{"vulnerability": "CVE-2024-3740", "sightings": [{"uuid": "1807e539-aa2c-4954-a909-b17b7f566776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "Telegram/3iXwGwZ-k6vzL6K4nHtvrenTEAbklyMKBywg6IPFHgC9MX0", "content": "", "creation_timestamp": "2025-02-11T14:41:47.000000Z"}, {"uuid": "2075d746-5363-461f-989b-d3a43c3b083b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3311", "content": "https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/\n\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n#\u5206\u6790 #poc", "creation_timestamp": "2024-10-13T05:08:04.000000Z"}, {"uuid": "937032f0-41ec-4214-a521-922398d8dd7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11280", "content": "#exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-52447_cos", "creation_timestamp": "2024-10-14T17:10:12.000000Z"}, {"uuid": "4ee30fed-e5b5-48e5-967b-e2da68ce8d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/5c757488-3b44-49b3-b165-1bf341712117", "content": "", "creation_timestamp": "2024-11-22T11:07:13.000000Z"}, {"uuid": "8fb65557-2d54-432c-be6a-be8791502361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37401", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0484", "content": "", "creation_timestamp": "2024-12-24T12:43:37.000000Z"}, {"uuid": "b4d49431-c62e-4ef4-85b0-bbe191452436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "a29dfc7c-2dda-4f32-89e1-bf382988cce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "cdbab790-a377-4e18-833a-0d01644d4129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37400", "type": "seen", "source": "https://t.me/cvedetector/10772", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37400 - Ivanti Connect Secure Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-37400 \nPublished : Nov. 13, 2024, 2:15 a.m. | 43\u00a0minutes ago \nDescription : An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T04:07:18.000000Z"}, {"uuid": "7df1bc54-80a4-494b-b6ab-e170d0f4f94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://t.me/cvedetector/8349", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37404 - Ivanti Connect Secure Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37404 \nPublished : Oct. 18, 2024, 11:15 p.m. | 41\u00a0minutes ago \nDescription : Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T02:06:52.000000Z"}, {"uuid": "b82f5891-2e66-439a-9a64-34198a700aeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37406", "type": "seen", "source": "https://t.me/cvedetector/6034", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37406 - Brave Android Domain Elision Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37406 \nPublished : Sept. 18, 2024, 10:15 p.m. | 39\u00a0minutes ago \nDescription : In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T01:07:05.000000Z"}, {"uuid": "80cdda78-6280-4aad-854a-c78baec04b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://t.me/ZeroDay_TM/891", "content": "Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n\n- Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1, contain a CRLF injection vulnerability which could be exploited by an authenticated administrator to execute arbitrary code with root privileges.\n\nSearch Query:\nHUNTER:/product.name=\"Ivanti Connect Secure\"\nSHODAN: http.title:\"Ivanti Connect Secure\"\nFOFA: app=\"ivanti-Connect-Secure\"\n#RCE #CSRF #vulnerability\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-10-18T20:25:31.000000Z"}, {"uuid": "b3972f9a-6548-400b-a3cb-887e27cfafa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/god_of_server/4", "content": "#Exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux8 /kernelctf/CVE-2023-52447_cos\n\nHonestly, I've used that number 1 angular method is almost like node.js with rce. \ud83d\ude07", "creation_timestamp": "2024-10-24T06:17:45.000000Z"}, {"uuid": "1c1d50e0-c244-49f5-9e76-87c3434b7611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/god_of_server/9", "content": "#exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-52447_cos\n\n\nGood luck bro ...", "creation_timestamp": "2024-10-26T13:59:22.000000Z"}, {"uuid": "4559cd69-7228-47c5-bf1a-c11a3f5fba1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "e69f638d-48db-4184-a367-01c5a2a18edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_37404.rb", "content": "", "creation_timestamp": "2024-12-04T16:32:08.000000Z"}, {"uuid": "df66fb03-9412-4d8f-9c61-7c6456e56f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "cve-2024-37408", "type": "seen", "source": "https://bsky.app/profile/0x4d6165.transfem.social.ap.brid.gy/post/3migdninlxo72", "content": "", "creation_timestamp": "2026-04-01T09:06:50.090608Z"}, {"uuid": "c95fc63f-f4b0-4243-a229-f4feae727aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/1445", "content": "\u26a0\ufe0f \u041f\u043e\u0447\u0442\u0438 \u0444\u043b\u044d\u0448-\u0440\u043e\u044f\u043b\u044c: \u043f\u0430\u0442\u0447\u0438\u043c Fortinet, Palo Alto \u0438 Ivanti\n\n\u0421\u043b\u043e\u0436\u043d\u0430\u044f \u043d\u0435\u0434\u0435\u043b\u044c\u043a\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u2014 \u0434\u043b\u044f \u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c Palo Alto \u043f\u043e\u0441\u0432\u044f\u0449\u0451\u043d \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Palo Alto Networks Expedition, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 API-\u043a\u043b\u044e\u0447\u0438 \u043e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 PAN-OS. \u0420\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u0434\u043b\u044f \u044d\u0442\u0438\u0445 CVE  \u0432\u0430\u0440\u044c\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0442 7 \u0434\u043e 9.9, \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 API-\u043a\u043b\u044e\u0447\u0438. \u0421\u0430\u043c\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u044d\u043a\u0440\u0430\u043d\u044b \u0434\u0435\u0444\u0435\u043a\u0442\u0430\u043c\u0438 \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b. \u0415\u0441\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0432\u0438\u0434\u0438\u043c\u043e, \u043d\u0435 \u0437\u0430 \u0433\u043e\u0440\u0430\u043c\u0438.