Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 26 May 2026 12:05:23 +0000 b2e214f1-c50a-4ce2-853f-c761942ad031 https://db.gcve.eu/sighting/b2e214f1-c50a-4ce2-853f-c761942ad031/export {"uuid": "b2e214f1-c50a-4ce2-853f-c761942ad031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38046", "type": "seen", "source": "https://t.me/cibsecurity/66589", "content": "\u203c CVE-2023-38046 \u203c\n\nA vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:26:04.000000Z"} {"uuid": "b2e214f1-c50a-4ce2-853f-c761942ad031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38046", "type": "seen", "source": "https://t.me/cibsecurity/66589", "content": "\u203c CVE-2023-38046 \u203c\n\nA vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T20:26:04.000000Z"} https://db.gcve.eu/sighting/b2e214f1-c50a-4ce2-853f-c761942ad031/export Wed, 12 Jul 2023 20:26:04 +0000 490bf48e-06a5-4260-92e9-a655e930ecba https://db.gcve.eu/sighting/490bf48e-06a5-4260-92e9-a655e930ecba/export {"uuid": "490bf48e-06a5-4260-92e9-a655e930ecba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3804", "type": "seen", "source": "https://t.me/cibsecurity/67074", "content": "\u203c CVE-2023-3804 \u203c\n\nA vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:21.000000Z"} {"uuid": "490bf48e-06a5-4260-92e9-a655e930ecba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3804", "type": "seen", "source": "https://t.me/cibsecurity/67074", "content": "\u203c CVE-2023-3804 \u203c\n\nA vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:21.000000Z"} https://db.gcve.eu/sighting/490bf48e-06a5-4260-92e9-a655e930ecba/export Fri, 21 Jul 2023 07:33:21 +0000 9091281e-898a-4064-b691-aef27a4f5a7e https://db.gcve.eu/sighting/9091281e-898a-4064-b691-aef27a4f5a7e/export {"uuid": "9091281e-898a-4064-b691-aef27a4f5a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38044", "type": "seen", "source": "https://t.me/cibsecurity/67892", "content": "\u203c CVE-2023-38044 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:24.000000Z"} {"uuid": "9091281e-898a-4064-b691-aef27a4f5a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38044", "type": "seen", "source": "https://t.me/cibsecurity/67892", "content": "\u203c CVE-2023-38044 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:24.000000Z"} https://db.gcve.eu/sighting/9091281e-898a-4064-b691-aef27a4f5a7e/export Mon, 07 Aug 2023 20:18:24 +0000 c5a3b5d7-ba24-4043-b849-2fb8acea377f https://db.gcve.eu/sighting/c5a3b5d7-ba24-4043-b849-2fb8acea377f/export {"uuid": "c5a3b5d7-ba24-4043-b849-2fb8acea377f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38045", "type": "seen", "source": "https://t.me/cibsecurity/67893", "content": "\u203c CVE-2023-38045 \u203c\n\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:25.000000Z"} {"uuid": "c5a3b5d7-ba24-4043-b849-2fb8acea377f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38045", "type": "seen", "source": "https://t.me/cibsecurity/67893", "content": "\u203c CVE-2023-38045 \u203c\n\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:25.000000Z"} https://db.gcve.eu/sighting/c5a3b5d7-ba24-4043-b849-2fb8acea377f/export Mon, 07 Aug 2023 20:18:25 +0000 b1dba26a-77df-4fe2-9099-6a630e4dab47 https://db.gcve.eu/sighting/b1dba26a-77df-4fe2-9099-6a630e4dab47/export {"uuid": "b1dba26a-77df-4fe2-9099-6a630e4dab47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38040", "type": "seen", "source": "https://t.me/cibsecurity/70629", "content": "\u203c CVE-2023-38040 \u203c\n\nA reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-17T12:27:14.000000Z"} {"uuid": "b1dba26a-77df-4fe2-9099-6a630e4dab47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38040", "type": "seen", "source": "https://t.me/cibsecurity/70629", "content": "\u203c CVE-2023-38040 \u203c\n\nA reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-17T12:27:14.000000Z"} https://db.gcve.eu/sighting/b1dba26a-77df-4fe2-9099-6a630e4dab47/export Sun, 17 Sep 2023 12:27:14 +0000 da07210f-5175-4fc0-849f-706e210d8ee9 https://db.gcve.eu/sighting/da07210f-5175-4fc0-849f-706e210d8ee9/export {"uuid": "da07210f-5175-4fc0-849f-706e210d8ee9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38042", "type": "seen", "source": "https://t.me/itsec_news/4463", "content": "\u200b\u26a1\ufe0f\u0421\u0440\u0430\u0437\u0443 \u043f\u044f\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Ivanti \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n\ud83d\udcac21 \u043c\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u043a\u0430\u043a Endpoint Manager, Avalanche, Neurons for ITSM, Connect Secure \u0438 Secure Access. \u0421\u0443\u043c\u043c\u0430\u0440\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e 16 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u044b \u043a\u0440\u0430\u0442\u043a\u043e \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043d\u0438\u0436\u0435.\n\n\u0418\u0437 \u0434\u0435\u0441\u044f\u0442\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Endpoint Manager \u0448\u0435\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\u043c\u0438 (CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, CVE-2024-29827). \u041e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 9.6 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0435\u043c\u0443\u0441\u044f \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0441\u0435\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Endpoint Manager (CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, CVE-2024-29846) \u0443\u0436\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \u042d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 8.4 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f Core \u0441\u0435\u0440\u0432\u0435\u0440 Ivanti EPM 2022 SU5 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0412 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 Ivanti Avalanche \u0432\u0435\u0440\u0441\u0438\u0438 6.4.3.602 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-29848 (CVSS 7.2), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043f\u044f\u0442\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438: SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f (CVE-2024-22059, CVSS 8.8) \u0438 \u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 (CVE-2024-22060, CVSS 8.7) \u0432 Ivanti Neurons for ITSM, CRLF-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u0432 Ivanti Connect Secure (CVE-2023-38551, CVSS 8.2) \u0438 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Ivanti Secure Access: CVE-2023-38042, CVSS 7.8 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Windows) \u0438 CVE-2023-46810, CVSS 7.3 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Linux).