{"vulnerability": "cve-2023-3411", "sightings": [{"uuid": "69fde9f1-d4eb-413a-8de7-7e03b9d40fa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34112", "type": "seen", "source": "https://t.me/cibsecurity/65086", "content": "\u203c CVE-2023-34112 \u203c\n\nJavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-09T07:32:54.000000Z"}, {"uuid": "f99091d2-2dc2-467c-874e-7750f137a82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34110", "type": "seen", "source": "https://t.me/cibsecurity/65439", "content": "\u203c CVE-2023-34110 \u203c\n\nFlask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-23T02:27:53.000000Z"}, {"uuid": "a75faf16-29c8-4cc8-89c6-861744efce7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34116", "type": "seen", "source": "https://t.me/cibsecurity/66419", "content": "\u203c CVE-2023-34116 \u203c\n\nImproper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:30:03.000000Z"}, {"uuid": "3fa56081-0e04-4aa3-bbca-5579502b187f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34117", "type": "seen", "source": "https://t.me/cibsecurity/66418", "content": "\u203c CVE-2023-34117 \u203c\n\nRelative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:59.000000Z"}]}