{"vulnerability": "cve-2023-2500", "sightings": [{"uuid": "14506443-3dbd-4f70-9328-0be23c1b813b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25009", "type": "seen", "source": "https://t.me/cibsecurity/64066", "content": "\u203c CVE-2023-25009 \u203c\n\nA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-14T14:25:09.000000Z"}, {"uuid": "b6064961-1962-4b33-9f72-ef2e5601dc87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25007", "type": "seen", "source": "https://t.me/cibsecurity/64065", "content": "\u203c CVE-2023-25007 \u203c\n\nA malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-13T00:27:16.000000Z"}, {"uuid": "636dbcb7-60ba-4339-8ce4-2f2f39e659a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25006", "type": "seen", "source": "https://t.me/cibsecurity/64064", "content": "\u203c CVE-2023-25006 \u203c\n\nA malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-13T00:27:15.000000Z"}, {"uuid": "37b4986e-1338-48aa-8768-d802ee5df156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25008", "type": "seen", "source": "https://t.me/cibsecurity/64062", "content": "\u203c CVE-2023-25008 \u203c\n\nA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-13T00:27:13.000000Z"}, {"uuid": "8adcb100-841e-4e84-9f45-a8a08aca3665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25005", "type": "seen", "source": "https://t.me/cibsecurity/64058", "content": "\u203c CVE-2023-25005 \u203c\n\nA maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-13T00:27:09.000000Z"}, {"uuid": "953063bc-a65e-4de7-adf1-2bda293013ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25001", "type": "seen", "source": "https://t.me/cibsecurity/65592", "content": "\u203c CVE-2023-25001 \u203c\n\nA maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-28T02:12:22.000000Z"}, {"uuid": "7711ea2c-5d88-41c0-8e8f-fd0e899457d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "seen", "source": "https://t.me/cibsecurity/65591", "content": "\u203c CVE-2023-25002 \u203c\n\nA maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-28T02:12:21.000000Z"}, {"uuid": "727082ed-06ca-4ff3-a7da-d6d80bf2e247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4320", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/nokn0wthing/CVE-2023-25002\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-08T18:46:43.000000Z"}, {"uuid": "72185cee-e445-4dbd-8ed8-1d980816d84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8270", "content": "#exploit\n1.CVE-2023-20052:\nInformation leak vulnerability in the DMG file parser of ClamAV\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\n2. Exploits for CVE-2023-27327, CVE-2023-27328\n(Parallels Desktop VM)\nhttps://github.com/kn32/parallels-plist-escape\n\n3. CVE-2023-28231:\nDHCP Server RCE (2008 R2 SP1 - Server 2019)\nhttps://github.com/glavstroy/CVE-2023-28231", "creation_timestamp": "2023-05-10T11:03:01.000000Z"}, {"uuid": "c11bd2af-2b60-409a-8349-a0e811311c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25009", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3000", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25009\n\ud83d\udd39 Description: A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:55:30.927Z\n\ud83d\udd17 References:\n1. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", "creation_timestamp": "2025-01-24T20:04:42.000000Z"}, {"uuid": "e7d3e427-d444-4602-8360-e4216160a997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25008", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2999", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25008\n\ud83d\udd39 Description: A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:56:19.365Z\n\ud83d\udd17 References:\n1. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", "creation_timestamp": "2025-01-24T20:04:38.000000Z"}, {"uuid": "4a7d1d23-6965-46f2-b9fe-12f259d362cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25007", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2998", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25007\n\ud83d\udd39 Description: A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:57:19.910Z\n\ud83d\udd17 References:\n1. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", "creation_timestamp": "2025-01-24T20:04:37.000000Z"}, {"uuid": "232a41fe-ae4b-44be-baaa-90d3cd558255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25006", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2997", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25006\n\ud83d\udd39 Description: A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:58:11.319Z\n\ud83d\udd17 References:\n1. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", "creation_timestamp": "2025-01-24T20:04:37.000000Z"}, {"uuid": "be0da33e-02c2-4cd2-b681-3a843c1cfc3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "published-proof-of-concept", "source": "Telegram/nPhrPfiXPUHAf58D5YpbTj99KkY4hNzkYP0rbZrOEVdw3Nc", "content": "", "creation_timestamp": "2024-04-02T00:59:20.000000Z"}, {"uuid": "08bf37f3-d0b4-4c0f-881a-220ba6a754fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10664", "content": "CVE-2023-20052\n\nCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\n\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\nPrivate: @RAVE_CGF", "creation_timestamp": "2024-04-02T00:59:21.000000Z"}, {"uuid": "f4e99d2d-b404-4dd9-a4c0-0a2c0d56f417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25002", "type": "published-proof-of-concept", "source": "Telegram/daeCUX95O6ZDqcl0fr7xMzropW9nHK8k-upy-41VtmVTfc0", "content": "", "creation_timestamp": "2023-07-12T18:59:04.000000Z"}]}