{"vulnerability": "cve-2024-3932", "sightings": [{"uuid": "c0cc04db-6b5e-463a-889d-8f9605f68767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzyjtyd2t", "content": "", "creation_timestamp": "2025-02-19T12:00:13.095978Z"}, {"uuid": "b7fd4c31-e75c-4395-8a48-c137f52ed3c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://t.me/cvedetector/18335", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39327 - Atos Eviden IDRA Access Control Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-39327 \nPublished : Feb. 18, 2025, 5:15 p.m. | 30\u00a0minutes ago \nDescription : Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T19:19:17.000000Z"}, {"uuid": "e6184eac-8389-4e38-ba36-994d5326d25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lio5652hs22m", "content": "", "creation_timestamp": "2025-02-21T06:05:51.308947Z"}, {"uuid": "5ee63078-cde3-4c12-8f35-8f2232615164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "40636808-c4eb-41c9-80ee-e1e2e70c3b42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/f7d3e0a5-0b01-4120-b61f-763c0f94f7c7", "content": "", "creation_timestamp": "2025-02-18T21:49:43.930268Z"}, {"uuid": "1078e8db-828e-4f64-8f86-94bc67d68580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-39328", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/f7d3e0a5-0b01-4120-b61f-763c0f94f7c7", "content": "", "creation_timestamp": "2025-02-18T21:49:43.930268Z"}, {"uuid": "aff6d515-8010-4075-b11a-3fb34cdd6638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihra2slcs23", "content": "", "creation_timestamp": "2025-02-18T17:16:10.779215Z"}, {"uuid": "c72bf235-6ad2-4018-a921-0ccfe1b19a2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39328", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihukyouae2y", "content": "", "creation_timestamp": "2025-02-18T18:15:58.690583Z"}, {"uuid": "8fcc2537-4d1f-4ed6-8851-432500a3c169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114026383696752900", "content": "", "creation_timestamp": "2025-02-18T18:49:06.125454Z"}, {"uuid": "5cbd6634-96a5-485e-b265-08a227ab7281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/", "content": "", "creation_timestamp": "2025-02-18T21:32:49.990482Z"}, {"uuid": "6e0e2ab2-97cf-456b-b214-09101bbc9c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-39328", "type": "seen", "source": "https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/", "content": "", "creation_timestamp": "2025-02-18T21:33:52.610763Z"}, {"uuid": "64afe23d-1b15-49a1-b99f-caae59347740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liihtlzcbq2a", "content": "", "creation_timestamp": "2025-02-19T00:00:49.993606Z"}, {"uuid": "45a338e8-5e9b-4471-82b0-469a827fbd3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39328", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "c389da23-51dc-488b-8e93-63819e03bc30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39320", "type": "published-proof-of-concept", "source": "Telegram/zdCwE2ls9oN1sn5YvZ_l1tP3h1FpXiQw0tA5qVOUOYzv9pLM", "content": "", "creation_timestamp": "2024-08-20T10:25:17.000000Z"}, {"uuid": "f5e1bd03-272c-4163-84c5-add78e1cffd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39320", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1614", "content": "function displayMessage(userInput) {\n    document.getElementById('message').innerHTML = userInput;\n}\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 XSS:\n1. \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0643\u0648\u062f: \u0627\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u0641\u064a\u0647\u0627 \u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629 (Sanitization).\n2. \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a: \u062d\u0627\u0648\u0644 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0641\u064a \u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u062a\u064a \u062a\u0642\u0628\u0644 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\n#### \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0643 \u062d\u0642\u0644 \u0625\u062f\u062e\u0627\u0644 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 kafka-ui \u064a\u0642\u0628\u0644 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645. \u064a\u0645\u0643\u0646 \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0628\u0631 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0628\u0633\u064a\u0637\u0629 \u0645\u062b\u0644:\nalert('XSS');\n\u0625\u0630\u0627 \u062a\u0645 \u0639\u0631\u0636 \u0627\u0644\u0631\u0633\u0627\u0644\u0629 \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d\u060c \u0641\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0639\u0631\u0636 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0624\u0643\u062f \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 XSS.