{"vulnerability": "CVE-2023-2911", "sightings": [{"uuid": "e3f78a10-fb15-4d57-8102-b7bacf0f545b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29113", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsor5bt7g52i", "content": "", "creation_timestamp": "2025-06-28T18:15:11.762696Z"}, {"uuid": "d63c0872-e70b-484c-8ba1-916246854bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgqad2p", "content": "", "creation_timestamp": "2025-03-14T05:32:29.613688Z"}, {"uuid": "e9f09e67-5752-4027-b76c-28cca637d305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgr7l2p", "content": "", "creation_timestamp": "2025-03-14T05:32:30.096339Z"}, {"uuid": "5a0f38e6-b489-4b14-b9e5-0c26c1b5904a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgle22p", "content": "", "creation_timestamp": "2025-03-14T05:32:28.110148Z"}, {"uuid": "e8517553-937b-4e10-ab57-295ab4f3e487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgpb22p", "content": "", "creation_timestamp": "2025-03-14T05:32:28.598613Z"}, {"uuid": "21af4a5e-cb81-4225-83f4-a2960815f072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgqac2p", "content": "", "creation_timestamp": "2025-03-14T05:32:29.111327Z"}, {"uuid": "f92c9efc-3eb1-4913-94b7-5ddfebedee08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29119", "type": "seen", "source": "https://t.me/cvedetector/9897", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-29119 - Waybox Enel X SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2023-29119 \nPublished : Nov. 5, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/dbstore.php. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T18:03:35.000000Z"}, {"uuid": "5b7375c6-0734-4402-bdb5-e04331f87a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29113", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19822", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29113\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.\n\ud83d\udccf Published: 2025-06-28T15:33:26.500Z\n\ud83d\udccf Modified: 2025-06-28T15:33:26.500Z\n\ud83d\udd17 References:\n1. https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf\n2. https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2\n3. https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", "creation_timestamp": "2025-06-28T15:55:21.000000Z"}, {"uuid": "8a27785f-24cc-4c56-ac5b-906bc5393484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29118", "type": "seen", "source": "https://t.me/cvedetector/9896", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-29118 - Waybox Enel X Web Management Unauthenticated Arbitrary Request Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-29118 \nPublished : Nov. 5, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/versions.php. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T18:03:34.000000Z"}, {"uuid": "0d965b07-f414-4ef1-b58e-39b1a77cdc55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29117", "type": "seen", "source": "https://t.me/cvedetector/9895", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-29117 - Waybox Enel X Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-29117 \nPublished : Nov. 5, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T18:03:33.000000Z"}, {"uuid": "ee79de01-4d73-42eb-a010-c3a604674266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29116", "type": "seen", "source": "https://t.me/cvedetector/9894", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-29116 - Waybox Enel X Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-29116 \nPublished : Nov. 5, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T18:03:32.000000Z"}, {"uuid": "a2df00b2-db92-43f2-827c-924bd08f2072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29111", "type": "seen", "source": "https://t.me/cibsecurity/61820", "content": "\u203c CVE-2023-29111 \u203c\n\nThe SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T07:23:06.000000Z"}, {"uuid": "3d57cc72-fd80-487e-bf51-03342f629ae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2911", "type": "seen", "source": "https://t.me/cibsecurity/65390", "content": "\u203c CVE-2023-2911 \u203c\n\nIf the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-21T20:26:21.000000Z"}, {"uuid": "6b133d1d-330a-4c43-838b-baaef973ea2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29112", "type": "seen", "source": "https://t.me/cibsecurity/61818", "content": "\u203c CVE-2023-29112 \u203c\n\nThe SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T07:23:04.000000Z"}]}