{"vulnerability": "cve-2024-5038", "sightings": [{"uuid": "5ee62b6a-e1e9-4d58-873a-29946f107d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50388", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113606852984337711", "content": "", "creation_timestamp": "2024-12-06T16:36:46.270181Z"}, {"uuid": "1d307f7b-02e2-4c3d-9114-e82e9a5e7f24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113606852969444783", "content": "", "creation_timestamp": "2024-12-06T16:36:45.982382Z"}, {"uuid": "4dce42ca-f6d9-4b5b-955b-0fbf00e1a151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50389", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113606853001606040", "content": "", "creation_timestamp": "2024-12-06T16:36:46.507354Z"}, {"uuid": "8112e68d-aec1-4d7f-8713-a9647fe06650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50381", "type": "seen", "source": "https://t.me/cvedetector/11803", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50381 - Snap One OVRC Hub Device Impersonation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50381 \nPublished : Dec. 2, 2024, 5:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T19:35:45.000000Z"}, {"uuid": "318aafb8-1631-464b-8ff5-1238cfb7786d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50388", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-760/", "content": "", "creation_timestamp": "2025-07-31T03:00:00.000000Z"}, {"uuid": "f352a1f5-bd41-4bd7-a76b-6cb40d936b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-759/", "content": "", "creation_timestamp": "2025-07-31T03:00:00.000000Z"}, {"uuid": "e8e7d4c4-f093-4dbc-b065-c1f682f80099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50389", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-741/", "content": "", "creation_timestamp": "2025-07-31T03:00:00.000000Z"}, {"uuid": "d769f036-1805-41de-a5f6-4c59347790d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "30b02166-c11a-4c42-9f6d-ca1e97941909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50384", "type": "seen", "source": "https://infosec.place/objects/c215c316-5d1e-4452-b1f8-837a04408ec5", "content": "", "creation_timestamp": "2025-04-02T14:00:14.880264Z"}, {"uuid": "8bd27fd6-1aac-40b2-bb08-b35e51eaef91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50384", "type": "seen", "source": "https://infosec.place/objects/c215c316-5d1e-4452-b1f8-837a04408ec5", "content": "", "creation_timestamp": "2025-04-02T14:00:14.881553Z"}, {"uuid": "0522c9cf-8f01-4960-9b3b-fc385825c9c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50385", "type": "seen", "source": "https://infosec.place/objects/c215c316-5d1e-4452-b1f8-837a04408ec5", "content": "", "creation_timestamp": "2025-04-02T14:00:14.944850Z"}, {"uuid": "7bae9672-3c10-4b0c-b9cf-1ef4efd74e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50385", "type": "seen", "source": "https://infosec.place/objects/c215c316-5d1e-4452-b1f8-837a04408ec5", "content": "", "creation_timestamp": "2025-04-02T14:00:14.935068Z"}, {"uuid": "556916df-7b0e-4ac7-92a0-e2dd4ed513e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50385", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lltuidpl4v2n", "content": "", "creation_timestamp": "2025-04-02T17:02:02.377019Z"}, {"uuid": "62e15301-b6de-4e2b-a24e-2601936b7466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50384", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lltuie5qbd26", "content": "", "creation_timestamp": "2025-04-02T17:02:04.688700Z"}, {"uuid": "b92388f6-37a8-47b4-a641-e93111880aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:28.000000Z"}, {"uuid": "2f99cc8c-e164-49db-bb8d-316afe9caeee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50386", "type": "seen", "source": "https://t.me/CyberBulletin/1443", "content": "\u26a1\ufe0fApache CloudStack Releases Security Update for KVM Infrastructure Vulnerability \u2013 CVE-2024-50386.\n\n#CyberBulletin", "creation_timestamp": "2024-11-13T07:54:11.000000Z"}, {"uuid": "e58cf8f9-e6c5-4b7c-9036-d6a864c292ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50385", "type": "seen", "source": "https://t.me/cvedetector/21891", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50385 - STMicroelectronics X-CUBE-AZRTOS-WL NetX Component HTTP Server Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-50385 \nPublished : April 2, 2025, 2:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T19:10:12.000000Z"}, {"uuid": "0269ebeb-e42d-48fa-9e6b-6d85cd4deab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50384", "type": "seen", "source": "https://t.me/cvedetector/21890", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50384 - STMicroelectronics X-CUBE-AZRTOS-WL NetX Component HTTP Server Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50384 \nPublished : April 2, 2025, 2:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T19:10:12.000000Z"}, {"uuid": "79a276fe-e9d7-46df-a10d-5404def16aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50389", "type": "seen", "source": "https://t.me/cvedetector/12252", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50389 - A SQL injection vulnerability has been reported to\", \n  \"Content\": \"CVE ID : CVE-2024-50389 \nPublished : Dec. 6, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code.  \n  \nWe have already fixed the vulnerability in the following version:  \nQuRouter 2.4.5.032 and later \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T18:58:20.000000Z"}, {"uuid": "c79caf2e-0408-402e-aca1-f74b5a5a4f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50388", "type": "seen", "source": "https://t.me/cvedetector/12251", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50388 - An OS command injection vulnerability has been rep\", \n  \"Content\": \"CVE ID : CVE-2024-50388 \nPublished : Dec. 6, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.  \n  \nWe have already fixed the vulnerability in the following version:  \nHBS 3 Hybrid Backup Sync 25.1.1.673 and later \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T18:58:19.000000Z"}, {"uuid": "cee62836-0c88-4488-8445-d5a32a45f889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "seen", "source": "https://t.me/cvedetector/12250", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50387 - A SQL injection vulnerability has been reported to\", \n  \"Content\": \"CVE ID : CVE-2024-50387 \nPublished : Dec. 6, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.  \n  \nWe have already fixed the vulnerability in the following version:  \nSMB Service 4.15.002 and later  \nSMB Service h4.15.002 and later \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T18:58:19.000000Z"}, {"uuid": "6cac7bad-3384-4169-8459-9897586fe1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50386", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/10621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50386 - Apache CloudStack KVM Template Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50386 \nPublished : Nov. 12, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.  \n  \n  \nUsers are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue.   \n  \nAdditionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.  \n  \n  \nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done  \nFor checking the whole template/volume features of each disk, operators can run the following command:  \n  \n  \nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T17:12:40.000000Z"}, {"uuid": "d2fb199f-fe5d-4f90-90b3-00a700e90da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50380", "type": "seen", "source": "https://t.me/cvedetector/11808", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50380 - Snap One OVRC MAC Address Impersonation Vulnearbility\", \n  \"Content\": \"CVE ID : CVE-2024-50380 \nPublished : Dec. 2, 2024, 5:15 p.m. | 51\u00a0minutes ago \nDescription : Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T19:35:53.000000Z"}, {"uuid": "cd45d14b-fae2-4481-9074-a6a6d33e5f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50381", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6430", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Team82 Claroty \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 10 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0445\u043e\u0434\u0435 \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b OvrC \u043e\u0442 Snap One, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445.\n\nOvrC \u043f\u043e\u0437\u0438\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043d\u0435\u043f\u043e\u043b\u0430\u0434\u043e\u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 IoT \u0432 \u0441\u0435\u0442\u0438, \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044b \u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 500\u00a0000 \u043b\u043e\u043a\u0430\u0446\u0438\u044f\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438 \u043d\u0430\u0440\u0443\u0448\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 OvrC, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438 \u043f\u0438\u0442\u0430\u043d\u0438\u044f, \u043a\u0430\u043c\u0435\u0440\u044b, \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b, \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0434\u0440.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 OvrC Pro \u0438 OvrC Connect, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u043e\u0441\u044c\u043c\u0438 \u0438\u0437 \u043d\u0438\u0445 \u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430, \u0430 \u0434\u043b\u044f \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0434\u0432\u0443\u0445 - 12 \u043d\u043e\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e-\u043e\u0431\u043b\u0430\u043a\u043e.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0430\u0440\u044c\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043e\u0442 \u0441\u043b\u0430\u0431\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0430, \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u0432 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0438\u0445 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0434\u0430\u0436\u0435 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a:\n\n- CVE-2023-28649\u00a0(CVSS v4: 9,2): \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0442\u043e\u0440 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e;\n\n- CVE-2023-31241\u00a0(CVSS v4: 9,2): \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u044f\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043d\u0435\u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043e\u0431\u0445\u043e\u0434\u044f \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u043d\u043e\u043c\u0435\u0440\u0430;\n\n- CVE-2023-28386\u00a0(CVSS v4: 9,2): \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430;\n\n- CVE-2024-50381\u00a0(CVSS v4: 9,1): \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0442\u043e\u0440 \u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e \u043e\u0442\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0435\u0433\u043e.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430, \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC- \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 OvrC \u043e\u0442 Team82.", "creation_timestamp": "2024-11-14T14:04:06.000000Z"}, {"uuid": "892701b5-e2c3-4d20-99f0-afa1dd62c96e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50383", "type": "seen", "source": "https://t.me/cvedetector/8725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50383 - Botan Compiler-Induced Carry Skipping Secret Dependence Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50383 \nPublished : Oct. 23, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T19:54:21.000000Z"}, {"uuid": "1b7e420a-bb1c-4ef1-ae97-705eb4ee89e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50382", "type": "seen", "source": "https://t.me/cvedetector/8724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50382 - Botan AES-GCM GHASH Compiler-Induced Secret-Dependent Control Flow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50382 \nPublished : Oct. 23, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T19:54:20.000000Z"}, {"uuid": "951ceace-3488-4e78-88b3-c52c392616e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50386", "type": "seen", "source": "https://t.me/CyberBulletin/26405", "content": "\u26a1\ufe0fApache CloudStack Releases Security Update for KVM Infrastructure Vulnerability \u2013 CVE-2024-50386.