\n\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0625\u0635\u0644\u0627\u062d:\n1. \u062a\u0646\u0642\u064a\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a: \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0646\u0642\u064a\u0629 \u0643\u0627\u0641\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u0639\u0631\u0636\u0647\u0627 \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d.\n2. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0643\u062a\u0628\u0627\u062a \u0623\u0645\u0627\u0646: \u0645\u062b\u0644 DOMPurify \u0644\u062a\u0646\u0642\u064a\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a.\n\n\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 DOMPurify:\nfunction displayMessage(userInput) {\n    const sanitizedInput = DOMPurify.sanitize(userInput);\n    document.getElementById('message').innerHTML = sanitizedInput;\n}\n### GHSL-2023-230: \u062b\u063a\u0631\u0629 \u0623\u062e\u0631\u0649\n\u0628\u062f\u0648\u0646 \u062a\u0641\u0627\u0635\u064a\u0644 \u0625\u0636\u0627\u0641\u064a\u0629\u060c \u0645\u0646 \u0627\u0644\u0635\u0639\u0628 \u062a\u062d\u062f\u064a\u062f \u0646\u0648\u0639 \u0627\u0644\u062b\u063a\u0631\u0629. \u0644\u0643\u0646 \u064a\u0645\u0643\u0646 \u0627\u062a\u0628\u0627\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629:\n\n#### \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 (Vulnerable method):\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0646\u0627 \u0637\u0631\u064a\u0642\u0629 \u062a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0627\u0633\u062a\u0639\u0644\u0627\u0645 SQL \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629:\n\nString query = \"SELECT * FROM users WHERE username = '\" + userInput + \"'\";\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0629:\n1. \u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u0643\u0648\u062f: \u0627\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u062a\u064a \u0642\u062f \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062b\u063a\u0631\u0627\u062a \u0645\u062b\u0644 SQL Injection\u060c CSRF\u060c \u0648\u063a\u064a\u0631\u0647\u0627.\n2. \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0645\u0627\u0646: \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 OWASP ZAP \u0623\u0648 Burp Suite \u0644\u0625\u062c\u0631\u0627\u0621 \u0627\u062e\u062a\u0628\u0627\u0631\u0627\u062a \u0623\u0645\u0627\u0646 \u0634\u0627\u0645\u0644\u0629.\n\n#### \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\u062d\u0627\u0648\u0644 \u0625\u062f\u062e\u0627\u0644 \u0634\u064a\u0641\u0631\u0629 \u0636\u0627\u0631\u0629 \u0641\u064a \u062d\u0642\u0644 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 SQL Injection:\n' OR '1'='1\n\u0625\u0630\u0627 \u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0628\u0646\u062c\u0627\u062d \u0648\u0639\u0631\u0636 \u0643\u0627\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646\u060c \u0641\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0639\u0631\u0636 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0624\u0643\u062f \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 SQL Injection.\n\n#### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0625\u0635\u0644\u0627\u062d:\n1. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062d\u0636\u0631\u0629 (Prepared Statements): \u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062d\u0636\u0631\u0629 \u0644\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\n\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0645\u062d\u0636\u0631:\nString query = \"SELECT * FROM users WHERE username = ?