{"vulnerability": "CVE-2023-3354", "sightings": [{"uuid": "faa73305-4c4e-4d44-a876-90a488561d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33548\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field.\n\ud83d\udccf Published: 2024-05-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T20:20:47.532Z\n\ud83d\udd17 References:\n1. https://github.com/Idaht/ASUS_RT-AC51U_CVE/blob/main/XSS%20-%20WPA%20Pre-Shared%20Key", "creation_timestamp": "2025-03-26T20:25:42.000000Z"}, {"uuid": "b41c2544-353c-4dad-a9db-ba32c312b6ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3354", "type": "seen", "source": "https://t.me/cibsecurity/66414", "content": "\u203c CVE-2023-3354 \u203c\n\nA flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:55.000000Z"}, {"uuid": "67c4d5e5-650f-4027-bb43-2c88895e959a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/983", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33544\n\ud83d\udd39 Description: hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.\n\ud83d\udccf Published: 2023-06-01T00:00:00\n\ud83d\udccf Modified: 2025-01-09T16:57:36.962Z\n\ud83d\udd17 References:\n1. https://github.com/hawtio/hawtio/issues/2832", "creation_timestamp": "2025-01-09T17:18:46.000000Z"}, {"uuid": "55e709a8-cebe-49fa-9406-723861a4eca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33544", "type": "seen", "source": "https://t.me/cibsecurity/64850", "content": "\u203c CVE-2023-33544 \u203c\n\nhawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-01T16:30:16.000000Z"}, {"uuid": "d00765f0-e0e5-495e-a799-0faff27de590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33546", "type": "seen", "source": "https://t.me/cibsecurity/64849", "content": "\u203c CVE-2023-33546 \u203c\n\njanino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-01T16:30:15.000000Z"}]}