{"vulnerability": "CVE-2023-3346", "sightings": [{"uuid": "ba7c015d-47ab-4771-aeee-bd5816929377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12040", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files.\n\nhttps://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-servers-with-polyglot-files/", "creation_timestamp": "2023-11-29T22:26:03.000000Z"}, {"uuid": "41cb041b-3cec-4d02-9265-d516252bd005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/381", "content": "Top Security News for 25/10/2023\n\nCVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files\nhttps://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/ \n\n[Crypto] Why authenticated encryption and MAC is so important\nhttps://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/ \n\nEx-NSA Employee Pleads Guilty to Leaking Classified Data to Russia\nhttps://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html \n\nAI vs. human deceit: Unravelling the new age of phishing tactics\nhttps://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/ \n\nISC StormCast for Wednesday, October 25th, 2023\nhttps://isc.sans.edu/podcastdetail/8716 \n\nMake API Management Less Scary for Your Organization\nhttps://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html \n\nTwo new things to worry about: how long it takes to read the fine print, and bed bug disinformation.\nhttps://thecyberwire.com/podcasts/daily-podcast/1933/notes \n\nGoogle Chrome wants to hide your IP address\nhttps://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome \n\nAmazon adds passkeys so you can sign in without a pesky password\nhttps://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1 \n\nNow Android and Windows devices aren't safe from Flipper Zero either\nhttps://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-10-25T07:00:06.000000Z"}, {"uuid": "28b68790-fe16-46e5-940a-b36f71642521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33461", "type": "seen", "source": "https://t.me/arpsyndicate/2939", "content": "#ExploitObserverAlert\n\nCVE-2023-33461\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-33461. iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 3.6\nNVD-ES: 1.8", "creation_timestamp": "2024-01-19T16:35:26.000000Z"}, {"uuid": "4d14f9f5-ae46-41af-9d7a-92bd74e7b82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "seen", "source": "https://t.me/arpsyndicate/876", "content": "#ExploitObserverAlert\n\nCVE-2023-33466\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-33466. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).\n\nFIRST-EPSS: 0.001290000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-02T01:49:47.000000Z"}, {"uuid": "5e27b657-5856-48b4-9237-dd877c22bfa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "seen", "source": "https://t.me/cibsecurity/65721", "content": "\u203c CVE-2023-33466 \u203c\n\nOrthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T18:14:26.000000Z"}, {"uuid": "de451139-d4c8-4f6f-a357-e7ab0c21b669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33468", "type": "seen", "source": "https://t.me/cibsecurity/68142", "content": "\u203c CVE-2023-33468 \u203c\n\nKramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T00:15:11.000000Z"}, {"uuid": "a1a32e30-76a5-4da9-a350-0c713c2bb5ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33469", "type": "seen", "source": "https://t.me/cibsecurity/68140", "content": "\u203c CVE-2023-33469 \u203c\n\nIn instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T00:15:09.000000Z"}, {"uuid": "d964623c-c2c7-4480-9ee0-b0bd052c2299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3346", "type": "seen", "source": "https://t.me/cibsecurity/67632", "content": "\u203c CVE-2023-3346 \u203c\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T12:39:58.000000Z"}]}