\n\n#CyberBulletin", "creation_timestamp": "2024-11-13T07:54:11.000000Z"}, {"uuid": "a27dbb02-e059-4b3c-9947-2564f814e86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50388", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6377", "content": "\u041d\u0430\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0433\u043e\u0440\u044c\u043a\u0438\u043c \u043e\u043f\u044b\u0442\u043e\u043c \u0430\u0442\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 DeadBolt, Qlocker, eCh0raix \u0438 AgeLocker \u0437\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0442\u0440\u0438 \u0433\u043e\u0434\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a NAS-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 QNAP \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u0438\u043d\u044f\u043b\u0441\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c Pwn2Own Ireland 2024 \u043d\u0443\u043b\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0437\u0430\u043a\u0440\u044b\u0442\u0430\u044f 0-day \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-50388 \u0438 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421 \u0432\u00a0HBS 3 Hybrid Backup Sync\u00a0\u0432\u0435\u0440\u0441\u0438\u0438 25.1.x, \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 HBS 3 Hybrid Backup Sync 25.1.1.673 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445.\n\n\u0415\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u0438\u0437 Viettel Cyber Security, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\u00a0\u0438\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u00a0\u043d\u0430 \u0442\u0440\u0435\u0442\u0438\u0439 \u0434\u0435\u043d\u044c Pwn2Own Ireland 2024.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a\u00a0CVE-2024-50387, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 SMB \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.15.002 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 h4.15.002 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 0-day \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u043b\u0430\u0441\u044c \u043d\u0435\u0434\u0435\u043b\u044f \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a YingMuo \u0438\u0437 DEVCORE \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f \u043a root-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435 \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u043b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c NAS QNAP TS-464\u00a0\u043d\u0430 Pwn2Own Ireland 2024.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f Trend Micro's Zero Day Initiative \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f 90 \u0434\u043d\u0435\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442 \u043d\u0430\u0434 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c QNAP \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0431\u0440\u0430\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u0440 \u0441 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0438 \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0431\u0443\u0434\u0443\u0442 \u0440\u0435\u0432\u0435\u0440\u0441\u0438\u0442\u044c \u043a\u043e\u0434 \u0432 \u043f\u043e\u0438\u0441\u043a\u0430\u0445 \u0442\u0435\u0445 \u0441\u0430\u043c\u044b\u0445 \u043d\u0443\u043b\u0435\u0439, \u0447\u0442\u043e \u043d\u0435 \u0440\u0430\u0437 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430.", "creation_timestamp": "2024-10-31T10:54:39.000000Z"}, {"uuid": "47b4dad8-274b-401c-8a04-c8cdd5c491b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50387", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6377", "content": "\u041d\u0430\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0433\u043e\u0440\u044c\u043a\u0438\u043c \u043e\u043f\u044b\u0442\u043e\u043c \u0430\u0442\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 DeadBolt, Qlocker, eCh0raix \u0438 AgeLocker \u0437\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0442\u0440\u0438 \u0433\u043e\u0434\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a NAS-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 QNAP \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u0438\u043d\u044f\u043b\u0441\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c Pwn2Own Ireland 2024 \u043d\u0443\u043b\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0437\u0430\u043a\u0440\u044b\u0442\u0430\u044f 0-day \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-50388 \u0438 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421 \u0432\u00a0HBS 3 Hybrid Backup Sync\u00a0\u0432\u0435\u0440\u0441\u0438\u0438 25.1.x, \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 HBS 3 Hybrid Backup Sync 25.1.1.673 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445.\n\n\u0415\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u0438\u0437 Viettel Cyber Security, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\u00a0\u0438\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u00a0\u043d\u0430 \u0442\u0440\u0435\u0442\u0438\u0439 \u0434\u0435\u043d\u044c Pwn2Own Ireland 2024.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a\u00a0CVE-2024-50387, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 SMB \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.15.002 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 h4.15.002 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 0-day \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u043b\u0430\u0441\u044c \u043d\u0435\u0434\u0435\u043b\u044f \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a YingMuo \u0438\u0437 DEVCORE \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f \u043a root-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435 \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u043b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c NAS QNAP TS-464\u00a0\u043d\u0430 Pwn2Own Ireland 2024.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f Trend Micro's Zero Day Initiative \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f 90 \u0434\u043d\u0435\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442 \u043d\u0430\u0434 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c QNAP \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0431\u0440\u0430\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u0440 \u0441 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0438 \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0431\u0443\u0434\u0443\u0442 \u0440\u0435\u0432\u0435\u0440\u0441\u0438\u0442\u044c \u043a\u043e\u0434 \u0432 \u043f\u043e\u0438\u0441\u043a\u0430\u0445 \u0442\u0435\u0445 \u0441\u0430\u043c\u044b\u0445 \u043d\u0443\u043b\u0435\u0439, \u0447\u0442\u043e \u043d\u0435 \u0440\u0430\u0437 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430.", "creation_timestamp": "2024-10-31T10:54:39.000000Z"}]}