{"vulnerability": "CVE-2023-2345", "sightings": [{"uuid": "7a1385eb-29bc-48b6-8953-837fa4060e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2345", "type": "seen", "source": "https://t.me/cibsecurity/62987", "content": "\u203c CVE-2023-2345 \u203c\n\nA vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T18:40:14.000000Z"}, {"uuid": "e4c43614-702a-4fbe-8b5f-4d46d9436ca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23456", "type": "seen", "source": "https://t.me/cibsecurity/56444", "content": "\u203c CVE-2023-23456 \u203c\n\nA heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T22:30:39.000000Z"}, {"uuid": "984c776a-bfa0-4eb8-a774-5eb95aeaab56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23457", "type": "seen", "source": "https://t.me/cibsecurity/56445", "content": "\u203c CVE-2023-23457 \u203c\n\nA Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T22:30:40.000000Z"}, {"uuid": "e21dc917-6894-46e4-85a5-3b4092c7521d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23459", "type": "seen", "source": "https://t.me/cibsecurity/58263", "content": "\u203c CVE-2023-23459 \u203c\n\nPriority Windows may allow Command Execution via SQL Injection using an unspecified method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T22:36:40.000000Z"}, {"uuid": "c5448b21-a926-412d-87b6-0f5589a8599e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23455", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8296", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23455\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T20:54:48.320Z\n\ud83d\udd17 References:\n1. https://www.openwall.com/lists/oss-security/2023/01/10/1\n2. https://www.openwall.com/lists/oss-security/2023/01/10/4\n3. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b\n4. https://www.debian.org/security/2023/dsa-5324\n5. https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html\n6. https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", "creation_timestamp": "2025-03-20T21:18:45.000000Z"}, {"uuid": "008cef71-3e37-470a-b8eb-0a7e13d48bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23454", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23454\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T20:55:38.435Z\n\ud83d\udd17 References:\n1. https://www.openwall.com/lists/oss-security/2023/01/10/1\n2. https://www.openwall.com/lists/oss-security/2023/01/10/4\n3. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12\n4. https://www.debian.org/security/2023/dsa-5324\n5. https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html\n6. https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", "creation_timestamp": "2025-03-20T21:18:43.000000Z"}, {"uuid": "c7930bf4-d5fa-47b5-bab5-61845b53fe37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23451", "type": "seen", "source": "https://t.me/cibsecurity/62494", "content": "\u203c CVE-2023-23451 \u203c\n\nThe Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number &gt;2311xxxx have the Telnet interface disabled by factory default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T02:30:26.000000Z"}, {"uuid": "237a374f-b9ec-42dc-aa24-5158044467c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23458", "type": "seen", "source": "https://t.me/cibsecurity/58266", "content": "\u203c CVE-2023-23458 \u203c\n\nSunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T22:36:43.000000Z"}, {"uuid": "abe368b8-5ea8-4991-818e-40c1ea976e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23453", "type": "seen", "source": "https://t.me/cibsecurity/58552", "content": "\u203c CVE-2023-23453 \u203c\n\nMissing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T02:16:17.000000Z"}, {"uuid": "419bdcf6-5c23-47d6-876b-20d0faf92378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23452", "type": "seen", "source": "https://t.me/cibsecurity/58548", "content": "\u203c CVE-2023-23452 \u203c\n\nMissing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T02:16:13.000000Z"}, {"uuid": "9592e32c-f47b-4383-92bd-a0f1becf85e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23454", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "4f8cdb47-e1a6-4256-b44b-a26de35d77aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23455", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}]}