{"vulnerability": "CVE-2023-2236", "sightings": [{"uuid": "cbe07071-dca8-40d5-bedd-53411800c6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22361", "type": "seen", "source": "https://t.me/arpsyndicate/3407", "content": "#ExploitObserverAlert\n\nZDI-24-110\n\nDESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to ZDI-24-110. Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.  The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22361.", "creation_timestamp": "2024-02-11T14:31:43.000000Z"}, {"uuid": "62b8b726-e0ef-4b1e-b993-9959684edef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22366", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10331", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22366\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.\n\ud83d\udccf Published: 2023-01-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T19:23:20.238Z\n\ud83d\udd17 References:\n1. https://jvn.jp/en/vu/JVNVU91744508/index.html", "creation_timestamp": "2025-04-03T19:35:42.000000Z"}, {"uuid": "ae66c34b-21d0-4184-a1c2-7dea46aae564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2236", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3ljjzkfz2la2h", "content": "", "creation_timestamp": "2025-03-04T08:15:39.254792Z"}, {"uuid": "fca71f2b-ade2-4203-889a-fedd3f226ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22360", "type": "seen", "source": "https://t.me/arpsyndicate/3404", "content": "#ExploitObserverAlert\n\nZDI-24-111\n\nDESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to ZDI-24-111. Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.  The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22360.", "creation_timestamp": "2024-02-11T14:19:41.000000Z"}, {"uuid": "e75e106e-4117-4bf3-be22-9d55b4e77f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22363", "type": "seen", "source": "https://t.me/cibsecurity/67197", "content": "\u203c CVE-2023-22363 \u203c\n\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T07:26:38.000000Z"}, {"uuid": "15dc5da2-8f1e-4265-a825-7925bb0f3e6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2236", "type": "seen", "source": "https://t.me/cibsecurity/63123", "content": "\u203c CVE-2023-2236 \u203c\n\nA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Both\u00c2\u00a0io_install_fixed_file\u00c2\u00a0and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-01T16:29:27.000000Z"}, {"uuid": "e1c1f644-0cbc-4875-952a-b922b707fdee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22361", "type": "seen", "source": "https://t.me/cibsecurity/63721", "content": "\u203c CVE-2023-22361 \u203c\n\nImproper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T12:20:19.000000Z"}, {"uuid": "945e045d-c8ac-4c67-99bf-1c28f1ab2db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22362", "type": "seen", "source": "https://t.me/cibsecurity/57986", "content": "\u203c CVE-2023-22362 \u203c\n\nSUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T14:35:59.000000Z"}, {"uuid": "ca7d9e52-cb70-4cbb-8158-d1357a1ac9ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22368", "type": "seen", "source": "https://t.me/cibsecurity/58205", "content": "\u203c CVE-2023-22368 \u203c\n\nUntrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:19.000000Z"}, {"uuid": "fc0da357-aa0a-4de3-afa2-9d9ca258c7b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22367", "type": "seen", "source": "https://t.me/cibsecurity/57982", "content": "\u203c CVE-2023-22367 \u203c\n\nIchiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T07:29:29.000000Z"}, {"uuid": "6249ad07-7e9b-48b6-baaf-7f920354fc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22366", "type": "seen", "source": "https://t.me/cibsecurity/56565", "content": "\u203c CVE-2023-22366 \u203c\n\nCX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-17T12:24:46.000000Z"}, {"uuid": "e2b4a9fb-47e6-42ff-8c3c-d76dc246c2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22360", "type": "seen", "source": "https://t.me/cibsecurity/57990", "content": "\u203c CVE-2023-22360 \u203c\n\nUse-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T07:29:37.000000Z"}]}