437\u043d\u0430\u0435\u0442. \u0420\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u043e\u043d\u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435 \u0443\u0447\u0442\u0435\u043d\u044b, \u043d\u043e \u0438 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 47 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432, \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432, \u043f\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u043c \u0430 \u043b\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0439 polyfill.\n\n\ud83d\udc40 \u041a\u0441\u0442\u0430\u0442\u0438, \u043e \u0446\u0435\u043f\u043e\u0447\u043a\u0430\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u2014 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e npm \u0438 PyPi \u0441\u0442\u0440\u0430\u0434\u0430\u044e\u0442 \u043e\u0442 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u043d\u0430\u0431\u0435\u0433\u043e\u0432 \u2014 \u0432 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 .net \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 NuGet. \n\n\ud83d\udd13 \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 FIN7 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u0430\u0442\u0438\u0448\u044c\u044f, \u0432\u0438\u0434\u0438\u043c\u043e, \u0441\u043c\u0435\u043d\u0438\u043b\u0430 \u0444\u043e\u043a\u0443\u0441 \u0441\u0432\u043e\u0435\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u2014 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435, \u0435\u0439 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0443\u044e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0412\u041f\u041e.\n\n\ud83d\udd0e \u0410\u043d\u0430\u043b\u0438\u0437 \u0412\u041f\u041e Dodgebox, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f APT41/Earth Baku/Winnti. Dodgebox \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 Stealthvector, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u0431\u044d\u043a\u0434\u043e\u0440 MoonWalk.  \u0411\u044d\u043a\u0434\u043e\u0440\u0443 \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u0430 \u0432\u0442\u043e\u0440\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\ud83e\udd21 \u041f\u043e\u0441\u043b\u0435 \u0432\u043e\u043b\u043d\u044b \u0432\u043e\u0437\u043c\u0443\u0442\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0442\u0435\u0447\u0435\u043a Snowflake \u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 MFA \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432. \n\n\ud83d\udc6e\u200d\u2640\ufe0f \u0420\u0430\u0437\u0431\u043e\u0440 \u0441\u0432\u0435\u0436\u0438\u0445 \u0442\u0430\u043a\u0442\u0438\u043a \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a: Akira, Bianlian, Estate, Hardbit.\n\n\ud83d\udcac \u0421\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Exim \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043c\u0435\u0439\u043b\u044b \u043c\u043e\u0436\u043d\u043e \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432 \u043e\u0431\u0445\u043e\u0434 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432. \u0417\u0430\u043a\u0440\u044b\u0432\u0430\u0442\u044c CVE-2024-39929 \u043d\u0430\u0434\u043e \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e.\n\n\u0410 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f \u0434\u044b\u0440\u0430 \u0432 PHP (CVE-2024-4577, \u0432\u043b\u0438\u044f\u0435\u0442 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 Windows-\u0441\u0435\u0440\u0432\u0435\u0440\u044b) \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\ud83d\udcf1 \u0428\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0439 Android-\u0437\u043b\u043e\u0432\u0440\u0435\u0434 Guardzoo \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0432\u043e\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #APT #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2024-07-15T10:31:36.000000Z"}, {"uuid": "8ef592bb-c503-41a8-b282-cfabe078da50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39922", "type": "seen", "source": "https://t.me/cvedetector/2984", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39922 - Siemens LOGO! Password Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39922 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:15:21.000000Z"}, {"uuid": "dc4e082d-fa48-4a60-940c-5634e44f7d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/cvedetector/57", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39929 - Exim through 4.97.1 misparses a multiline RFC 2231\", \n  \"Content\": \"CVE ID : CVE-2024-39929 \nPublished : July 4, 2024, 3:15 p.m. | 21\u00a0minutes ago \nDescription : Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T17:40:57.000000Z"}, {"uuid": "21cccc20-3034-496a-9353-2a59b04788ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "seen", "source": "https://t.me/cvedetector/5644", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39926 - \"Vaultwarden HTML Injection/Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-39926 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:00.000000Z"}, {"uuid": "54279d09-dbe0-4364-bef7-e52ff79291eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "seen", "source": "https://t.me/cvedetector/5647", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39925 - Vaultwarden (formerly Bitwarden_RS) Key Leak and Unauthorized Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39925 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:05.000000Z"}, {"uuid": "01a8ae24-356b-4197-8275-af5a79790a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39924", "type": "seen", "source": "https://t.me/cvedetector/5646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39924 - Vaultwarden Emergency Access Privilege Escalation (Authorization Bypass)\", \n  \"Content\": \"CVE ID : CVE-2024-39924 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:01.000000Z"}, {"uuid": "136ee07a-ec36-45ef-a952-69cfdfaac0f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39921", "type": "seen", "source": "https://t.me/cvedetector/4747", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39921 - IPCOM EX2 and VE2 Series Encryption Decryption Timing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39921 \nPublished : Sept. 4, 2024, 3:15 a.m. | 36\u00a0minutes ago \nDescription : Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T06:01:55.000000Z"}, {"uuid": "f4b8f5c4-8f16-40cb-917c-00ed14bb7c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "Telegram/ovbI8xv5BNX4_LLRvKXR92W_EWQetGo_Ju2IFFr-lkd8AQ", "content": "", "creation_timestamp": "2024-07-12T16:06:18.000000Z"}, {"uuid": "bf5da189-f6a2-4d92-8b97-903152e0acd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "exploited", "source": "https://t.me/ViralCyber/3587", "content": "\u26a0\ufe0f\u06a9\u0634\u0641 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 \u0631\u0648\u06cc Exim Mail Server\n\ud83d\uddc4\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 CVE-2024-39929 \u062f\u0631 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 Mail Server \u0645\u0639\u0631\u0648\u0641 #Exim \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 #\u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f.\n\ud83d\uddc4 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0646\u0627\u0634\u06cc \u0627\u0632 \u06cc\u06a9 \u0628\u0627\u06af \u062f\u0631 \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u062d\u0627\u0641\u0638\u062a\u06cc \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u062f \u0648 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0636\u0645\u06cc\u0645\u0647 \u0627\u062c\u0631\u0627\u06cc\u06cc \u0631\u0627 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627\u064b \u0628\u0647 \u0635\u0646\u062f\u0648\u0642\u200c\u0647\u0627\u06cc \u0627\u06cc\u0645\u06cc\u0644 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f. \n\ud83d\uddc4\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Exim \u062a\u0627 4.97.1 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647\u200c\u0627\u0646\u062f \u0648 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0646\u0633\u062e\u0647 4.98 \u0628\u0631\u0637\u0631\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\ud83d\uddc4\u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646\u060c \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0627\u06cc\u062f \u0641\u0648\u0631\u0627\u064b \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u0646\u062f.\n\ud83d\uddc4\u0628\u06cc\u0634 \u0627\u0632 1.5 \u0645\u06cc\u0644\u06cc\u0648\u0646 IP \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u062f\u0631 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0646\u062f.\n\n\u2757\ufe0f\ud83d\udc48\u0647\u0645 \u0627\u06a9\u0646\u0648\u0646 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0628\u06cc\u0634 \u0627\u0632 9000 \u062a\u0627 \u0633\u0631\u0648\u0631 Exim \u062f\u06cc\u062f\u0647 \u0645\u06cc\u0634\u0648\u062f \u06a9\u0647 \u062a\u0646\u0647\u0627 20 \u062a\u0627\u06cc \u0622\u0646\u0647\u0627 \u0628\u0647 \u0646\u0633\u062e\u0647 Patch \u0634\u062f\u0647 (4.98) \u0628\u0631\u0648\u0632 \u0634\u062f\u0647 \u0627\u0646\u062f \u0648 \u0628\u0642\u06cc\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u0646\u062f!\n\n\u26a0\ufe0f\u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0627\u0631\u0627\u06cc Exploit \u0628\u0648\u062f\u0647 \u0648 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0647\u0645 \u0627\u06a9\u0646\u0648\u0646 \u062f\u0631 \u062d\u0627\u0644 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06af\u0633\u062a\u0631\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0647\u0633\u062a\u0646\u062f.