{"vulnerability": "CVE-2023-3974", "sightings": [{"uuid": "f68b2d02-1c70-4e39-9e60-0d46dbbf22e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-39740", "type": "seen", "source": "https://t.me/cibsecurity/72862", "content": "\u203c CVE-2023-39740 \u203c\n\nThe leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:45:35.000000Z"}, {"uuid": "34457a8c-c675-4424-8963-f1feb1b3cdba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-39741", "type": "seen", "source": "https://t.me/cibsecurity/68781", "content": "\u203c CVE-2023-39741 \u203c\n\nlrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T22:38:12.000000Z"}, {"uuid": "e2c9e487-2bc1-4cc6-8580-bff7ebf759ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-39743", "type": "seen", "source": "https://t.me/cibsecurity/68777", "content": "\u203c CVE-2023-39743 \u203c\n\nlrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T22:38:06.000000Z"}, {"uuid": "fe7084b0-ba71-4e56-935b-6ebd4e0ff148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3974", "type": "seen", "source": "https://t.me/cibsecurity/67324", "content": "\u203c CVE-2023-3974 \u203c\n\nOS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:28:46.000000Z"}]}