{"vulnerability": "CVE-2023-4246", "sightings": [{"uuid": "0bc7d4f3-ebb4-4b8b-a760-c5a725cc1ac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42469", "type": "seen", "source": "https://t.me/GithubRedTeam/5963", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-42469\nURL\uff1ahttps://github.com/actuator/com.full.dialer.top.secure.encrypted\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-26T23:34:17.000000Z"}, {"uuid": "a831bb79-273c-46b2-a954-bc2d864160cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42468", "type": "seen", "source": "https://t.me/GithubRedTeam/5766", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-42468\nURL\uff1ahttps://github.com/actuator/com.cutestudio.colordialer\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-11T14:10:38.000000Z"}, {"uuid": "8b7b5b5b-847c-4792-b0df-7bfbaa87024a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42460", "type": "seen", "source": "https://t.me/cibsecurity/71066", "content": "\u203c CVE-2023-42460 \u203c\n\nVyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T18:36:06.000000Z"}, {"uuid": "a8190248-066f-4c6c-9a40-0b41b60e3b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42463", "type": "seen", "source": "https://t.me/arpsyndicate/3349", "content": "#ExploitObserverAlert\n\nZDI-24-097\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.", "creation_timestamp": "2024-02-11T09:35:37.000000Z"}, {"uuid": "aa2e7558-e221-4d9d-bab1-20ad0466e64e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42463", "type": "seen", "source": "https://t.me/arpsyndicate/3389", "content": "#ExploitObserverAlert\n\nZDI-24-097\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.", "creation_timestamp": "2024-02-11T13:38:34.000000Z"}, {"uuid": "e50de394-1606-4dc7-a878-c3bef4e415a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42463", "type": "seen", "source": "https://t.me/ctinow/178349", "content": "https://ift.tt/vRolg7I\nCVE-2023-42463 | Wazuh up to 4.5.2 stack-based overflow (GHSA-27p5-32pp-r58r)", "creation_timestamp": "2024-02-03T01:46:18.000000Z"}, {"uuid": "6471bb0b-1712-46a5-8cb4-4625699485fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42465", "type": "seen", "source": "https://t.me/ctinow/181327", "content": "https://ift.tt/ZfKQdH2\nCVE-2023-42465 Sudo Vulnerability in NetApp Products", "creation_timestamp": "2024-02-08T12:26:41.000000Z"}, {"uuid": "02c516b2-9bd4-4ed9-b812-9fbc463b0dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42469", "type": "seen", "source": "https://t.me/cibsecurity/70414", "content": "\u203c CVE-2023-42469 \u203c\n\nThe com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T22:23:49.000000Z"}, {"uuid": "a6d1ced7-fa6c-4a8c-adfe-740f05d2f46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42465", "type": "seen", "source": "https://t.me/ctinow/162586", "content": "https://ift.tt/gesvTfM\nCVE-2023-42465 Exploit", "creation_timestamp": "2024-01-03T21:11:50.000000Z"}, {"uuid": "51bb32a3-3c3d-4ff8-84df-66bae0b3dea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42468", "type": "seen", "source": "https://t.me/cibsecurity/70421", "content": "\u203c CVE-2023-42468 \u203c\n\nThe com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-14T00:23:53.000000Z"}, {"uuid": "dd83bfb1-619a-4d8b-8fae-e538dc081346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42465", "type": "seen", "source": "https://t.me/ctinow/168070", "content": "https://ift.tt/JAqT8Cz\nCVE-2023-42465 | sudo up to 1.9.14 Rowhammer improper authentication", "creation_timestamp": "2024-01-14T16:11:06.000000Z"}, {"uuid": "f42bebfd-588f-4a85-80af-cb01a4dd89ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42463", "type": "seen", "source": "https://t.me/ctinow/167566", "content": "https://ift.tt/eAqW69S\nCVE-2023-42463", "creation_timestamp": "2024-01-12T22:41:42.000000Z"}, {"uuid": "61e7dced-22ec-492c-9741-be4a722e37ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42465", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9642", "content": "#Threat_Research\n\"Mayhem: Targeted Corruption of Register and Stack Variables (CVE-2023-42465)\", 2023.\n]-> https://seclists.org/oss-sec/2023/q4/309", "creation_timestamp": "2023-12-26T13:42:47.000000Z"}, {"uuid": "b0fb5110-5583-44ef-b1c9-c7d21b1ac3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42467", "type": "seen", "source": "https://t.me/cibsecurity/70184", "content": "\u203c CVE-2023-42467 \u203c\n\nQEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T07:21:47.000000Z"}, {"uuid": "dc4e3519-4224-496d-8fd5-d90facce5c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42465", "type": "seen", "source": "https://t.me/ctinow/158486", "content": "https://ift.tt/hau8iTq\nCVE-2023-42465", "creation_timestamp": "2023-12-22T17:23:40.000000Z"}]}