{"vulnerability": "CVE-2023-3365", "sightings": [{"uuid": "93a416a4-d158-4f9a-b3c8-9d2cae81ef61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33659", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/707", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33659\n\ud83d\udd39 Description: A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.\n\ud83d\udccf Published: 2023-06-06T00:00:00\n\ud83d\udccf Modified: 2025-01-08T16:03:48.382Z\n\ud83d\udd17 References:\n1. https://github.com/emqx/nanomq\n2. https://github.com/emqx/nanomq/issues/1154\n3. https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1", "creation_timestamp": "2025-01-08T16:13:53.000000Z"}, {"uuid": "c7eaf8f9-fd34-4767-85cf-926fe7813b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33652", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/704", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33652\n\ud83d\udd39 Description: Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.\n\ud83d\udccf Published: 2023-06-06T00:00:00\n\ud83d\udccf Modified: 2025-01-08T14:38:32.693Z\n\ud83d\udd17 References:\n1. https://blog.assetnote.io/2023/05/10/sitecore-round-two/", "creation_timestamp": "2025-01-08T15:14:18.000000Z"}, {"uuid": "fea480fe-ce4e-4236-906a-4f2357ab02f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3365", "type": "seen", "source": "https://t.me/cibsecurity/67874", "content": "\u203c CVE-2023-3365 \u203c\n\nThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T18:13:45.000000Z"}, {"uuid": "9bcbb1ef-f74b-4b94-93b4-51c9990e2969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33651", "type": "seen", "source": "https://t.me/cibsecurity/65015", "content": "\u203c CVE-2023-33651 \u203c\n\nAn issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-06T22:29:29.000000Z"}, {"uuid": "381b68fb-b8d9-4073-b87e-cedb5dc30990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33656", "type": "seen", "source": "https://t.me/cibsecurity/64793", "content": "\u203c CVE-2023-33656 \u203c\n\nA memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-30T22:18:48.000000Z"}, {"uuid": "8ee6694d-f4f7-4558-bebf-b5cf7da48627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33657", "type": "seen", "source": "https://t.me/cibsecurity/65068", "content": "\u203c CVE-2023-33657 \u203c\n\nA use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-08T16:15:58.000000Z"}]}