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c CISA \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-23113, \u044d\u0442\u043e RCE \u0432 FortiOS \u0441 CVSS 9.8, \u0437\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0430\u044f \u0432 \u0430\u043f\u0440\u0435\u043b\u0435. \u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b FortiOS, FortiPAM, FortiProxy \u0438 FortiWeb. \u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u043c \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u0430\u043c \u0432\u0435\u043b\u0435\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0442\u0447\u0438 \u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0442\u0440\u0451\u0445 \u043d\u0435\u0434\u0435\u043b\u044c, \u0432\u0441\u0435\u043c \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c \u0442\u043e\u0436\u0435 \u0441\u0442\u043e\u0438\u0442 \u043f\u043e\u0442\u043e\u0440\u043e\u043f\u0438\u0442\u044c\u0441\u044f.\n\n\u041d\u0443 \u0430 Ivanti \u0441\u0442\u043e\u0439\u043a\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0438\u0434\u0442\u0438 \u043f\u0440\u0435\u0436\u043d\u0438\u043c \u043a\u0443\u0440\u0441\u043e\u043c, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0432 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0442\u0440\u0438 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u043c, \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u043c \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435, \u0441\u043d\u043e\u0432\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \n\u0420\u0435\u0447\u044c \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438  \u0432  Ivanti Cloud Services Application  (CVE-2024-9379, -9380, -9388 \u043f\u043b\u044e\u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f CVE-2024-8963), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \u0412\u0435\u043d\u0434\u043e\u0440 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0430 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 CSA 5.0 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0432\u0435\u0440\u0441\u0438\u0438 4.6.\n\u0420\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043e \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u2014 CVE-2024-7612 \u0432 Ivanti Endpoint Manager Mobile  (\u043d\u0435\u043f\u0440\u0430\u0432\u043e\u043c\u0435\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, CVSS 8.8) \u0438 CVE-2024-37404 \u0432 Ivanti Connect Secure / Policy Secure  (RCE, CVSS 9.1).\n\n\u0422\u0435, \u043a\u0442\u043e \u043d\u0435 \u0438\u043c\u043f\u043e\u0440\u0442\u043e\u0437\u0430\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u043c\u0438\u043d\u0443\u0442\u044b, \u0443\u0436\u0435 \u0431\u0435\u0433\u0443\u0442 \u0438\u0441\u043a\u0430\u0442\u044c \u0430\u043f\u0434\u0435\u0439\u0442\u044b.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-10-10T10:01:33.000000Z"}, {"uuid": "fa62da96-240b-4ca3-a1bc-b4e47ec2ec3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/15627", "content": "\u200aCVE-2024-37404: Critical RCE Flaw Discovered in Ivanti Connect Secure &amp; Policy Secure, PoC Published\n\nhttps://securityonline.info/cve-2024-37404-critical-rce-flaw-discovered-in-ivanti-connect-secure-policy-secure-poc-published/", "creation_timestamp": "2024-10-10T09:20:28.000000Z"}, {"uuid": "eaab083f-b622-4b87-ac54-6cdb75c8d68e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37400", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473554564683012", "content": "", "creation_timestamp": "2024-11-13T03:37:14.194075Z"}, {"uuid": "472606b0-ecfc-49df-a8d0-86e240a7441e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37401", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635719760148469", "content": "", "creation_timestamp": "2024-12-11T18:57:58.224519Z"}, {"uuid": "864a1119-7e80-48c1-aa00-968f94da3f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37401", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635736547254863", "content": "", "creation_timestamp": "2024-12-11T19:02:14.368234Z"}, {"uuid": "673da837-1016-49d5-afce-018657853f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1395", "content": "", "creation_timestamp": "2024-10-10T04:00:00.000000Z"}, {"uuid": "85833a47-70f1-4962-b17e-b8b9d9de83ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "Telegram/H6htkkOSY2gU4oZNeFQKNEm1rHUkhbADYOIVaEkcZxyxQkFb", "content": "", "creation_timestamp": "2024-10-16T11:50:59.000000Z"}, {"uuid": "d353cdd6-1b15-40ed-af6c-c9c6ebfddced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37403", "type": "seen", "source": "https://t.me/cvedetector/2668", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37403 - Ivanti Docs@Work for Android Path Traversal\ufffdng Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37403 \nPublished : Aug. 7, 2024, 4:17 a.m. | 36\u00a0minutes ago \nDescription : Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-07T06:56:16.000000Z"}, {"uuid": "0150c8e0-763f-4296-86bd-01f6a028aca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37409", "type": "seen", "source": "https://t.me/cvedetector/1398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37409 - Beaver Builder PowerPack Lite Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-37409 \nPublished : July 22, 2024, 9:15 a.m. | 33\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Stored XSS.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.4. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T11:57:39.000000Z"}, {"uuid": "7f825ef4-6e8d-45f6-be03-b0de6cc6dd94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/544", "content": "https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/\n\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n#\u5206\u6790 #poc", "creation_timestamp": "2024-10-13T14:10:12.000000Z"}, {"uuid": "ba57a66c-4e10-477b-a79f-b2496d4d69a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3740", "type": "seen", "source": "https://t.me/ViralCyber/7218", "content": "\ud83d\udd3b\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 Ivanti Connect Secure\n\n\ud83d\udd39\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 CVE-2024-3740  \u0648 \u0634\u062f\u062a 9.1 (\u0628\u062d\u0631\u0627\u0646\u06cc) \u062f\u0631 Ivanti Connect Secure \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647 \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0645\u06cc\u200c\u06cc\u0627\u0628\u062f.\n\n\ud83c\udf10\u0644\u06cc\u0646\u06a9 \u062e\u0628\u0631\n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83c\udd94@aftana", "creation_timestamp": "2024-10-21T16:55:17.000000Z"}]}