{"vulnerability": "CVE-2021-3929", "sightings": [{"uuid": "98e3e9e0-a585-4fd9-a5f3-46973f052562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39296", "type": "seen", "source": "https://t.me/kasperskyb2b/464", "content": "\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u043f\u0430\u0442\u0447\u0435\u0439  \ud83e\ude79\ud83e\ude79\ud83e\ude79\u0437\u0430 \u044d\u0442\u0443 \u043d\u0435\u0434\u0435\u043b\u044e:\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e, \u00ab\u043d\u0430 \u0445\u0432\u043e\u0441\u0442\u00bb Microsoft \u0441 \u0435\u0451 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u0435\u0439 Patch Tuesday \u00ab\u0443\u043f\u0430\u043b\u0438\u00bb \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u0432\u044f\u0442\u0438\u0442\u044c \u043f\u0430\u0442\u0447\u0430\u043c \u043f\u043e\u0447\u0442\u0438 \u0446\u0435\u043b\u0438\u043a\u043e\u043c:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows, Office \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043f\u043e\u0447\u0442\u0438 80 \u0437\u0430\u043f\u043b\u0430\u0442\u043e\u043a, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0444\u0438\u043a\u0441\u044b \u0434\u043b\u044f  3 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0438 9 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\nAdobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 9 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u0441\u043e\u0431\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0441\u0442\u043e\u0438\u0442  \u043f\u0430\u0447\u043a\u0430 RCE \u0432 Photoshop (CVE-2023-21574 .. 21578)\n\nApple \u0441\u0440\u043e\u0447\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 iOS \u0438 macOS  \n\nCisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c\u0443 opensource \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u043c\u0443 \u043c\u043e\u0434\u0443\u043b\u044e  ClamAV, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430  \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 HFS+ (CVE-2023-20032, CVSS 9.8).\n\nIntel \u0438\u0437\u043e \u0432\u0441\u0435\u0445 \u0441\u0438\u043b \u0440\u0430\u0437\u0432\u043b\u0435\u043a\u0430\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u043e\u0432, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0430\u0434\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c 31 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u0438 \u0432\u043d\u0438\u043a\u043d\u0443\u0442\u044c \u0432 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u0432 \u043a\u0430\u0436\u0434\u043e\u043c. \u041d\u0430 \u0434\u043e\u043b\u044e Software Guard Extensions (SGX) \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f 5 CVE.\n\u0410 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2021-39296  \u0441 CVSS 10.0 \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 IPMI lan+. \u0421\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f IMPI \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0430\u0442 \u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a BMC \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n \u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e \u0443 Intel, \u043a\u0440\u043e\u043c\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0438 \u0441\u043e\u0444\u0442\u0430, \u043d\u0443\u0436\u043d\u044b \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0430 \u0447\u0438\u043f\u043e\u0432. \n\nSchneider \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u00ab\u0432\u0441\u0435\u0433\u043e\u00bb 10 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439, \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0445\u0441\u044f \u043a \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u043c EcoStruxture, StruxtureWave, Merten KNX \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0434\u0440\u0443\u0433\u0438\u043c.  \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 StruxtureWave Data Center Expert (CVE-2023-25547..25555, CVSS \u043e\u0442 5.6 \u0434\u043e 8.8) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043d\u0435\u0448\u0442\u0430\u0442\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f. \n\nSiemens \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 22 \u043c\u0430\u0441\u0441\u0438\u0432\u043d\u044b\u0445 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 80 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445  \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445.\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c  \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u0441\u043e\u0444\u0442\u0435 COMOS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438/\u0438\u043b\u0438 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438  (CVE-2023-24482, CVSS 10.0).\n\u0421\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043b\u043e\u0445\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0437\u0430\u043a\u0440\u044b\u0442\u043e\u0433\u043e (\u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e) \u043a\u043b\u044e\u0447\u0430 \u0432 SINUMERIK ONE an\u0438  SINUMERIK MC  (CVSS 9.3).\n\u0426\u0435\u043b\u044b\u0439 \u0431\u0443\u043a\u0435\u0442 \u0444\u0438\u043a\u0441\u043e\u0432 \u0432 Brownfield Connectivity \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0432 \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0435\u0439\u0441\u044f \u00ab\u043f\u043e\u0434 \u043a\u0430\u043f\u043e\u0442\u043e\u043c\u00bb \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435  OpenSSL", "creation_timestamp": "2023-02-19T09:01:50.000000Z"}, {"uuid": "d9d913ff-34b9-4d61-9084-318d85566277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3929", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5893", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3929\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.