{"vulnerability": "CVE-2023-2237", "sightings": [{"uuid": "ebf359ce-7baa-460c-91cc-b6500ace4ef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22372", "type": "seen", "source": "https://t.me/arpsyndicate/531", "content": "#ExploitObserverAlert\n\nCVE-2023-22372\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22372. In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 3.6\nNVD-ES: 2.2", "creation_timestamp": "2023-11-24T14:38:14.000000Z"}, {"uuid": "b56993a3-d418-4dd0-ba01-6c5bcb4d971f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8924", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22374\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n\ud83d\udccf Published: 2023-02-01T17:54:46.798Z\n\ud83d\udccf Modified: 2025-03-26T17:51:00.789Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000130415", "creation_timestamp": "2025-03-26T18:25:35.000000Z"}, {"uuid": "98bec118-4fc9-45fc-9eb3-83958fde90e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/kasperskyb2b/445", "content": "\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0443\u044e \u043d\u0435\u0434\u0435\u043b\u044e \u23ec\n\n\ud83d\udcbb \u0414\u0435\u0444\u0438\u0446\u0438\u0442 \u0418\u0422-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043e\u0449\u0443\u0449\u0430\u0435\u0442\u0441\u044f \u0434\u0430\u0436\u0435 \u0443 \u043a\u0438\u0431\u0435\u0440\u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0430. \u041f\u043e \u043d\u0430\u0448\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443, \u0432 \u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u043e\u0445\u043e\u0442\u043d\u0435\u0439 \u0432\u0441\u0435\u0433\u043e \u043d\u0430\u043d\u0438\u043c\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 (61% \u0432\u0441\u0435\u0445 \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u0438\u0439 \u043d\u0430 \u0434\u0430\u0440\u043a\u043d\u0435\u0442-\u0444\u043e\u0440\u0443\u043c\u0430\u0445), \u0430 \u0441\u0430\u043c\u0443\u044e \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u043c\u0435\u0434\u0438\u0430\u043d\u043d\u0443\u044e \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u0443 \u0441\u0443\u043b\u044f\u0442 \u0440\u0435\u0432\u0435\u0440\u0441\u0435\u0440\u0430\u043c. \u041d\u043e \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0439\u0434\u0451\u0442\u0441\u044f \u0438 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u043e\u0432, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0438 \u0434\u0430\u0436\u0435 \u0434\u0438\u0437\u0430\u0439\u043d\u0435\u0440\u043e\u0432. \u0412 \u0441\u043e\u0446\u043f\u0430\u043a\u0435\u0442, \u0440\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u0432\u0445\u043e\u0434\u0438\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u0438\u0434\u043a\u0438.\n\n\u203c\ufe0f \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0420\u0424 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0430\u043b\u043e \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u044e \u0437\u0430\u043a\u043e\u043d\u043e\u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043e \u0432\u0432\u0435\u0434\u0435\u043d\u0438\u0438 \u0443\u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0439 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0437\u0430 \u043d\u0435\u0437\u0430\u043a\u043e\u043d\u043d\u044b\u0435 \u0441\u0431\u043e\u0440, \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0424\u043e\u0440\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u043a\u0438 \u0437\u0430\u043a\u043e\u043d\u0430 \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u043a\u0430 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0432 \u043a\u0430\u043a\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u043d\u0430 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0418\u0422 \u0438 \u0418\u0411, \u043f\u043e\u0434 \u043d\u0430\u0434\u0437\u043e\u0440\u043e\u043c \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 \u0443\u0442\u0435\u0447\u043a\u0430. \u041e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0448\u0443\u0442\u043e\u0447\u043d\u0430\u044f, \u0434\u043e \u0434\u0435\u0441\u044f\u0442\u0438 \u043b\u0435\u0442 \u0437\u0430 \u0440\u0435\u0448\u0435\u0442\u043a\u043e\u0439. \n\n\ud83e\ude7c \u0412\u0437\u043b\u043e\u043c GitHub, \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043d\u0435\u0434\u0435\u043b\u0438, \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 Atom \u0438 Desktop, \u0441\u043e\u0432\u0435\u0440\u0448\u0451\u043d\u043d\u044b\u043c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u0440\u0430\u0434\u0435\u043d\u044b\u0445 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u041f\u043e \u0442\u0435\u043a\u0443\u0449\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 GitHub \u0438 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438. \u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043d\u0435 \u0440\u0435\u0448\u0451\u043d\u043d\u0430\u044f \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u2013 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b GitHub, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438. \u0422\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u0438\u0437 \u043d\u0438\u0445 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c\u0438 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043a\u0440\u0430\u0436\u0438 (6 \u0434\u0435\u043a\u0430\u0431\u0440\u044f), \u043d\u043e \u0434\u0432\u0430 \u0438\u0441\u0442\u0435\u043a\u043b\u0438 \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c, \u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 MacOS, \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u0435\u043d \u0434\u043e 2027 \u0433\u043e\u0434\u0430, \u043d\u043e \u0443\u0436\u0435 \u043e\u0442\u043e\u0437\u0432\u0430\u043d 2 \u0444\u0435\u0432\u0440\u0430\u043b\u044f. \u0422\u0430\u043a\u0436\u0435 \u0432 \u0443\u0442\u0435\u0447\u043a\u0435 \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u043f\u0430\u0440\u043e\u043b\u044c, \u043d\u0443\u0436\u043d\u044b\u0439 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e GitHub, \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u0441\u043e \u0441\u0447\u0435\u0442\u043e\u0432. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c GitHub Desktop \u043d\u0443\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u0432\u0435\u0436\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u0443\u044e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c.\n\n\ud83d\udc8e \u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0440\u044b\u043d\u043a\u0435 \u0434\u0435\u0440\u0438\u0432\u0430\u0442\u0438\u0432\u043e\u0432. \u0410\u0442\u0430\u043a\u0430, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043d\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 LockBit, \u0432\u044b\u0432\u0435\u043b\u0430 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0447\u0430\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0434\u0443\u0431\u043b\u0438\u043d\u0441\u043a\u043e\u0439  ION Group, \u0442\u0440\u0435\u0439\u0434\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0438 \u0444\u0438\u043d\u0442\u0435\u0445-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u042d\u0442\u043e \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0438\u043b\u043e 42 \u043a\u0440\u0443\u043f\u043d\u044b\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0432 \u0421\u0428\u0410 \u0438 \u0415\u0432\u0440\u043e\u043f\u0435 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0442\u043e\u0440\u0433\u043e\u0432\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0438\u0442\u043e\u0433\u0435 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e.  \u0418\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u043e \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440\u044b. \u041f\u043e \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0439 \u043e\u0446\u0435\u043d\u043a\u0435, \u043e\u043d \u00ab\u043d\u0435 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432 \u0434\u043b\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u043a\u0442\u043e\u0440\u0430\u00bb, \u043d\u043e, \u043a\u0430\u043a \u044d\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442, \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0439 \u043c\u0430\u0441\u0448\u0442\u0430\u0431 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0430\u0442\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u043f\u043e\u0437\u0434\u043d\u0435\u0435. \u041f\u043e\u043a\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0440\u044f\u0434 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 ION, \u0430 \u044d\u0442\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0431\u0430\u043d\u043a\u0438, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0437\u0430\u043a\u0430\u0437\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043d\u044f\u0442\u044c \u0434\u043e \u043f\u044f\u0442\u0438 \u0434\u043d\u0435\u0439. \u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0432 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u043c \u0441\u0435\u043a\u0442\u043e\u0440\u0435, \u0443\u0432\u044b, \u0443\u0447\u0430\u0449\u0430\u044e\u0442\u0441\u044f.\n\n\ud83d\udcb6 \u0420\u0435\u043a\u043e\u0440\u0434\u044b DDoS  \u0437\u0430 2022 \u0433\u043e\u0434 \u0431\u044b\u043b\u0438 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0420\u043e\u0441\u0441\u0438\u0438. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0438 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0430 \u0430\u0442\u0430\u043a \u0437\u0430\u043c\u0435\u0447\u0435\u043d \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u0445 \u2013 FS-ISAC \u043e\u0442\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0435\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u043a\u0438\u0435 \u0431\u0430\u043d\u043a\u0438 \u043e\u0442\u0440\u0430\u0437\u0438\u043b\u0438 \u043d\u0430 73% \u0431\u043e\u043b\u044c\u0448\u0435 DDoS.\n\n\ud83d\udddc \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c NAS \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0430 QNAP \u0441\u043d\u043e\u0432\u0430 \u0432\u044b\u043d\u0443\u0436\u0434\u0435\u043d\u044b \u0441\u0440\u043e\u0447\u043d\u043e \u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f. SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c NAS, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442. \u0422\u0430\u043a\u0430\u044f \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u043e\u043a\u043e\u043b\u043e 30 \u0442\u044b\u0441\u044f\u0447 \u0440\u0430\u0437. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0430 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 QNAP \u0443\u0436\u0435 \u043d\u0435 \u0440\u0430\u0437 \u043f\u043e\u043a\u0443\u0448\u0430\u043b\u0438\u0441\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b ransomware.\n \n\ud83d\udee0 \u041d\u0435\u0434\u0435\u043b\u044f \u0431\u044b\u043b\u0430 \u0431\u043e\u0433\u0430\u0442\u0430 \u043d\u0430 enterprise-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.  \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f (CVE-2023-22501, CVSS 9.4) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Jira Service Management Center \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0431\u0430\u0433 Cisco IOx (CVE-2023-20076, CVSS 7.2) \u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u043a\u043e\u0434\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043a\u0430\u043a root \u043d\u0430 \u0445\u043e\u0441\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0430 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 F5 BIG-IP (CVE-2023-22374) \u0433\u0440\u043e\u0437\u044f\u0442 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.", "creation_timestamp": "2023-02-07T10:17:47.000000Z"}, {"uuid": "97f2a581-3353-4b21-b21a-453129420cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/arpsyndicate/2796", "content": "#ExploitObserverAlert\n\nCVE-2023-22374\n\nDESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-22374. A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 6.0\nNVD-ES: 1.8", "creation_timestamp": "2024-01-15T16:58:14.000000Z"}, {"uuid": "6120a212-4f2c-45b1-9f70-19082a78c006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/theninjaway1337/1229", "content": "CVE-2023-22374: F5 BIG-IP Format String Vulnerability\n\nWhile following up our\u00a0previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our\u00a0vulnerability disclosure policy.