{"vulnerability": "CVE-2023-4133", "sightings": [{"uuid": "ea7e0594-9371-4148-a009-518f8920ea86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41335", "type": "seen", "source": "https://t.me/cibsecurity/71076", "content": "\u203c CVE-2023-41335 \u203c\n\nSynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities\u00e2\u20ac\u201dit already learns the users' passwords as part of the authentication process\u00e2\u20ac\u201dit does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T18:42:01.000000Z"}, {"uuid": "5f0e7c97-44d5-4892-8831-f211df55b1d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-4133", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "acd15b7a-a870-4eb5-9fb1-3043b896ef83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4133", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5795", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-4133\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.\n\ud83d\udccf Published: 2023-08-03T14:32:12.421Z\n\ud83d\udccf Modified: 2025-02-27T21:11:13.168Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:2394\n2. https://access.redhat.com/errata/RHSA-2024:2950\n3. https://access.redhat.com/errata/RHSA-2024:3138\n4. https://access.redhat.com/security/cve/CVE-2023-4133\n5. https://bugzilla.redhat.com/show_bug.cgi?id=2221702", "creation_timestamp": "2025-02-27T21:25:56.000000Z"}, {"uuid": "bd09d010-ba9f-4002-8d1b-9063887b1da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41334", "type": "seen", "source": "https://t.me/ctinow/210904", "content": "https://ift.tt/VTZrHY4\nCVE-2023-41334", "creation_timestamp": "2024-03-18T20:26:38.000000Z"}, {"uuid": "97be9d6c-028d-4c9e-96aa-27307d241958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41334", "type": "seen", "source": "https://t.me/ctinow/210922", "content": "https://ift.tt/VTZrHY4\nCVE-2023-41334", "creation_timestamp": "2024-03-18T20:26:58.000000Z"}, {"uuid": "ff83ece6-b767-472e-a6bf-0ddb920925db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41330", "type": "seen", "source": "https://t.me/cibsecurity/70031", "content": "\u203c CVE-2023-41330 \u203c\n\nknplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.## IssueOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T22:18:16.000000Z"}, {"uuid": "ee353817-ae75-4723-8a99-48ccdbecc39f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41338", "type": "seen", "source": "https://t.me/cibsecurity/70163", "content": "\u203c CVE-2023-41338 \u203c\n\nFiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T22:21:41.000000Z"}, {"uuid": "e53725eb-bce7-4abb-a178-2f577577d572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41331", "type": "seen", "source": "https://t.me/cibsecurity/70347", "content": "\u203c CVE-2023-41331 \u203c\n\nSOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefullycrafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T00:23:13.000000Z"}, {"uuid": "fb04a164-0544-47e7-ae9b-943e4aed934e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41337", "type": "seen", "source": "https://t.me/ctinow/162839", "content": "https://ift.tt/YkF9Ndm\nCVE-2023-41337 | h2o up to 2.3.0-beta2 X.509 Certificate signature verification (GHSA-5v5r-rghf-rm6q)", "creation_timestamp": "2024-01-04T08:41:37.000000Z"}, {"uuid": "fc9685f7-3e7b-40b2-b51a-fd10a32a72ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4133", "type": "seen", "source": "https://t.me/cibsecurity/67688", "content": "\u203c CVE-2023-4133 \u203c\n\nA use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:09.000000Z"}]}