{"vulnerability": "cve-2023-2284", "sightings": [{"uuid": "d8005a2e-c70a-493f-9af8-62af60fa4005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22847", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6725", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.\n\ud83d\udccf Published: 2023-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T16:57:41.724Z\n\ud83d\udd17 References:\n1. https://github.com/sraoss/pg_ivm\n2. https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\n3. https://jvn.jp/en/jp/JVN19872280/", "creation_timestamp": "2025-03-06T17:34:50.000000Z"}, {"uuid": "432660a3-49d1-4b17-bb6a-8dab0f63afad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22849", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8740", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22849\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features.\n\nUpgrade to Apache Sling App CMS >= 1.1.6\n\n\ud83d\udccf Published: 2023-02-04T20:37:05.831Z\n\ud83d\udccf Modified: 2025-03-25T18:51:46.346Z\n\ud83d\udd17 References:\n1. https://sling.apache.org/news.html", "creation_timestamp": "2025-03-25T19:24:53.000000Z"}, {"uuid": "e5e519af-6699-4f57-a67a-b5010e2edc7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22842", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8930", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22842\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udccf Published: 2023-02-01T17:56:36.634Z\n\ud83d\udccf Modified: 2025-03-26T17:47:52.262Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K08182564", "creation_timestamp": "2025-03-26T18:25:41.000000Z"}, {"uuid": "48990233-c5ad-4bff-b448-7d89d7b1e583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22847", "type": "seen", "source": "Telegram/isTNTwh1CXJNBXzuBWODNrtgZ1SzGG1pwcAd7hU19N830gTe", "content": "", "creation_timestamp": "2025-03-08T04:34:10.000000Z"}, {"uuid": "89c747ed-5283-4aa8-a725-b957389a8fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22846", "type": "seen", "source": "https://t.me/cibsecurity/62544", "content": "\u203c CVE-2023-22846 \u203c\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T22:30:55.000000Z"}, {"uuid": "062d3b72-679e-4a92-80eb-bd4cc84b9288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22845", "type": "seen", "source": "https://t.me/cibsecurity/61185", "content": "\u203c CVE-2023-22845 \u203c\n\nAn out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T20:35:54.000000Z"}, {"uuid": "be4d187b-88a1-4809-ba9f-de298ad2f841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22848", "type": "seen", "source": "https://t.me/ctinow/201151", "content": "https://ift.tt/deQnSIl\nCVE-2023-22848 | Intel Thunderbolt DCH Drivers on Windows denial of service (intel-sa-00851)", "creation_timestamp": "2024-03-06T09:37:05.000000Z"}, {"uuid": "907b5d54-361c-43d1-adf0-f8d114e1df8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22840", "type": "seen", "source": "https://t.me/cibsecurity/68316", "content": "\u203c CVE-2023-22840 \u203c\n\nImproper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:32:34.000000Z"}, {"uuid": "e8907dc2-d038-4371-bfb0-27e7139478c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22841", "type": "seen", "source": "https://t.me/cibsecurity/68309", "content": "\u203c CVE-2023-22841 \u203c\n\nUnquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:32:24.000000Z"}, {"uuid": "bb2e8bff-dee1-47d8-afa4-414e8c0e5abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22843", "type": "seen", "source": "https://t.me/cibsecurity/68074", "content": "\u203c CVE-2023-22843 \u203c\n\nAn authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.The injected code will be executed in the context of the authenticated victim's session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T12:16:17.000000Z"}, {"uuid": "7bc187a3-ef79-4999-9f32-8c165c7854f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22844", "type": "seen", "source": "https://t.me/cibsecurity/66131", "content": "\u203c CVE-2023-22844 \u203c\n\nAn authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T18:36:28.000000Z"}, {"uuid": "d4dcccea-045b-481c-99ef-d7c6c39a99eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22842", "type": "seen", "source": "https://t.me/cibsecurity/57334", "content": "\u203c CVE-2023-22842 \u203c\n\nOn BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T20:14:34.000000Z"}]}