{"vulnerability": "CVE-2023-2233", "sightings": [{"uuid": "e82924ba-f38f-408d-8457-6f7495614c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22332", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22332\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.\n\ud83d\udccf Published: 2023-01-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T14:06:55.023Z\n\ud83d\udd17 References:\n1. https://www.pgpool.net/mediawiki/index.php/Main_Page#News\n2. https://jvn.jp/en/jp/JVN72418815/", "creation_timestamp": "2025-03-28T14:27:37.000000Z"}, {"uuid": "c0876003-9645-4d5a-a36f-d8ee600091ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22335", "type": "seen", "source": "Telegram/NYZmz1eOKNDAGNnnuRUvzWQuP9X38H3odG6pDdaeLU612Qet", "content": "", "creation_timestamp": "2025-03-08T04:34:10.000000Z"}, {"uuid": "3f4193da-12e8-4dcb-ac88-44316c398fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22334", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10256", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22334\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.\n\ud83d\udccf Published: 2023-01-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T15:18:44.743Z\n\ud83d\udd17 References:\n1. https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b\n2. https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf\n3. https://jvn.jp/en/vu/JVNVU96873821\n4. https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03", "creation_timestamp": "2025-04-03T15:35:13.000000Z"}, {"uuid": "dd74fbe6-f203-45f6-ab84-45a82e3e9f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22330", "type": "seen", "source": "https://t.me/cibsecurity/68296", "content": "\u203c CVE-2023-22330 \u203c\n\nUse of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:29:35.000000Z"}, {"uuid": "dfb39114-c6e9-4397-a478-1b8bc9c26436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22331", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22331\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.\n\ud83d\udccf Published: 2023-01-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T17:58:46.888Z\n\ud83d\udd17 References:\n1. https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b\n2. https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf\n3. https://jvn.jp/en/vu/JVNVU96873821\n4. https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03", "creation_timestamp": "2025-04-03T18:35:48.000000Z"}, {"uuid": "4b65f0ca-33da-4026-9ea9-c56e52a9f647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2233", "type": "seen", "source": "https://t.me/cibsecurity/71253", "content": "\u203c CVE-2023-2233 \u203c\n\nAn improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T13:25:35.000000Z"}, {"uuid": "cf34b6b1-c875-4f3a-ac92-e4f576edf087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22338", "type": "seen", "source": "https://t.me/cibsecurity/68273", "content": "\u203c CVE-2023-22338 \u203c\n\nOut-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:26:26.000000Z"}, {"uuid": "e3297b9a-308f-481d-a3d3-eaa7dc6f8c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22335", "type": "seen", "source": "https://t.me/cibsecurity/59440", "content": "\u203c CVE-2023-22344 \u203c\n\nUse of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:21.000000Z"}, {"uuid": "c74689fe-d2ca-4ba2-abc2-3794e06bfb0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22336", "type": "seen", "source": "https://t.me/cibsecurity/59440", "content": "\u203c CVE-2023-22344 \u203c\n\nUse of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:21.000000Z"}, {"uuid": "63a8d04e-168d-40a8-93f1-158578cbf506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22335", "type": "seen", "source": "https://t.me/cibsecurity/59437", "content": "\u203c CVE-2023-22336 \u203c\n\nPath traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:18.000000Z"}, {"uuid": "8909fb18-1482-40e3-82c1-8c2a133ddcb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22336", "type": "seen", "source": "https://t.me/cibsecurity/59437", "content": "\u203c CVE-2023-22336 \u203c\n\nPath traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:18.000000Z"}, {"uuid": "576769b9-8c2f-48e6-b555-b8c1ddf1e22e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22335", "type": "seen", "source": "https://t.me/cibsecurity/59444", "content": "\u203c CVE-2023-22335 \u203c\n\nImproper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T02:37:25.000000Z"}, {"uuid": "1d2ccc6f-9f11-4c53-add7-54cbd285753d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22334", "type": "seen", "source": "https://t.me/cibsecurity/56745", "content": "\u203c CVE-2023-22334 \u203c\n\nUse of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T10:58:13.000000Z"}, {"uuid": "e4b82e65-5f8c-4b7a-9912-480ae30bdb0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22331", "type": "seen", "source": "https://t.me/cibsecurity/56743", "content": "\u203c CVE-2023-22331 \u203c\n\nUse of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T07:22:14.000000Z"}, {"uuid": "d01fe123-7f35-4964-b10a-fb21952ec124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22339", "type": "seen", "source": "https://t.me/cibsecurity/56741", "content": "\u203c CVE-2023-22339 \u203c\n\nImproper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T07:22:12.000000Z"}, {"uuid": "746b38c3-e0b9-4e66-ad20-e188377c7fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22332", "type": "seen", "source": "https://t.me/cibsecurity/57146", "content": "\u203c CVE-2023-22332 \u203c\n\nInformation disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T12:37:03.000000Z"}, {"uuid": "b4e23bf1-5a46-48ac-a71c-03ac81a3330a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22333", "type": "seen", "source": "https://t.me/cibsecurity/57153", "content": "\u203c CVE-2023-22333 \u203c\n\nCross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T12:37:14.000000Z"}]}