{"vulnerability": "CVE-2023-3737", "sightings": [{"uuid": "f2aefa49-a807-4f75-b1bd-ad5536d584e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37377", "type": "seen", "source": "https://t.me/cibsecurity/70131", "content": "\u203c CVE-2023-37377 \u203c\n\nAn issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T07:19:23.000000Z"}, {"uuid": "d823e8a9-2d9b-470e-aeac-d828fae71da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37378", "type": "seen", "source": "https://t.me/cibsecurity/65886", "content": "\u203c CVE-2023-37378 \u203c\n\nNullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-04T00:22:56.000000Z"}, {"uuid": "ee2ea5f2-02c0-43f6-bfca-0df7646cae87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37372", "type": "seen", "source": "https://t.me/cibsecurity/67962", "content": "\u203c CVE-2023-37372 \u203c\n\nA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T14:15:02.000000Z"}, {"uuid": "2eead754-870a-4cf4-96e1-a60a2dcb7fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37373", "type": "seen", "source": "https://t.me/cibsecurity/67957", "content": "\u203c CVE-2023-37373 \u203c\n\nA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T14:14:43.000000Z"}, {"uuid": "96afb963-85fe-4c06-bd70-30d7859da048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37379", "type": "seen", "source": "https://t.me/cibsecurity/69076", "content": "\u203c CVE-2023-37379 \u203c\n\nApache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T20:12:56.000000Z"}, {"uuid": "218aeb4a-aa66-4768-8746-9fc15c863846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37375", "type": "seen", "source": "https://t.me/cibsecurity/66350", "content": "\u203c CVE-2023-37375 \u203c\n\nA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:38.000000Z"}, {"uuid": "caf0f7d6-14d4-4c09-84d9-cd042b95f093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37374", "type": "seen", "source": "https://t.me/cibsecurity/66355", "content": "\u203c CVE-2023-37374 \u203c\n\nA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:46.000000Z"}]}