{"vulnerability": "cve-2023-3579", "sightings": [{"uuid": "809b7dc0-4c24-4134-bdb6-8ea8c00fc180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "Telegram/SUSLl334weVsA57Qfzj0KX6hd_x8UckZdaS63qpJc-a-Svg", "content": "", "creation_timestamp": "2023-12-05T10:11:55.000000Z"}, {"uuid": "12eb277f-7680-4ed5-8fc2-e908a660440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35797", "type": "seen", "source": "https://t.me/cibsecurity/65857", "content": "\u203c CVE-2023-35797 \u203c\n\nImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was\u00c2\u00a0possible to bypass the security check to RCE viaprincipal parameter. For this to be\u00c2\u00a0exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this\u00c2\u00a0vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T14:22:26.000000Z"}, {"uuid": "3a21f983-0d23-4a9d-b58c-48d46d79247b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35792", "type": "seen", "source": "https://t.me/cibsecurity/67471", "content": "\u203c CVE-2023-35792 \u203c\n\nVound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T18:38:09.000000Z"}, {"uuid": "33d54df8-138f-49a8-bd79-99386e1d30d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35798", "type": "seen", "source": "https://t.me/cibsecurity/65570", "content": "\u203c CVE-2023-35798 \u203c\n\nInput Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This\u00c2\u00a0vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically\u00c2\u00a0updating the connection to exploit it.This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.It is recommended to\u00c2\u00a0upgrade to a version that is not affected\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T16:33:44.000000Z"}, {"uuid": "f4f49d1d-b73c-44e1-beed-17b8ff7c5300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1196", "content": "https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH\nCVE-2023-35793\n#github", "creation_timestamp": "2023-09-27T17:04:19.000000Z"}, {"uuid": "9d44dbe3-15f6-4e31-bb7a-55a49a1d30dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1149", "content": "https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH\nCVE-2023-35793\n#github", "creation_timestamp": "2024-08-16T08:30:20.000000Z"}, {"uuid": "9008b022-749b-4e45-83aa-edfc3e1d7692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1131", "content": "#exploit\n1. CVE-2023-35793:\nCSRF On Web-SSH\nhttps://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH\n\n2. CVE-2023-43263:\nXSS vulnerability in Froala Editor v.4.1.1\nhttps://github.com/b0marek/CVE-2023-43263\n\n3. CVE-2023-43323:\nmooSocial - External HTTP/DNS Service Interaction\nhttps://github.com/ahrixia/CVE-2023-43323", "creation_timestamp": "2024-08-16T08:28:28.000000Z"}, {"uuid": "1ae2995c-d9a5-4107-bbc3-3e1b44eff041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5220", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRepository contains description for CVE-2023-35793\nURL\uff1ahttps://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-26T11:46:42.000000Z"}, {"uuid": "1b9a26e3-c61b-4c29-92c4-2733276ec201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}, {"uuid": "e1a2e098-994d-4ca0-953a-602b8aed61ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35793", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9098", "content": "#exploit\n1. CVE-2023-35793:\nCSRF On Web-SSH\nhttps://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH\n\n2. CVE-2023-43263:\nXSS vulnerability in Froala Editor v.4.1.1\nhttps://github.com/b0marek/CVE-2023-43263\n\n3. CVE-2023-43323:\nmooSocial - External HTTP/DNS Service Interaction\nhttps://github.com/ahrixia/CVE-2023-43323", "creation_timestamp": "2023-09-27T11:00:44.000000Z"}, {"uuid": "9c1b0252-4b92-4658-9132-b4170dcab1cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35794", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5581", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRepository contains description for CVE-2023-35794 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom.\nURL\uff1ahttps://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-27T09:57:20.000000Z"}, {"uuid": "757e6b8c-7380-4150-a34c-20010781e507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35796", "type": "seen", "source": "https://t.me/cibsecurity/71917", "content": "\u203c CVE-2023-35796 \u203c\n\nA vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T15:49:37.000000Z"}, {"uuid": "172e78a2-22be-439f-b4d4-d82f045d4b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35790", "type": "seen", "source": "https://t.me/cibsecurity/65315", "content": "\u203c CVE-2023-35790 \u203c\n\nAn issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-17T00:23:45.000000Z"}]}