{"vulnerability": "CVE-2023-4021", "sightings": [{"uuid": "0dd65dbe-2741-4878-a072-5f2a45709f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40213", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647286749188242", "content": "", "creation_timestamp": "2024-12-13T19:59:38.312723Z"}, {"uuid": "3facef2e-cea3-484c-9392-43d9da62e339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40217", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "ef82baca-b32d-410b-abeb-c04d4c5fd6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40217", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m4iwougfkk2a", "content": "", "creation_timestamp": "2025-10-31T16:50:31.897553Z"}, {"uuid": "68d64ab6-a879-442a-96a5-3f79bf3c2fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-40217", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "22d95762-5112-494c-8660-97924be5c1fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40211", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m76umtiuke2b", "content": "", "creation_timestamp": "2025-12-04T21:02:37.911902Z"}, {"uuid": "90c52ce6-73b6-4679-bcf2-5ada327765e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40212", "type": "seen", "source": "https://t.me/cibsecurity/71496", "content": "\u203c CVE-2023-40212 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <=\u00c2\u00a02.1.8 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T16:41:21.000000Z"}, {"uuid": "020c50d1-ca49-4790-81c8-c3be6416d1f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4021", "type": "seen", "source": "https://t.me/cibsecurity/72651", "content": "\u203c CVE-2023-4021 \u203c\n\nThe Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T12:35:08.000000Z"}, {"uuid": "6ec59b66-b940-4aa6-be23-22ed893ad421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40210", "type": "seen", "source": "https://t.me/cibsecurity/71493", "content": "\u203c CVE-2023-40210 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <=\u00c2\u00a04.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T16:41:18.000000Z"}, {"uuid": "63152e85-a9b3-4e8e-87fa-1df66401f131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40216", "type": "seen", "source": "https://t.me/cibsecurity/68239", "content": "\u203c CVE-2023-40216 \u203c\n\nOpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T20:16:02.000000Z"}, {"uuid": "94b7f143-c4fb-4bfb-8179-36bea1a9d31b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40214", "type": "seen", "source": "https://t.me/cibsecurity/69795", "content": "\u203c CVE-2023-40214 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-04T16:22:15.000000Z"}, {"uuid": "96f38f7f-ce5c-43bd-b55c-e5b24b24f655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40218", "type": "seen", "source": "https://t.me/cibsecurity/70290", "content": "\u203c CVE-2023-40218 \u203c\n\nAn issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-12T18:23:02.000000Z"}, {"uuid": "1179b925-2475-487d-8495-b1464635b3e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40216", "type": "seen", "source": "https://t.me/cultofwire/1098", "content": "ANSI Terminal security in 2023 and finding 10 CVEs.\n\n\u041a\u0440\u0443\u0442\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442 \u0414\u044d\u0432\u0438\u0434\u0430 \u041b\u0438\u0434\u0431\u0435\u0439\u0442\u0430 \u043f\u043e \u043f\u043e\u0438\u0441\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430\u0445 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u043e\u0432 \u0441 \u0430\u043a\u0446\u0435\u043d\u0442\u043e\u043c \u043d\u0430 \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u043a\u043e\u0434\u043e\u043c. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 10 CVE \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u043e\u0432 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (Remote Code Execution, RCE), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u041c\u0435\u043d\u0435\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0434\u0435\u0441\u044c: \nThe Terminal Escapes: Engineering unexpected execution from command line interfaces\n\n\u041d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 CVE \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430\u0445 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430:\n- CVE-2022-45872 - iTerm2 DECRQSS\n- CVE-2022-44702 - Windows Terminal + WSL working directory\n- CVE-2022-47583 - mintty DECRQSS\n- CVE-2022-45063 - xterm OSC 50\n- CVE-2022-46387 - ConEmu Title\n- CVE-2023-39150 - ConEmu Title Take 2\n- CVE-2022-4170  - rxvt-unicode background\n- CVE-2022-23465 - SwiftTerm DECRQSS\n- CVE-2022-46663 - less OSC 8\n- CVE-2023-39726 - mintty OSC 50\n- CVE-2023-40359 - xterm ReGIS\n- CVE-2023-40216 - OpenBSD wscons parameter overflow", "creation_timestamp": "2023-11-08T13:02:31.000000Z"}, {"uuid": "694b895d-c420-43de-b2b5-d2b942170fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40217", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8971", "content": "#exploit\n1. CVE-2023-40217:\nBypass TLS handshake on closed sockets\nhttps://github.com/AapoOksman/writeups/tree/master/CVE-2023-40217\n\n2. CVE-2023-4698:\nLFI in usememos/memos <0.13.2\nhttps://github.com/mnqazi/CVE-2023-4698", "creation_timestamp": "2024-12-18T12:00:21.000000Z"}]}