{"vulnerability": "CVE-2023-3728", "sightings": [{"uuid": "f1c925f6-635f-4a5b-8586-5d1c74317f1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37282", "type": "seen", "source": "https://t.me/ctinow/165606", "content": "https://ift.tt/IZSQKOG\nCVE-2023-37282 Exploit", "creation_timestamp": "2024-01-10T08:16:24.000000Z"}, {"uuid": "1d505c9e-6e22-4faf-97a4-079876b19878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37283", "type": "seen", "source": "https://t.me/cibsecurity/72877", "content": "\u203c CVE-2023-37283 \u203c\n\nUnder a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:49:24.000000Z"}, {"uuid": "c88ef58e-3662-464a-a33c-de6cbeab9fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37281", "type": "seen", "source": "https://t.me/cibsecurity/70625", "content": "\u203c CVE-2023-37281 \u203c\n\nContiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:26:03.000000Z"}, {"uuid": "7d53123d-1dd4-4fd9-ac1e-4ab5be65b9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37286", "type": "seen", "source": "https://t.me/cibsecurity/66243", "content": "\u203c CVE-2023-37286 \u203c\n\nSmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T07:23:27.000000Z"}, {"uuid": "e96d4c8e-5af6-42df-a977-887d49325272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37284", "type": "seen", "source": "https://t.me/cibsecurity/69989", "content": "\u203c CVE-2023-37284 \u203c\n\nImproper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T14:17:53.000000Z"}, {"uuid": "8574ea6f-11db-4545-af7f-b67819f3327a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37285", "type": "seen", "source": "https://t.me/cibsecurity/67365", "content": "\u203c CVE-2023-37285 \u203c\n\nAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T12:29:27.000000Z"}, {"uuid": "47b9ce1d-02f3-4284-a604-7b39b27af550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37287", "type": "seen", "source": "https://t.me/cibsecurity/66242", "content": "\u203c CVE-2023-37287 \u203c\n\nSmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T07:23:26.000000Z"}, {"uuid": "e53a5797-671a-48bc-8043-d56a260475f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37288", "type": "seen", "source": "https://t.me/cibsecurity/66241", "content": "\u203c CVE-2023-37288 \u203c\n\nSmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T07:23:25.000000Z"}]}