{"vulnerability": "cve-2023-3297", "sightings": [{"uuid": "69ef1dc0-4b1a-4220-b4f6-dedf70851d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32971", "type": "seen", "source": "https://t.me/kasraone_com/535", "content": "\ud83d\udd34 CVE \n\n\nCVE-2023-32971\n\n\n \u06af\u0632\u0627\u0631\u0634 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u06cc\u06a9 \u06a9\u067e\u06cc \u0628\u0627\u0641\u0631 \u0628\u062f\u0648\u0646 \u0628\u0631\u0631\u0633\u06cc \u0627\u0646\u062f\u0627\u0632\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0648\u0631\u0648\u062f\u06cc \u0628\u0631 \u0686\u0646\u062f\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 QNAP \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \u0627\u06af\u0631 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0634\u0648\u062f \u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0645\u0639\u062a\u0628\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u06a9\u062f \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0634\u0628\u06a9\u0647 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f.\n\n\n\u0642\u0628\u0644\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0632\u06cc\u0631 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f :\n\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later", "creation_timestamp": "2025-01-02T21:28:46.000000Z"}, {"uuid": "4135c992-db24-4019-9222-c3365507a75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3297", "type": "seen", "source": "https://t.me/cibsecurity/69696", "content": "\u203c CVE-2023-3297 \u203c\n\nIn Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-02T00:14:12.000000Z"}, {"uuid": "7a25c14a-cfff-453b-a3ae-f00f498c0a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32972", "type": "seen", "source": "https://t.me/cibsecurity/71743", "content": "\u203c CVE-2023-32972 \u203c\n\nA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T20:13:43.000000Z"}, {"uuid": "c5b5ab5f-fff5-4f05-b35c-1c8414672a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32971", "type": "seen", "source": "https://t.me/cibsecurity/71742", "content": "\u203c CVE-2023-32971 \u203c\n\nA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T20:13:42.000000Z"}, {"uuid": "2fdde9a1-5a17-457d-b526-22c95e077cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32975", "type": "seen", "source": "https://t.me/ctinow/161081", "content": "https://ift.tt/pRh1t2K\nCVE-2023-32975 | QNAP QTS/QuTS hero buffer overflow (qsa-23-07)", "creation_timestamp": "2023-12-31T13:41:46.000000Z"}, {"uuid": "ae54b156-877f-48e1-8460-77975be141e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32977", "type": "seen", "source": "https://t.me/cibsecurity/64238", "content": "\u203c CVE-2023-32977 \u203c\n\nJenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:52.000000Z"}, {"uuid": "ff5345b9-e869-4b9a-babc-b133cfabd3cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32979", "type": "seen", "source": "https://t.me/cibsecurity/64223", "content": "\u203c CVE-2023-32979 \u203c\n\nJenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:37.000000Z"}]}