{"vulnerability": "CVE-2023-3390", "sightings": [{"uuid": "43d28213-c450-41d3-813c-ad411b1628e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33909", "type": "seen", "source": "https://t.me/cibsecurity/67847", "content": "\u203c CVE-2023-33909 \u203c\n\nIn Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T07:13:11.000000Z"}, {"uuid": "2b63d49a-fce7-4a08-b591-88483b7749ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33908", "type": "seen", "source": "https://t.me/cibsecurity/67854", "content": "\u203c CVE-2023-33908 \u203c\n\nIn ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T07:13:21.000000Z"}, {"uuid": "822ccfaf-c8ea-4a86-951e-3d1718a3e6aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33900", "type": "seen", "source": "https://t.me/cibsecurity/66481", "content": "\u203c CVE-2023-33900 \u203c\n\nIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:24.000000Z"}, {"uuid": "93595473-c1f8-4f21-b89a-dfe152649f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33905", "type": "seen", "source": "https://t.me/cibsecurity/66477", "content": "\u203c CVE-2023-33905 \u203c\n\nIn iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:45.000000Z"}, {"uuid": "71ba1985-a792-4b2b-9a2e-2af44e412962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "seen", "source": "https://t.me/cibsecurity/65681", "content": "\u203c CVE-2023-3390 \u203c\n\nA use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.We recommend upgrading past commit\u00c2\u00a01240eb93f0616b21c675416516ff3d74798fdc97.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T00:13:14.000000Z"}, {"uuid": "8e83bea9-1fee-4693-bc1a-57918889bbd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/9727", "content": "#exploit\n\"One shot, Triple kill:\nPwning all three Google kernelCTF instances with a single 1-day Linux vulnerability (CVE-2023-3390)\".", "creation_timestamp": "2024-01-06T00:28:16.000000Z"}, {"uuid": "adabf2f2-6219-4a42-8431-221e33936255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "seen", "source": "https://t.me/arpsyndicate/1889", "content": "#ExploitObserverAlert\n\nCVE-2023-3390\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-3390. A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.  Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.  We recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T02:08:30.000000Z"}, {"uuid": "1aeff8bc-5383-41c5-8e93-1402f658f9a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "published-proof-of-concept", "source": "Telegram/THY99TLN92YifPMxk5RYVjdojQ_8saoAlwZJCKO5imXrUw", "content": "", "creation_timestamp": "2023-07-27T16:50:53.000000Z"}, {"uuid": "14cad8ea-afd2-4bd7-8c9c-cf4799d03bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3952", "content": "\ud83d\udcccNINTU PROCUREMENT SOFTWARE Data Leak : https://system32.ink/nintu-procurement-software-data-leak/\n\n\ud83d\udccdMalicious PDF Generator : https://system32.ink/malicious-pdf-generator/\n\n\ud83e\ude85CVE-2023-3390 Exploit : https://system32.ink/cve-2023-3390_lts_cos_mitigation-exploit/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-27T16:50:08.000000Z"}, {"uuid": "b3c4391d-ef4d-494e-adf1-45278bf26924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "exploited", "source": "https://t.me/Rootsec_2/2428", "content": "#exploit\n\"One shot, Triple kill:\nPwning all three Google kernelCTF instances with a single 1-day Linux vulnerability (CVE-2023-3390)\".", "creation_timestamp": "2024-08-16T08:59:56.000000Z"}, {"uuid": "e5ead3d5-7344-4c41-8062-cae47e53bf81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "published-proof-of-concept", "source": "Telegram/QrB1TJSpmW2YJcQv4NqBOJ8wx4RkA5fTfXYrvP68QK7sewI", "content": "", "creation_timestamp": "2024-06-08T10:26:40.000000Z"}, {"uuid": "e64d8197-8ea2-40e0-93ee-de37611f5499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3390", "type": "exploited", "source": "https://t.me/proxy_bar/1962", "content": "Exploiting CVE-2023-3390 in Linux kernel\n*\n\u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u0441 \u0433\u0438\u0442\u0430 \u044d\u0442\u043e\u0442 \u0441\u043f\u0438\u0447 \u0443\u0434\u0430\u043b\u0438\u043b\u0438 (\u0441\u0445\u0435\u0440\u0430\u043b\u0438 ?) \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434, \u043d\u043e \u043c\u044b \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u0443 INSU YUN,  \u0438 \u0447\u0443\u0432\u0430\u043a \u043b\u044e\u0431\u0435\u0437\u043d\u043e \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0441\u044f, \u0430 \u043c\u044b \u0434\u0435\u043b\u0438\u043c\u0441\u044f \u0441 \u0432\u0430\u043c\u0438, \u043d\u0435 \u0443\u0441\u043f\u0435\u0432 \u043f\u0440\u043e\u0441\u043d\u0443\u0442\u044c\u0441\u044f. \u041a\u041e\u0424\u0415 !!!\n*\n\u0427\u0438\u0442\u0430\u0435\u043c -  One shot, Triple kill\n\n#linux #0day #1day", "creation_timestamp": "2024-03-27T06:06:28.000000Z"}]}