{"vulnerability": "cve-2023-2232", "sightings": [{"uuid": "6dc61e13-b8df-4818-90bc-11637476ccb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22325", "type": "seen", "source": "https://t.me/cibsecurity/72181", "content": "\u203c CVE-2023-22325 \u203c\n\nA denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-12T20:23:19.000000Z"}, {"uuid": "b184dfad-28ab-4e56-8519-a9826f4be710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22322", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9192", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22322\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.\n\ud83d\udccf Published: 2023-01-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T20:17:03.881Z\n\ud83d\udd17 References:\n1. https://jvn.jp/en/vu/JVNVU94200979/", "creation_timestamp": "2025-03-27T20:27:08.000000Z"}, {"uuid": "760dd966-dba2-4c5a-9d38-3064382de19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22324", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9352", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22324\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.\n\ud83d\udccf Published: 2023-01-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T14:08:12.248Z\n\ud83d\udd17 References:\n1. https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b\n2. https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230124_en.pdf\n3. https://jvn.jp/en/vu/JVNVU97195023/", "creation_timestamp": "2025-03-28T14:27:35.000000Z"}, {"uuid": "d84abba4-416c-4fc5-b8d5-70575a04aae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22321", "type": "seen", "source": "https://t.me/cibsecurity/62542", "content": "\u203c CVE-2023-22321 \u203c\n\nDatakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T22:30:53.000000Z"}, {"uuid": "5da040ef-a00b-4060-9160-5c375dbf8112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22326", "type": "seen", "source": "https://t.me/cibsecurity/57319", "content": "\u203c CVE-2023-22326 \u203c\n\nIn BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T20:14:16.000000Z"}, {"uuid": "7cf02fac-d233-4dd0-aaab-011cd34e77c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22322", "type": "seen", "source": "https://t.me/cibsecurity/57156", "content": "\u203c CVE-2023-22322 \u203c\n\nImproper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T12:37:17.000000Z"}, {"uuid": "6dbbede9-cd00-41bd-a117-5035c808db0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22324", "type": "seen", "source": "https://t.me/cibsecurity/57150", "content": "\u203c CVE-2023-22324 \u203c\n\nSQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T12:37:10.000000Z"}, {"uuid": "46d233ab-7d3e-4449-a742-384dbdd36a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22320", "type": "seen", "source": "https://t.me/cibsecurity/56212", "content": "\u203c CVE-2023-22320 \u203c\n\nOpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T07:28:12.000000Z"}]}