{"vulnerability": "CVE-2023-2458", "sightings": [{"uuid": "7a6e2db7-7c1d-4092-b2f5-5ecb092a4ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24584", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24584\n\ud83d\udd39 Description: \nController 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. \n\n\n\n\nThis issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a,\u00a0all versions of vCR8.40 and prior.\n\n\n\ud83d\udccf Published: 2023-06-01T04:08:35.754Z\n\ud83d\udccf Modified: 2025-01-10T18:47:07.773Z\n\ud83d\udd17 References:\n1. https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584", "creation_timestamp": "2025-01-10T19:07:57.000000Z"}, {"uuid": "65115922-eecb-4a04-a610-0b78d5442562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24580", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7984", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24580\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.\n\ud83d\udccf Published: 2023-02-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T19:24:32.509Z\n\ud83d\udd17 References:\n1. https://groups.google.com/forum/#%21forum/django-announce\n2. https://docs.djangoproject.com/en/4.1/releases/security/\n3. http://www.openwall.com/lists/oss-security/2023/02/14/1\n4. https://www.djangoproject.com/weblog/2023/feb/14/security-releases/\n5. https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/\n7. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/\n8. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/\n9. https://security.netapp.com/advisory/ntap-20230316-0006/\n10. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/\n11. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/", "creation_timestamp": "2025-03-18T19:49:00.000000Z"}, {"uuid": "1e0078b9-21ab-4329-9594-e2abdc925f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24588", "type": "seen", "source": "https://t.me/arpsyndicate/2322", "content": "#ExploitObserverAlert\n\nCVE-2023-24588\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-24588. Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nFIRST-EPSS: 0.000540000\nNVD-IS: 3.6\nNVD-ES: 0.9", "creation_timestamp": "2024-01-03T13:37:39.000000Z"}, {"uuid": "7e6db442-789a-4007-8d39-60df16e9ff27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24589", "type": "seen", "source": "https://t.me/ctinow/201155", "content": "https://ift.tt/Q09dcKV\nCVE-2023-24589 | Intel Thunderbolt DCH Drivers on Windows unknown vulnerability (intel-sa-00851)", "creation_timestamp": "2024-03-06T09:37:09.000000Z"}, {"uuid": "69f2b098-927b-406c-a612-ef1dd8ed92a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24580", "type": "seen", "source": "https://t.me/cibsecurity/58200", "content": "\u203c CVE-2023-24580 \u203c\n\nAn issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:11.000000Z"}, {"uuid": "b6a254a1-b39b-4fcf-bf21-409164d85a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2458", "type": "seen", "source": "https://t.me/cibsecurity/64055", "content": "\u203c CVE-2023-2458 \u203c\n\nUse after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T22:27:08.000000Z"}, {"uuid": "a23ee88a-b423-4c8a-a004-fdf8dbde8716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24581", "type": "seen", "source": "https://t.me/cibsecurity/58087", "content": "\u203c CVE-2023-24581 \u203c\n\nA vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T14:36:02.000000Z"}]}