\n\ud83d\udccf Published: 2022-08-25T19:36:36.000Z\n\ud83d\udccf Modified: 2025-02-28T13:07:25.655Z\n\ud83d\udd17 References:\n1. https://gitlab.com/qemu-project/qemu/-/issues/556\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2020298\n3. https://access.redhat.com/security/cve/CVE-2021-3929\n4. https://gitlab.com/qemu-project/qemu/-/issues/782\n5. https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/", "creation_timestamp": "2025-02-28T13:27:01.000000Z"}, {"uuid": "46805b65-d33d-4a18-a51a-2c9f4d552d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3929", "type": "seen", "source": "Telegram/IMjYnrTnDPu711BdX6XuiN74-ZdPF2Mf9LMjtAfCMo13fBTS", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "4c398e9e-6c26-4b56-8cc8-7f8e6da7369f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39295", "type": "seen", "source": "https://t.me/cibsecurity/62239", "content": "\u203c CVE-2021-39295 \u203c\n\nIn OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T00:26:54.000000Z"}, {"uuid": "abf34daa-2f33-4aec-86ab-2cf01e442555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3929", "type": "seen", "source": "https://t.me/cibsecurity/48817", "content": "\u203c CVE-2021-3929 \u203c\n\nA DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T00:24:07.000000Z"}, {"uuid": "2a2b71bd-bc8e-478a-923f-f8479f02dd57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39299", "type": "seen", "source": "https://t.me/cibsecurity/37589", "content": "\u203c CVE-2021-39299 \u203c\n\nPotential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T20:36:14.000000Z"}, {"uuid": "a3cf858d-845a-4754-8784-ed95f0242c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39298", "type": "seen", "source": "https://t.me/cibsecurity/37586", "content": "\u203c CVE-2021-39298 \u203c\n\nPotential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T20:36:10.000000Z"}, {"uuid": "5b8c780d-e63d-48a1-bd0c-58374bec910c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3929", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6051", "content": "#Whitepaper\n\"Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape\", 2022.\n\n]-&gt; CVE-2021-3929/3947 (VM escape PoC):\nhttps://github.com/QiuhaoLi/CVE-2021-3929-3947", "creation_timestamp": "2022-05-22T13:20:17.000000Z"}, {"uuid": "5f93e405-2657-4c7e-a65d-f68d8d41bfb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39296", "type": "seen", "source": "https://t.me/true_secator/4077", "content": "Intel \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u0434\u043b\u044f 10 \u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443.\n\nCVE-2021-39296 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u043e\u0439 (BMC) \u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 OpenBMC \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445 Intel, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 netipmid (IPMI lan+).\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f \u043a BMC \u0432 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 IPMI.\n\n\u0412 BMC \u0438 OpenBMC \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0435\u0449\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\nIntel \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0438, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 Integrated BMC 2.86, 2.09 \u0438 2.78, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 OpenBMC 0.72, wht-1.01-61 \u0438 egs-0.91-179.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u0441\u043d\u0443\u043b\u0438\u0441\u044c \u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Xeon \u0441 SGX (CVE-2022-33196), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0435\u0448\u0435\u043d\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c BIOS \u0438 \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0430.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2022-21216) \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Atom \u0438 Xeon, \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0430 \u0434\u043b\u044f Xeon, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 CVE-2022-33972 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0439), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043e\u0431\u044a\u044f\u0432\u0438\u043b \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 BIOS \u0438 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 (SINIT) Trusted Execution Technology (TXT) \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 (ACM) \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u041f\u041e Driver Support Assistant (DSA), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u0430\u0433\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 \u0441\u0440\u043e\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u044b \u0431\u0430\u0442\u0430\u0440\u0435\u0438, oneAPI, SUR, \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 Server Platform Services (SPS), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u041f\u041e Quartus Prime Pro \u0438 Standard.\n\n\u0412 SDK FPGA \u0434\u043b\u044f \u041f\u041e OpenCL Quartus Prime Pro, Integrated Sensor Solution, Media Software Development Kit (SDK), Trace Analyzer and Collector \u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u0445 Xe MAX \u0434\u043b\u044f Windows \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435\u00a0\u0446\u0435\u043d\u0442\u0440\u0435\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Intel.", "creation_timestamp": "2023-02-16T16:30:08.000000Z"}, {"uuid": "da6c3f26-30e3-456a-a53e-7a4d6169dbe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39290", "type": "seen", "source": "https://t.me/cibsecurity/27672", "content": "\u203c CVE-2021-39290 \u203c\n\nCertain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T12:22:40.000000Z"}, {"uuid": "c8c370d4-34fa-427b-bbda-4cac1cb5b9b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39291", "type": "seen", "source": "https://t.me/cibsecurity/27671", "content": "\u203c CVE-2021-39291 \u203c\n\nCertain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T12:22:39.000000Z"}]}