\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430, \u0447\u0442\u043e \u0443 \u043d\u0435\u0451 \u043d\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0441\u0435\u0445 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0438\u043b\u0438 \u0438\u0445 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c Ivanti \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0422\u0430\u043a\u0436\u0435 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u043b\u0443\u0447\u0448\u0438\u043c \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430\u043c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0434\u0438\u0442 \u0441\u0438\u0441\u0442\u0435\u043c \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0442\u044c \u043f\u043b\u0430\u043d \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0437\u043b\u043e\u043c\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-05-24T23:27:46.000000Z"} {"uuid": "da07210f-5175-4fc0-849f-706e210d8ee9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38042", "type": "seen", "source": "https://t.me/itsec_news/4463", "content": "\u200b\u26a1\ufe0f\u0421\u0440\u0430\u0437\u0443 \u043f\u044f\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Ivanti \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n\ud83d\udcac21 \u043c\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u043a\u0430\u043a Endpoint Manager, Avalanche, Neurons for ITSM, Connect Secure \u0438 Secure Access. \u0421\u0443\u043c\u043c\u0430\u0440\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e 16 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u044b \u043a\u0440\u0430\u0442\u043a\u043e \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043d\u0438\u0436\u0435.\n\n\u0418\u0437 \u0434\u0435\u0441\u044f\u0442\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Endpoint Manager \u0448\u0435\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\u043c\u0438 (CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, CVE-2024-29827). \u041e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 9.6 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0435\u043c\u0443\u0441\u044f \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0441\u0435\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Endpoint Manager (CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, CVE-2024-29846) \u0443\u0436\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \u042d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 8.4 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f Core \u0441\u0435\u0440\u0432\u0435\u0440 Ivanti EPM 2022 SU5 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0412 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 Ivanti Avalanche \u0432\u0435\u0440\u0441\u0438\u0438 6.4.3.602 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-29848 (CVSS 7.2), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043f\u044f\u0442\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438: SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f (CVE-2024-22059, CVSS 8.8) \u0438 \u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 (CVE-2024-22060, CVSS 8.7) \u0432 Ivanti Neurons for ITSM, CRLF-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u0432 Ivanti Connect Secure (CVE-2023-38551, CVSS 8.2) \u0438 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Ivanti Secure Access: CVE-2023-38042, CVSS 7.8 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Windows) \u0438 CVE-2023-46810, CVSS 7.3 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Linux).\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430, \u0447\u0442\u043e \u0443 \u043d\u0435\u0451 \u043d\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0441\u0435\u0445 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0438\u043b\u0438 \u0438\u0445 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c Ivanti \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0422\u0430\u043a\u0436\u0435 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u043b\u0443\u0447\u0448\u0438\u043c \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430\u043c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0434\u0438\u0442 \u0441\u0438\u0441\u0442\u0435\u043c \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0442\u044c \u043f\u043b\u0430\u043d \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0437\u043b\u043e\u043c\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-05-24T23:27:46.000000Z"} https://db.gcve.eu/sighting/da07210f-5175-4fc0-849f-706e210d8ee9/export Fri, 24 May 2024 23:27:46 +0000 5e10fbe1-fc5d-40ca-ac99-f2a203dbb7ca https://db.gcve.eu/sighting/5e10fbe1-fc5d-40ca-ac99-f2a203dbb7ca/export {"uuid": "5e10fbe1-fc5d-40ca-ac99-f2a203dbb7ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38041", "type": "seen", "source": "Telegram/1AMMXLlyFxGJCSSSqY7qFRmwQj2l6au9cL_S9ZDYD2ZEjoHL", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"} {"uuid": "5e10fbe1-fc5d-40ca-ac99-f2a203dbb7ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38041", "type": "seen", "source": "Telegram/1AMMXLlyFxGJCSSSqY7qFRmwQj2l6au9cL_S9ZDYD2ZEjoHL", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"} https://db.gcve.eu/sighting/5e10fbe1-fc5d-40ca-ac99-f2a203dbb7ca/export Sat, 08 Mar 2025 04:35:52 +0000