{"vulnerability": "CVE-2023-2560", "sightings": [{"uuid": "69f79617-dd9b-4096-8ed8-54381e59f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25608", "type": "seen", "source": "https://t.me/cibsecurity/70381", "content": "\u203c CVE-2023-25608 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:48.000000Z"}, {"uuid": "0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25600", "type": "seen", "source": "https://t.me/cibsecurity/67690", "content": "\u203c CVE-2023-25600 \u203c\n\nAn issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:11.000000Z"}, {"uuid": "ce1d5590-df26-4a3a-9f5a-3b8d3896ef60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25606", "type": "seen", "source": "https://t.me/cibsecurity/66404", "content": "\u203c CVE-2023-25606 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal')\u00c2\u00a0vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface\u00c2\u00a07.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 \u00c2\u00a0all versions may allow a remote and\u00c2\u00a0authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:40.000000Z"}, {"uuid": "4da02d66-408d-4648-b684-ff0cd9789d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25601", "type": "seen", "source": "https://t.me/cibsecurity/62533", "content": "\u203c CVE-2023-25601 \u203c\n\nOn version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T20:30:45.000000Z"}, {"uuid": "f57e67e0-9f1b-49aa-83fc-4ef0555d9763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25605", "type": "seen", "source": "https://t.me/cibsecurity/59594", "content": "\u203c CVE-2023-25605 \u203c\n\nA improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:30.000000Z"}]}