{"vulnerability": "CVE-2023-3944", "sightings": [{"uuid": "62a8453f-67c0-4cee-857a-aba98447bdb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39448", "type": "seen", "source": "https://t.me/cibsecurity/69839", "content": "\u203c CVE-2023-39448 \u203c\n\nPath traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T12:17:14.000000Z"}, {"uuid": "4d6db199-247f-4830-87a4-1d7792a5171d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39447", "type": "seen", "source": "https://t.me/cibsecurity/71932", "content": "\u203c CVE-2023-39447 \u203c\n\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00c2\u00a0\u00c2\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T16:16:55.000000Z"}, {"uuid": "35cdeb2f-e00d-4e0f-9ce9-715b029954c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39446", "type": "seen", "source": "https://t.me/cibsecurity/70683", "content": "\u203c CVE-2023-39446 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T00:28:57.000000Z"}, {"uuid": "94869080-1501-45ac-8577-96293432cf71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39440", "type": "seen", "source": "https://t.me/cibsecurity/67938", "content": "\u203c CVE-2023-39440 \u203c\n\nIn SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T07:13:53.000000Z"}, {"uuid": "258397ff-5de1-4d75-9afd-5e545aee3444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39441", "type": "seen", "source": "https://t.me/cibsecurity/69073", "content": "\u203c CVE-2023-39441 \u203c\n\nApache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and\u00c2\u00a0Apache Airflow before 2.7.0 are affected by the\u00c2\u00a0Validation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509\u00c2\u00a0certificate.\u00c2\u00a0 Instead, the code accepted any certificate, which could\u00c2\u00a0result in the disclosure of mail server credentials or mail contents\u00c2\u00a0when the client connects to an attacker in a MITM position.Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T20:12:50.000000Z"}, {"uuid": "11731425-8c56-4613-8db0-7e232dea65d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39445", "type": "seen", "source": "https://t.me/cibsecurity/68822", "content": "\u203c CVE-2023-39445 \u203c\n\nHidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T14:38:23.000000Z"}, {"uuid": "0017db6d-7c99-48a4-acc3-1dcf53d45cff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3944", "type": "seen", "source": "https://t.me/cibsecurity/67255", "content": "\u203c CVE-2023-3944 \u203c\n\nA vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Affected by this issue is some unknown functionality of the file page.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235400. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:06.000000Z"}]}