{"vulnerability": "CVE-2023-4001", "sightings": [{"uuid": "9f268bc0-96c6-4657-b819-c58fcf100247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40011", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647286721755713", "content": "", "creation_timestamp": "2024-12-13T19:59:38.164077Z"}, {"uuid": "46201dbc-bba7-46cb-aa1d-2a9ac7f8e8a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4001", "type": "seen", "source": "https://t.me/ctinow/168307", "content": "https://ift.tt/Y1Xc6Mz\nCVE-2023-4001", "creation_timestamp": "2024-01-15T12:26:31.000000Z"}, {"uuid": "5db0a068-df35-4a83-9e94-c7524803de59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40010", "type": "seen", "source": "https://t.me/ctinow/157122", "content": "https://ift.tt/JOGMwxy\nCVE-2023-40010", "creation_timestamp": "2023-12-20T16:23:59.000000Z"}, {"uuid": "14a0eea2-6d6e-4ef3-86d5-c4c036f122f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4001", "type": "seen", "source": "https://t.me/ctinow/175708", "content": "https://ift.tt/4wGjQ1o\nCVE-2023-4001 | Grub2 Password Protection improper authentication", "creation_timestamp": "2024-01-30T07:07:20.000000Z"}, {"uuid": "438fc028-afa8-4343-b5a7-513ec072bb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4001", "type": "seen", "source": "https://t.me/ctinow/186443", "content": "https://ift.tt/Eq0o86B\nCVE-2023-4001 Grub2 Vulnerability in NetApp Products", "creation_timestamp": "2024-02-16T15:31:50.000000Z"}, {"uuid": "aa5e0c16-8474-4bb2-a68a-c79c08a97d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40019", "type": "seen", "source": "https://t.me/cibsecurity/70621", "content": "\u203c CVE-2023-40019 \u203c\n\nFreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:25:56.000000Z"}, {"uuid": "fffd8e8c-86a5-4c70-947d-3eb4601ac921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40018", "type": "seen", "source": "https://t.me/cibsecurity/70619", "content": "\u203c CVE-2023-40018 \u203c\n\nFreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:25:55.000000Z"}, {"uuid": "55252576-8b58-4f63-8c96-f5b0c7d3af57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40010", "type": "seen", "source": "https://t.me/ctinow/167850", "content": "https://ift.tt/fYzRl5T\nCVE-2023-40010 | realmag777 Husky Plugin up to 1.3.4.2 on WordPress sql injection", "creation_timestamp": "2024-01-13T15:21:52.000000Z"}, {"uuid": "539b00c6-3989-4532-9ebf-bb56921552c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40015", "type": "seen", "source": "https://t.me/cibsecurity/69807", "content": "\u203c CVE-2023-40015 \u203c\n\nVyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-04T22:21:25.000000Z"}, {"uuid": "68b9e195-3c80-4a56-b668-b8ea01533b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40017", "type": "seen", "source": "https://t.me/cibsecurity/69168", "content": "\u203c CVE-2023-40017 \u203c\n\nGeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-25T02:13:40.000000Z"}, {"uuid": "a01d7c30-249b-4831-8606-a91ce1d4310f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40014", "type": "seen", "source": "https://t.me/cibsecurity/68258", "content": "\u203c CVE-2023-40014 \u203c\n\nOpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T00:16:12.000000Z"}, {"uuid": "d67ccc12-169f-44fb-a2b2-7e0191ffd9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4001", "type": "seen", "source": "https://t.me/ctinow/166050", "content": "https://ift.tt/DKwS1iE\nCVE-2023-4001", "creation_timestamp": "2024-01-10T18:46:46.000000Z"}, {"uuid": "d56dffa4-ab94-4328-99fe-e6f718f1f7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40012", "type": "seen", "source": "https://t.me/cibsecurity/68102", "content": "\u203c CVE-2023-40012 \u203c\n\nuthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a \"signed\" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T20:15:02.000000Z"}]}