{"vulnerability": "cve-2024-3643", "sightings": [{"uuid": "0826127e-557f-4037-a889-b4856db792ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36437", "type": "seen", "source": "https://t.me/cvedetector/17088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36437 - TextNow Android Vulnerability - Unauthorized Call Hijacking\", \n  \"Content\": \"CVE ID : CVE-2024-36437 \nPublished : Feb. 3, 2025, 6:15 p.m. | 22\u00a0minutes ago \nDescription : The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T20:19:20.000000Z"}, {"uuid": "e7cb8970-46b0-4e2d-9823-e0b1350b6357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/4910", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-> https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-10-02T16:38:48.000000Z"}, {"uuid": "f41df3f0-1bbe-41a5-8ce5-6c98d7291b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36439", "type": "seen", "source": "https://t.me/cvedetector/3921", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36439 - Swissphone DiCal-RED 4009 Password Hash Crack Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36439 \nPublished : Aug. 22, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T17:42:36.000000Z"}, {"uuid": "def0d07a-9476-41b3-88fb-efb3d52c6c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/466", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py", "creation_timestamp": "2024-09-30T04:58:44.000000Z"}, {"uuid": "366f98bb-5189-474f-83ba-5867523acb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "seen", "source": "https://t.me/cvedetector/697", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36435 - An issue was discovered on Supermicro BMC firmware\", \n  \"Content\": \"CVE ID : CVE-2024-36435 \nPublished : July 11, 2024, 9:15 p.m. | 44\u00a0minutes ago \nDescription : An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T00:11:02.000000Z"}, {"uuid": "a769f244-2ed7-483c-b0c3-19f12de8eb62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36432", "type": "seen", "source": "https://t.me/cvedetector/897", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36432 - Supermicro Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, X11PDG-SN BIOS Firmware Arbitrary Memory Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36432 \nPublished : July 15, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T21:52:11.000000Z"}, {"uuid": "6a8c8336-69f5-4407-a255-c109da68b9b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36434", "type": "seen", "source": "https://t.me/cvedetector/895", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36434 - Supermicro X11DPH-T, X11DPH-Tq, X11DPH-i Motherboard SMM Callout Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36434 \nPublished : July 15, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T21:52:09.000000Z"}, {"uuid": "434ad1fb-982c-496b-8737-48920ba2786d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36438", "type": "seen", "source": "https://t.me/cvedetector/894", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36438 - eLinkSmart Smart Cabinet Lock Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-36438 \nPublished : July 15, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T21:52:08.000000Z"}, {"uuid": "9d94c1ed-a005-4567-86cf-5d5ac83ab574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36433", "type": "seen", "source": "https://t.me/cvedetector/898", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36433 - Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i Motherboard BIOS Arbitrary Memory Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36433 \nPublished : July 15, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T21:52:15.000000Z"}, {"uuid": "ab58e7d1-2853-4b26-9c61-c0de8b374b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1588", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-> https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-10-02T16:38:49.000000Z"}, {"uuid": "0e6e4c08-69b3-4c49-bdb6-f232d23f9d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6052", "content": "\u200aSupermicro Motherboards Vulnerable to Critical RCE Flaw (CVE-2024-36435)\n\nhttps://securityonline.info/supermicro-motherboards-vulnerable-to-critical-rce-flaw-cve-2024-36435/", "creation_timestamp": "2024-07-15T12:11:56.000000Z"}, {"uuid": "c9cf9d3a-899e-4461-91d5-da44549201ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1004", "content": "Target = \"https://{ip_address}/cgi/login.cgi\"\ncommand = \"touch /tmp/BRLY\"\n\nlibc = 0x76283000    # we try to guess\ngadget1 = 0x000D8874  # pop {r0, r1, r2, r3, fp, pc};\ngadget2 = 0x001026D4  # mov r0, sp; blx r3;\nsystem  = 0x0003C4D4\n\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n\n#CyberDilara", "creation_timestamp": "2024-09-30T07:30:50.000000Z"}, {"uuid": "35582d35-da04-4943-a667-6d9aa65e9510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2284", "content": "CVE-2024-36435\n*\nRCE Flaw in Supermicro BMC IPMI Firmware\n*\nWriteUp\n*\nPOC exploit\n\n#servers #ipmi #rce", "creation_timestamp": "2024-10-02T07:31:40.000000Z"}, {"uuid": "2a4ccf03-3099-46a2-b449-cc52729ca432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_TM/881", "content": "\u2022 RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware\n\nSecurity vulnerability in the Baseboard Management Controller (BMC) firmware \u2014 a critical component of modern data center infrastructure. Unauthenticated user can remotely trigger the code flow with a simple post request and cause the arbitrary code execution over classical stack overflow.\n\nPOC: https://github.com/binarly-io/ToolsAndPoCs/blob/789fdb481ed3a9d6da71dee0d7d3bbdde6c1b5dd/Posix/Supermicro/CVE-2024-36435.py\n\n#exploit #writeup #pentest\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-10-02T21:07:43.000000Z"}, {"uuid": "74923109-3a0a-48c7-a2ae-9d7572426d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11208", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-41110:\nDocker AuthZ plugins Security Checker\nhttps://github.com/vvpoglazov/cve-2024-41110-checker\n\n3. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-> https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-11-01T03:17:48.000000Z"}, {"uuid": "6cf53d35-eea0-42dd-8c09-e33fe65e5b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "Telegram/o7VlsrAVA1DWBTlZl46rIoutlNqMKHpc5zbmztPssQicDZc", "content": "", "creation_timestamp": "2024-10-03T16:56:46.000000Z"}, {"uuid": "36eef5d1-4b11-4189-8eb6-33e6a34c7f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36437", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhc5kz5xjj2b", "content": "", "creation_timestamp": "2025-02-03T18:15:53.115586Z"}]}