\";\nPreparedStatement stmt = connection.prepareStatement(query);\nstmt.setString(1, userInput);\nResultSet rs = stmt.executeQuery();\n### \u0623\u062f\u0648\u0627\u062a \u0645\u0641\u064a\u062f\u0629:\n- OWASP ZAP: \u0623\u062f\u0627\u0629 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n- Burp Suite: \u0623\u062f\u0627\u0629 \u0645\u0647\u0646\u064a\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n\nALSED404:\n\u0643\u0634\u0641\u062a \u0634\u0631\u0643\u0629 \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0639\u0646 \u0623\u0631\u0628\u0639 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a OpenVPN \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0631\u0628\u0637\u0647\u0627 \u0644\u062a\u0645\u0643\u064a\u0646 RCE \u0648\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u062d\u0644\u064a\u0629.\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0625\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u0646\u0642\u0627\u0637 \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0631\u0636 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0644\u0644\u062e\u0637\u0631 \u0648\u064a\u0639\u0631\u0636 \u0627\u0644\u0646\u0638\u0627\u0645 \u0644\u0644\u062e\u0637\u0631.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html\n\nThe Smart Shadow:\n---\n\n\ud83d\udea8 CVE-2024-40800\n\n\u062a\u0645 \u0645\u0639\u0627\u0644\u062c\u0629 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u062d\u0633\u064a\u0646 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a. \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u062a\u0645 \u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n- macOS Sonoma 14.6\n- macOS Monterey 12.7.6\n- macOS Ventura 13.6.8\n\n\ud83d\udd0d \u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629:\n\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u062a\u0639\u0644\u0642 \u0628\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a\u060c \u0645\u0645\u0627 \u0642\u062f \u064a\u0633\u0645\u062d \u0644\u062a\u0637\u0628\u064a\u0642 \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0644\u0647 \u0628\u062a\u0639\u062f\u064a\u0644 \u0623\u062c\u0632\u0627\u0621 \u0645\u062d\u0645\u064a\u0629 \u0645\u0646 \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0644\u0641\u0627\u062a. \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0624\u062f\u064a \u0625\u0644\u0649 \u062a\u0639\u062f\u064a\u0644\u0627\u062a \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647\u0627 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0634\u0643\u0644 \u062e\u0637\u0631\u064b\u0627 \u0623\u0645\u0646\u064a\u064b\u0627 \u0643\u0628\u064a\u0631\u064b\u0627.\n\n\ud83d\udcc5 \u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0625\u0635\u062f\u0627\u0631:\n\u062a\u0645 \u0646\u0634\u0631 \u062a\u0641\u0627\u0635\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0641\u064a \u064a\u0648\u0644\u064a\u0648 2024 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 Full Disclosure\u060c \u0648\u0647\u0648 \u0645\u0635\u062f\u0631 \u0645\u0639\u0631\u0648\u0641 \u0628\u0646\u0634\u0631 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n\n\ud83d\udd12 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a:\n\u0646\u0646\u0635\u062d \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0645\u0630\u0643\u0648\u0631\u0629 \u0645\u0646 macOS \u0628\u062a\u062d\u062f\u064a\u062b \u0623\u0646\u0638\u0645\u062a\u0647\u0645 \u0641\u0648\u0631\u064b\u0627 \u0625\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0625\u0635\u0644\u0627\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0630\u0643\u0648\u0631\u0629 \u0623\u0639\u0644\u0627\u0647. \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0636\u0631\u0648\u0631\u064a\u0629 \u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0648\u0636\u0645\u0627\u0646 \u0633\u0644\u0627\u0645\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n\n\u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644\u060c \u064a\u0645\u0643\u0646\u0643\u0645 \u0632\u064a\u0627\u0631\u0629 \u0627\u0644\u0631\u0627\u0628\u0637 \u0627\u0644\u062a\u0627\u0644\u064a: [Full Disclosure - CVE-2024-40800](http://seclists.org/fulldisclosure/2024/Jul/18)\n\n\u0627\u0628\u0642\u0648\u0627 \u0622\u0645\u0646\u064a\u0646! \ud83d\udee1\ufe0f\n\n---\n\n\ud83d\udea8 CVE-2024-39320: \u062b\u063a\u0631\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 Discourse\n\n\u0627\u0643\u062a\u0634\u0641\u062a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 \u0627\u0644\u0646\u0642\u0627\u0634 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 Discourse \u0642\u0628\u0644 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 3.2.5 \u0648 3.3.0.beta5\u060c \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0625\u0645\u0643\u0627\u0646\u064a\u0629 \u062d\u0642\u0646 \u0625\u0637\u0627\u0631\u0627\u062a (iframes) \u0645\u0646 \u0623\u064a \u0646\u0637\u0627\u0642\u060c \u0645\u062a\u062c\u0627\u0648\u0632\u064a\u0646 \u0627\u0644\u0642\u064a\u0648\u062f \u0627\u0644\u062a\u064a \u064a\u064f\u0641\u062a\u0631\u0636 \u0623\u0646 \u064a\u062a\u0645 \u0641\u0631\u0636\u0647\u0627 \u0639\u0628\u0631 \u0625\u0639\u062f\u0627\u062f allowed_iframes. \n\n\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0647\u062c\u0648\u0645:\n- \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0625\u062f\u0631\u0627\u062c \u0645\u062d\u062a\u0648\u0649 \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0625\u0637\u0627\u0631\u0627\u062a \u0639\u0644\u0649 \u0635\u0641\u062d\u0627\u062a \u0627\u0644\u0645\u0646\u0627\u0642\u0634\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0631\u0636 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0644\u0645\u062e\u0627\u0637\u0631 \u0645\u062b\u0644 \u0627\u0644\u062a\u0635\u064a\u062f \u0627\u0644\u0627\u062d\u062a\u064a\u0627\u0644\u064a \u0623\u0648 \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n\n\u0627\u0644\u0625\u0635\u0644\u0627\u062d: \n- \u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 3.2.5 \u0648 3.3.0.beta5. \u064a\u064f\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u062a\u062d\u062f\u064a\u062b \u0645\u0646\u0635\u0627\u062a\u0647\u0645 \u0625\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0623\u0648 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0623\u062d\u062f\u062b \u0644\u0636\u0645\u0627\u0646 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u0647\u062c\u0648\u0645.", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "20a198db-afe1-4f6e-a2cd-5434e9f8cc2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39320", "type": "seen", "source": "https://t.me/cvedetector/2040", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39320 - Discourse Cross-Site Scripting via iframe Injection\", \n  \"Content\": \"CVE ID : CVE-2024-39320 \nPublished : July 30, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T18:15:09.000000Z"}, {"uuid": "0b951ad8-0a09-44e5-82ab-a755fec6a6c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39329", "type": "seen", "source": "https://t.me/cvedetector/509", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39329 - An issue was discovered in Django 5.0 before 5.0.7\", \n  \"Content\": \"CVE ID : CVE-2024-39329 \nPublished : July 10, 2024, 5:15 a.m. | 16\u00a0minutes ago \nDescription : An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T07:33:46.000000Z"}, {"uuid": "8e6e4931-7449-44b2-9eca-cded6920b10f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39321", "type": "seen", "source": "https://t.me/cvedetector/124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39321 - Traefik is an HTTP reverse proxy and load balancer\", \n  \"Content\": \"CVE ID : CVE-2024-39321 \nPublished : July 5, 2024, 6:15 p.m. | 33\u00a0minutes ago \nDescription : Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-05T20:51:39.000000Z"}, {"uuid": "98c30a31-7a61-4c14-a9fc-d44452dcfbf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39327", "type": "seen", "source": "https://t.me/CyberBulletin/2374", "content": "\u26a1CVE-2024-39327 (CVSS 9.9): Critical IDPKI Flaw Could Allow Illegitimate Certificate Issuance.\n\n#CyberBulletin", "creation_timestamp": "2025-02-21T12:00:50.000000Z"}, {"uuid": "cc6a6c5c-6877-41b8-9f46-58a4769beed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-39321", "type": "published-proof-of-concept", "source": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9", "content": "", "creation_timestamp": "2024-07-04T14:13:15.000000Z"}]}