{"vulnerability": "cve-2023-2558", "sightings": [{"uuid": "fe672d24-8c4f-4fb7-a0be-72da9df7c7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25588", "type": "seen", "source": "https://t.me/cibsecurity/70571", "content": "\u203c CVE-2023-25588 \u203c\n\nA flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:25:01.000000Z"}, {"uuid": "2f143bf6-423a-43a5-9ee1-97c3c0676c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25581", "type": "seen", "source": "https://t.me/cvedetector/7615", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-25581 - Pac4j Core Java Deserialization Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-25581 \nPublished : Oct. 10, 2024, 4:15 p.m. | 37\u00a0minutes ago \nDescription : pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-10T19:16:56.000000Z"}, {"uuid": "c54978a9-950e-4e1d-983a-0b8ab9739c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25585", "type": "seen", "source": "https://t.me/cibsecurity/70572", "content": "\u203c CVE-2023-25585 \u203c\n\nA flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:25:02.000000Z"}, {"uuid": "2e15a65b-728f-43e0-923c-fa33d8038a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25586", "type": "seen", "source": "https://t.me/cibsecurity/70576", "content": "\u203c CVE-2023-25586 \u203c\n\nA flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:25:09.000000Z"}, {"uuid": "77387f8b-2d5a-4353-b272-b4509788de5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25584", "type": "seen", "source": "https://t.me/cibsecurity/70574", "content": "\u203c CVE-2023-25584 \u203c\n\nAn out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:25:07.000000Z"}, {"uuid": "9c13a32b-ea72-4bbb-8531-7653a1e1636f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25583", "type": "seen", "source": "https://t.me/cibsecurity/66101", "content": "\u203c CVE-2023-25583 \u203c\n\nTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T18:20:45.000000Z"}, {"uuid": "737cfa08-d58a-423c-856d-140bd165cb68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25582", "type": "seen", "source": "https://t.me/cibsecurity/66105", "content": "\u203c CVE-2023-25582 \u203c\n\nTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T18:30:27.000000Z"}, {"uuid": "aae328f0-2d66-4ca3-8890-93e6ef24bc9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25581", "type": "seen", "source": "MISP/274f594a-8ba7-4c6e-bf6a-c52c14842867", "content": "", "creation_timestamp": "2024-10-21T15:07:33.000000Z"}]}