{"vulnerability": "CVE-2023-3859", "sightings": [{"uuid": "09309db3-75df-4e75-a4de-8794fd7ee811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38596", "type": "seen", "source": "https://t.me/arpsyndicate/2971", "content": "#ExploitObserverAlert\n\nCVE-2023-38596\n\nDESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-38596. The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.\n\nFIRST-EPSS: 0.000540000\nNVD-IS: 3.6\nNVD-ES: 1.8", "creation_timestamp": "2024-01-26T14:42:53.000000Z"}, {"uuid": "ec4b5cbe-bd35-4684-b00e-6c565e0490fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38598", "type": "seen", "source": "https://t.me/cibsecurity/67373", "content": "\u203c CVE-2023-38598 \u203c\n\nA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T13:31:28.000000Z"}, {"uuid": "2bdb942a-01dc-406a-ace7-b7f1e9cd6e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38590", "type": "seen", "source": "https://t.me/cibsecurity/67358", "content": "\u203c CVE-2023-38590 \u203c\n\nA buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-29T01:47:08.000000Z"}, {"uuid": "70ac82c7-064f-4147-9370-3cca67b25057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38599", "type": "seen", "source": "https://t.me/cibsecurity/67356", "content": "\u203c CVE-2023-38599 \u203c\n\nA logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T12:29:13.000000Z"}, {"uuid": "50f44286-6b74-49e6-878c-0ee1e6005d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38592", "type": "seen", "source": "https://t.me/cibsecurity/67355", "content": "\u203c CVE-2023-38592 \u203c\n\nA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T12:29:12.000000Z"}, {"uuid": "f2466eb4-8bc4-417c-9d41-cada03bd4266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3859", "type": "seen", "source": "https://t.me/cibsecurity/67141", "content": "\u203c CVE-2023-3859 \u203c\n\nA vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-24T07:25:54.000000Z"}]}