{"vulnerability": "cve-2023-2553", "sightings": [{"uuid": "d35278d5-70ce-407b-b558-623c3f8d331b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25539", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25539\n\ud83d\udd39 Description: \nDell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.\n\n\n\ud83d\udccf Published: 2023-05-31T04:50:27.879Z\n\ud83d\udccf Modified: 2025-01-09T20:39:14.030Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability", "creation_timestamp": "2025-01-09T21:16:03.000000Z"}, {"uuid": "924c66fd-6a6c-43fd-a515-12ed30b8093a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25534", "type": "seen", "source": "https://t.me/cibsecurity/70755", "content": "\u203c CVE-2023-25534 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:29:55.000000Z"}, {"uuid": "d6d6d466-4508-4108-8a45-5f854a92de82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25539", "type": "seen", "source": "https://t.me/cibsecurity/64806", "content": "\u203c CVE-2023-25539 \u203c\n\nDell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-31T12:24:20.000000Z"}, {"uuid": "dc66a2d0-f6ca-4c6d-bcea-d5aea91da35f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2553", "type": "seen", "source": "https://t.me/cibsecurity/63396", "content": "\u203c CVE-2023-2553 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-06T00:25:14.000000Z"}, {"uuid": "38e57c4e-27a2-4d6f-8113-eea5066ab13c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25536", "type": "seen", "source": "https://t.me/cibsecurity/59322", "content": "\u203c CVE-2023-25536 \u203c\n\nDell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-02T18:34:24.000000Z"}, {"uuid": "f6cc34b8-c22d-4586-a7d6-b6a20f6567da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25532", "type": "seen", "source": "https://t.me/cibsecurity/70766", "content": "\u203c CVE-2023-25532 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:30:08.000000Z"}, {"uuid": "713f5f6a-95e1-4781-a604-890fa1e4c155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25533", "type": "seen", "source": "https://t.me/cibsecurity/70770", "content": "\u203c CVE-2023-25533 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:30:15.000000Z"}, {"uuid": "06c994a3-e3eb-42ed-bf39-735f0cc1764e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25531", "type": "seen", "source": "https://t.me/cibsecurity/70769", "content": "\u203c CVE-2023-25531 \u203c\n\nNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T07:30:14.000000Z"}, {"uuid": "aa35a5d8-aef2-4c97-8100-ee76c96f0077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25535", "type": "seen", "source": "https://t.me/ctinow/184787", "content": "https://ift.tt/t6U0bWc\nCVE-2023-25535", "creation_timestamp": "2024-02-14T16:51:47.000000Z"}, {"uuid": "6c12fdea-de2e-42fa-aa0d-0c5d53abdcad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25537", "type": "seen", "source": "https://t.me/cibsecurity/64522", "content": "\u203c CVE-2023-25537 \u203c\n\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T14:25:35.000000Z"}]}