{"vulnerability": "CVE-2023-3950", "sightings": [{"uuid": "20f71090-316d-4598-98d4-f0d4e55d0d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39509", "type": "seen", "source": "https://t.me/ctinow/167156", "content": "https://ift.tt/sMwGOY0\nCVE-2023-39509 | Bosch Camera command injection", "creation_timestamp": "2024-01-12T09:36:58.000000Z"}, {"uuid": "114e1a08-8ab8-40ce-bab8-c35a41464165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3950", "type": "seen", "source": "https://t.me/cibsecurity/69619", "content": "\u203c CVE-2023-3950 \u203c\n\nAn information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T14:13:45.000000Z"}, {"uuid": "5efb6ee8-987a-4475-8e2d-5920805cf160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39507", "type": "seen", "source": "https://t.me/cibsecurity/68618", "content": "\u203c CVE-2023-39507 \u203c\n\nImproper authorization in the custom URL scheme handler in \"Rikunabi NEXT\" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T12:49:37.000000Z"}, {"uuid": "f6b76a03-e84c-4bba-b575-fe9e3d3a4336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39508", "type": "seen", "source": "https://t.me/cibsecurity/67813", "content": "\u203c CVE-2023-39508 \u203c\n\nExecution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T16:18:16.000000Z"}]}