{"vulnerability": "CVE-2023-2461", "sightings": [{"uuid": "51806dc9-3ea7-4553-9fe7-85410d4cd188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24610", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3735", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aThis is a proof of concept for CVE-2023-24610\nURL\uff1ahttps://github.com/abbisQQ/CVE-2023-24610\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-02-01T16:32:22.000000Z"}, {"uuid": "bd4e1bd5-74d2-41c3-9870-4708fa4c34ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2461", "type": "seen", "source": "https://t.me/cibsecurity/63201", "content": "\u203c CVE-2023-2461 \u203c\n\nUse after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T07:30:52.000000Z"}, {"uuid": "6b8dff17-d59d-4397-ba9c-e1550d8b211b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24619", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24619\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.\n\ud83d\udccf Published: 2023-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T18:06:40.109Z\n\ud83d\udd17 References:\n1. https://github.com/redpanda-data/redpanda/pull/8339", "creation_timestamp": "2025-03-21T18:19:49.000000Z"}, {"uuid": "2b1bf293-50ee-498e-bf90-0617797f8bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24619", "type": "seen", "source": "https://t.me/cibsecurity/58020", "content": "\u203c CVE-2023-24619 \u203c\n\nRedpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T22:29:56.000000Z"}, {"uuid": "99fe8ccb-7320-4aed-9c16-c78ce9b8b2d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24613", "type": "seen", "source": "https://t.me/cibsecurity/57437", "content": "\u203c CVE-2023-24613 \u203c\n\nThe user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T07:25:27.000000Z"}, {"uuid": "7c6d05f0-9fdb-420c-908f-e3e60a802b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24610", "type": "seen", "source": "https://t.me/cibsecurity/57298", "content": "\u203c CVE-2023-24610 \u203c\n\nNOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the \"practice logo\" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T16:14:25.000000Z"}, {"uuid": "4f380879-dd67-4be4-832b-4c3cc590a40a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24612", "type": "seen", "source": "https://t.me/cibsecurity/57139", "content": "\u203c CVE-2023-24612 \u203c\n\nThe PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T07:36:49.000000Z"}, {"uuid": "e218cb24-eaea-4fcb-93c2-9fc3bf26bc7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24610", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2618", "content": "#CVE-2023\nThis is a proof of concept for CVE-2023-24610\n\nhttps://github.com/abbisQQ/CVE-2023-24610\n\nCVE-2023-23924 PoC\n\nhttps://github.com/motikan2010/CVE-2023-23924\n\nCVE-2023-23924 PoC\n\nhttps://github.com/Live-Hack-CVE/CVE-2023-20916\n\nCVE-2023-23924 PoC\n\nhttps://github.com/Live-Hack-CVE/CVE-2023-22664\n\n@BlueRedTeam", "creation_timestamp": "2023-03-09T08:14:27.000000Z"}]}