\n\ud83d\udd17\u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a", "creation_timestamp": "2024-07-16T15:19:00.000000Z"}, {"uuid": "089e1fd8-35a6-41a3-af59-79fe69da125e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/14875", "content": "The Hacker News\nCritical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments\n\nA critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.\n\nThe vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.\n\n\"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass", "creation_timestamp": "2024-07-12T16:06:19.000000Z"}, {"uuid": "13e7c2c5-e45d-4d93-8dd1-5f78a06bade7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39920", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/4830", "content": "\u200aSnailLoad (CVE-2024-39920): New Side-Channel Attack Exposes Your Web Activity\n\nhttps://securityonline.info/snailload-cve-2024-39920-new-side-channel-attack-exposes-your-web-activity/", "creation_timestamp": "2024-07-04T18:29:19.000000Z"}, {"uuid": "b17f4e57-308c-4b7a-b5c1-cf54ad25e86f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/KomunitiSiber/2245", "content": "Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments\nhttps://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html\n\nA critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.\n\nThe vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.\n\n\"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass", "creation_timestamp": "2024-07-12T15:37:56.000000Z"}, {"uuid": "9547f8a2-cf3d-4e5e-9446-f6cdd3034a9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "published-proof-of-concept", "source": "Telegram/9qufR3cMaf6O8QO5WTY2J_DyxQX5aWXH3-yo2WrYh0TGRQ", "content": "", "creation_timestamp": "2024-07-12T15:50:19.000000Z"}, {"uuid": "7fee936c-be97-47e4-948b-cfa3104c9d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2892", "content": "The Hacker News\nCritical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments\n\nA critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.\n\nThe vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.\n\n\"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass", "creation_timestamp": "2024-07-12T16:06:19.000000Z"}, {"uuid": "df24a989-4e72-42f7-9cdd-60031e5ace4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/true_secator/5963", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Exim \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-39929 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Exim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.97.1.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u043e\u043c \u043c\u043d\u043e\u0433\u043e\u0441\u0442\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u0438\u043c\u0435\u043d\u0438 \u0444\u0430\u0439\u043b\u0430 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 RFC 2231.\n\n\u0412\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0441\u044c \u044d\u0442\u0438\u043c, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f $mime_filename \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u044f\u0449\u0438\u043a\u0438 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Censys, \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exim, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 1,5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430. \u0422\u0430\u043a \u0447\u0442\u043e \u0432\u0441\u0435 \u0435\u0449\u0435 \u0432\u043f\u0435\u0440\u0435\u0434\u0438.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-07-12T13:30:05.000000Z"}, {"uuid": "4f882b6d-cb0e-4afd-8244-0543dd406dff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "seen", "source": "https://t.me/cybersecs/2937", "content": "EXIM ( CVE-2024-39929 )\n\nhttps://censys.com/cve-2024-39929/", "creation_timestamp": "2024-07-16T09:25:33.000000Z"}, {"uuid": "066bf209-2458-4303-b1bd-49d53dc09ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39929", "type": "exploited", "source": "https://t.me/SecLabNews/15394", "content": "\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 exim, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432\n\n\ud83c\udf10\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Censys \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-39929 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Exim, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0431\u043e\u043b\u0435\u0435 1,5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \n\n\ud83d\udce7\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0444\u0438\u043b\u044c\u0442\u0440\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u044f\u0449\u0438\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \n\n\ud83d\udd27\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Exim \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u041f\u041e \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a. \n\n#\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #exim @SecLabNews", "creation_timestamp": "2024-07-16T06:53:36.000000Z"}]}