{"vulnerability": "CVE-2023-3822", "sightings": [{"uuid": "db34c3f1-1357-447c-a249-05e9af7ffe0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38220", "type": "seen", "source": "https://t.me/cibsecurity/72223", "content": "\u203c CVE-2023-38220 \u203c\n\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T12:28:54.000000Z"}, {"uuid": "c47aeba0-a3ed-4fa7-a562-4ec413a50027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38221", "type": "seen", "source": "https://t.me/cibsecurity/72222", "content": "\u203c CVE-2023-38221 \u203c\n\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T12:28:53.000000Z"}, {"uuid": "2f54d730-a5bd-45b9-9872-9d41b461745c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3822", "type": "seen", "source": "https://t.me/cibsecurity/67099", "content": "\u203c CVE-2023-3822 \u203c\n\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T18:23:41.000000Z"}, {"uuid": "d53e2ce2-106e-4570-a49b-27b0a95e5be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38222", "type": "seen", "source": "https://t.me/cibsecurity/68210", "content": "\u203c CVE-2023-38222 \u203c\n\nAdobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T18:15:49.000000Z"}, {"uuid": "a7801618-e31e-46f4-b0b1-9be8f05fc46e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38226", "type": "seen", "source": "https://t.me/cibsecurity/68214", "content": "\u203c CVE-2023-38226 \u203c\n\nAdobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T18:15:56.000000Z"}, {"uuid": "12dccded-487d-49f3-b81f-6bf0614ce000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38225", "type": "seen", "source": "https://t.me/cibsecurity/68212", "content": "\u203c CVE-2023-38225 \u203c\n\nAdobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T18:15:51.000000Z"}, {"uuid": "2f87800f-ac67-4d5f-aab1-f53668e2db07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38229", "type": "seen", "source": "https://t.me/cibsecurity/68211", "content": "\u203c CVE-2023-38229 \u203c\n\nAdobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T18:15:50.000000Z"}]}