{"vulnerability": "cve-2023-2242", "sightings": [{"uuid": "d5e9f027-53bc-4eec-9970-64db0d77cbd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22422", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8926", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22422\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udccf Published: 2023-02-01T17:55:51.536Z\n\ud83d\udccf Modified: 2025-03-26T17:50:07.685Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K43881487", "creation_timestamp": "2025-03-26T18:25:37.000000Z"}, {"uuid": "48e3fbe6-1c01-4a30-a19c-5d4438d67d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22421", "type": "seen", "source": "Telegram/ievb-qqWkgQCFeuWgK5K_ab29zu9shYA_ZVT3YTlCyqzJNYk", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"}, {"uuid": "a9b3398a-0e35-4635-a612-e65e36e33d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22425", "type": "seen", "source": "https://t.me/arpsyndicate/2427", "content": "#ExploitObserverAlert\n\nCVE-2023-22425\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-22425. Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.\n\nFIRST-EPSS: 0.000920000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-04T04:14:24.000000Z"}, {"uuid": "19fa2023-2f29-44d5-b323-1e7348dfaed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22428", "type": "seen", "source": "https://t.me/cibsecurity/67189", "content": "\u203c CVE-2023-22428 \u203c\n\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T02:26:18.000000Z"}, {"uuid": "49ccf3ba-7680-4b80-b6b7-f18fd3fd6830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22424", "type": "seen", "source": "https://t.me/cibsecurity/59445", "content": "\u203c CVE-2023-22424 \u203c\n\nUse-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:29.000000Z"}, {"uuid": "f06bea7a-2776-4d79-94be-600a5d3ec8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22421", "type": "seen", "source": "https://t.me/cibsecurity/59442", "content": "\u203c CVE-2023-22421 \u203c\n\nOut-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:23.000000Z"}, {"uuid": "b38c6b36-3fdf-4607-a350-2044765f5609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22429", "type": "seen", "source": "Telegram/asTqyPNHsMKzHAo8b4agDq_YKbsKztJfdBgh2qniuFeFQ-be", "content": "", "creation_timestamp": "2025-02-14T10:03:11.000000Z"}, {"uuid": "11a17b81-d78c-4650-aa5a-38c6e3a5cde1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22424", "type": "seen", "source": "Telegram/hNdHAEBpihQ6AobeBVJi505edG2d73_UNwALLBTG13rr7q2u", "content": "", "creation_timestamp": "2025-03-08T04:34:57.000000Z"}, {"uuid": "c022f5cc-a222-428f-93a4-a7b1f2fc1c26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2242", "type": "seen", "source": "https://t.me/cibsecurity/62662", "content": "\u203c CVE-2023-2242 \u203c\n\nA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-22T20:32:45.000000Z"}, {"uuid": "15bf2108-ffff-4b71-9056-8524051a3aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22422", "type": "seen", "source": "https://t.me/cibsecurity/57333", "content": "\u203c CVE-2023-22422 \u203c\n\nOn BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T20:14:33.000000Z"}, {"uuid": "ffaae189-675d-44c0-a398-7789a1935034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22425", "type": "seen", "source": "https://t.me/cibsecurity/58855", "content": "\u203c CVE-2023-22425 \u203c\n\nStored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T12:49:16.000000Z"}, {"uuid": "7019e83f-3a85-43ff-9666-e28fdf343da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22427", "type": "seen", "source": "https://t.me/cibsecurity/58850", "content": "\u203c CVE-2023-22427 \u203c\n\nStored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T12:49:08.000000Z"}]}