\n\nhttps://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/", "creation_timestamp": "2023-02-07T20:02:37.000000Z"}, {"uuid": "187b0844-59f1-4aa5-b927-3cdfea325cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/true_secator/4024", "content": "F5 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 BIG-IP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f RCE.\n\nCVE-2023-22374 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 iControl SOAP, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0441\u0432\u044f\u0437\u044c \u043c\u0435\u0436\u0434\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u043c\u0438 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root. \n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 SOAP \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0438\u0437 \u0441\u0435\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0440\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f BIG-IP \u0438\u043b\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 7,5 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c BIG-IP \u0432 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 8,5 \u0434\u043b\u044f \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u041e \u0434\u0435\u0444\u0435\u043a\u0442\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 Rapid7, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0432\u0441\u0442\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0442\u0440\u043e\u043a\u0438 \u0444\u043e\u0440\u043c\u0430\u0442\u0430 \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044e syslog, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0441\u043b\u0443\u0436\u0431\u0430 \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 \u043f\u0430\u043c\u044f\u0442\u0438, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0441\u044b\u043b\u0430\u0435\u0442\u0441\u044f \u0441\u0442\u0435\u043a.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u044e\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u044c, \u0435\u0441\u043b\u0438 \u0443 \u043d\u0435\u0433\u043e \u043d\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u043c\u0443 \u0436\u0443\u0440\u043d\u0430\u043b\u0443.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u0441\u043b\u0443\u0436\u0431\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u00ab%s\u00bb \u0438 \u00ab%n\u00bb \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043b\u044e\u0431\u043e\u0439 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u0432 \u0441\u0442\u0435\u043a\u0435, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0440\u0435\u0434\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442. \n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435\u043c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0431\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430. \u041e\u043f\u044b\u0442\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c RCE-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 F5 BIG-IP \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 BIG-IP 13.1.5, \u0441 14.1.4.6 \u043f\u043e 14.1.5, \u0441 15.1.5.1 \u043f\u043e 15.1.8, \u0441 16.1.2.2 \u043f\u043e 16.1.3 \u0438 17.0.0. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u0434\u043e\u0441\u0442\u0443\u043f \u043a iControl SOAP API \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438.", "creation_timestamp": "2023-02-03T16:00:10.000000Z"}, {"uuid": "01621198-ec20-45d3-a99f-12be6c04a732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22378", "type": "seen", "source": "https://t.me/cibsecurity/68072", "content": "\u203c CVE-2023-22378 \u203c\n\nA blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T12:16:09.000000Z"}, {"uuid": "61d2fda8-2795-4684-a6d3-b95c09d0ee07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22373", "type": "seen", "source": "https://t.me/cibsecurity/56742", "content": "\u203c CVE-2023-22373 \u203c\n\nCross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T07:22:13.000000Z"}, {"uuid": "f80c22fb-bf17-49cd-a958-60b1c825f94e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22374", "type": "seen", "source": "https://t.me/cibsecurity/57323", "content": "\u203c CVE-2023-22374 \u203c\n\nIn BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T20:14:19.000000Z"}, {"uuid": "ed4afb88-224d-4434-b021-4de76dd9034a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22377", "type": "seen", "source": "https://t.me/cibsecurity/58202", "content": "\u203c CVE-2023-22377 \u203c\n\nImproper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:16.000000Z"}, {"uuid": "50c03720-8637-42a5-a9e2-e8263789a88f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22376", "type": "seen", "source": "https://t.me/cibsecurity/58059", "content": "\u203c CVE-2023-22376 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T07:30:34.000000Z"}, {"uuid": "caa1f1f6-daf5-40e6-bbbd-8df8215a1878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22375", "type": "seen", "source": "https://t.me/cibsecurity/58057", "content": "\u203c CVE-2023-22375 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T07:30:29.000000Z"}, {"uuid": "5aec9674-2347-4750-8d2d-f15e437d96b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22370", "type": "seen", "source": "https://t.me/cibsecurity/58048", "content": "\u203c CVE-2023-22370 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T07:30:18.000000Z"}]}