{"vulnerability": "CVE-2023-3825", "sightings": [{"uuid": "b52079a8-da0f-4f08-bcdf-eb9a21e9486e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3825", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-04", "content": "", "creation_timestamp": "2025-01-30T11:00:00.000000Z"}, {"uuid": "83e19c85-7703-473a-994d-11e044ad8f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3825", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113908308068172337", "content": "", "creation_timestamp": "2025-01-28T22:20:45.975203Z"}, {"uuid": "e787f0e9-793c-488c-a228-0acc14f825c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38251", "type": "seen", "source": "https://t.me/cibsecurity/72224", "content": "\u203c CVE-2023-38251 \u203c\n\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T12:28:55.000000Z"}, {"uuid": "d3c100bb-448b-4125-8e49-ef0bc52ab3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38252", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38252\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-07-14T18:15:10.990\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2023-38252\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2222775\n3. https://github.com/tats/w3m/issues/270\n4. https://access.redhat.com/security/cve/CVE-2023-38252\n5. https://bugzilla.redhat.com/show_bug.cgi?id=2222775\n6. https://github.com/tats/w3m/issues/270\n7. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/\n8. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/\n9. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", "creation_timestamp": "2025-02-08T06:03:07.000000Z"}, {"uuid": "0d2acca8-2bdc-4a8e-b30a-bbf51f25961b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38250", "type": "seen", "source": "https://t.me/cibsecurity/72218", "content": "\u203c CVE-2023-38250 \u203c\n\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T12:28:49.000000Z"}, {"uuid": "0635260d-98b7-447f-85ed-8a86807ffaea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38250", "type": "seen", "source": "https://t.me/arpsyndicate/2423", "content": "#ExploitObserverAlert\n\nCVE-2023-38250\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38250. Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.\n\nFIRST-EPSS: 0.000790000\nNVD-IS: 5.9\nNVD-ES: 0.7", "creation_timestamp": "2024-01-04T03:53:23.000000Z"}, {"uuid": "e2ab456b-6fc6-4531-ac27-0f1c4e802aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38255", "type": "seen", "source": "https://t.me/cibsecurity/70675", "content": "\u203c CVE-2023-38255 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T00:28:45.000000Z"}, {"uuid": "a579936d-8b8f-4a45-82df-f748724e0fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38257", "type": "seen", "source": "https://t.me/cibsecurity/66936", "content": "\u203c CVE-2023-38257 \u203c\n\nIagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T22:31:10.000000Z"}, {"uuid": "87b5d2d7-eee9-42ac-9b1a-ae4979ba8e33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38253", "type": "seen", "source": "https://t.me/cibsecurity/66748", "content": "\u203c CVE-2023-38253 \u203c\n\nAn out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-14T22:22:37.000000Z"}, {"uuid": "e3e53755-2e69-4e49-b3b2-636039acd76a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38254", "type": "seen", "source": "https://t.me/cibsecurity/68055", "content": "\u203c CVE-2023-38254 \u203c\n\nMicrosoft Message Queuing Denial of Service Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T22:20:32.000000Z"}, {"uuid": "251629ca-5f25-4d1c-bd09-cb0288f94c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38252", "type": "seen", "source": "https://t.me/cibsecurity/66745", "content": "\u203c CVE-2023-38252 \u203c\n\nAn out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-14T22:22:31.000000Z"}]}