{"vulnerability": "cve-2023-2913", "sightings": [{"uuid": "de013e68-caef-49ed-ac85-990d7478d2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2913", "type": "seen", "source": "https://t.me/cibsecurity/66959", "content": "\u203c CVE-2023-2913 \u203c\n\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u00e2\u20ac\u2122s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:17.000000Z"}, {"uuid": "d7c9b797-fad0-4b19-bd5b-76d5df97424d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29130", "type": "seen", "source": "https://t.me/cibsecurity/66345", "content": "\u203c CVE-2023-29130 \u203c\n\nA vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:30.000000Z"}, {"uuid": "59b56da3-cf1d-4cf6-a54b-2ec3237ccc41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29131", "type": "seen", "source": "https://t.me/cibsecurity/66357", "content": "\u203c CVE-2023-29131 \u203c\n\nA vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T14:29:50.000000Z"}, {"uuid": "c6f74bbb-ddf6-4948-ab9e-70de178cf624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29132", "type": "seen", "source": "https://t.me/cibsecurity/62106", "content": "\u203c CVE-2023-29132 \u203c\n\nIrssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:39.000000Z"}, {"uuid": "c611732b-280b-41c2-af2f-2182f6da5916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29139", "type": "seen", "source": "https://t.me/cibsecurity/61277", "content": "\u203c CVE-2023-29139 \u203c\n\nAn issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T22:22:28.000000Z"}, {"uuid": "18d5bb2b-d0a2-4c9c-a206-d6db30d27254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29137", "type": "seen", "source": "https://t.me/cibsecurity/61273", "content": "\u203c CVE-2023-29137 \u203c\n\nAn issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T22:22:24.000000Z"}]}