{"vulnerability": "cve-2023-4029", "sightings": [{"uuid": "3c9b136d-a012-41cc-90b7-04d7d0232e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40299", "type": "seen", "source": "https://t.me/cibsecurity/71653", "content": "\u203c CVE-2023-40299 \u203c\n\nKong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-05T02:12:14.000000Z"}, {"uuid": "d9b2b058-0e86-4be3-8a64-441239b3ecfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40295", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4920", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aProof of concept for CVE-2023-40294 and CVE-2023-40295\nURL\uff1ahttps://github.com/Halcy0nic/CVE-2023-40294-and-CVE-2023-40295\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-14T05:15:15.000000Z"}, {"uuid": "a27c53f6-1733-4a11-9eeb-806677b6501c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40294", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4920", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aProof of concept for CVE-2023-40294 and CVE-2023-40295\nURL\uff1ahttps://github.com/Halcy0nic/CVE-2023-40294-and-CVE-2023-40295\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-14T05:15:15.000000Z"}, {"uuid": "97dc3081-143c-451b-98c3-78f61723c7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40296", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4921", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aProof of Concept for CVE-2023-40296\nURL\uff1ahttps://github.com/Halcy0nic/CVE-2023-40296\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-14T05:30:14.000000Z"}, {"uuid": "225a8558-3238-4f59-a9d7-78aba3b1cc9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40290", "type": "seen", "source": "Telegram/1ijNbUbO8yc9BpkvNnkSlSSRpt94dd66KRvmrGADFgP41g", "content": "", "creation_timestamp": "2023-10-06T09:19:18.000000Z"}, {"uuid": "966b5dc8-7b5e-4326-baa6-4f8f650489f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40290", "type": "seen", "source": "https://t.me/KomunitiSiber/895", "content": "Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities\nhttps://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html\n\nMultiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.\nThe seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly", "creation_timestamp": "2023-10-06T09:18:47.000000Z"}, {"uuid": "901a9dfd-8712-48a1-a5e5-00bbc7ebb664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4029", "type": "seen", "source": "https://t.me/cibsecurity/68771", "content": "\u203c CVE-2023-4029 \u203c\n\nA buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T20:37:34.000000Z"}, {"uuid": "c1981f97-0a75-4dd1-9609-56139a2f4b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40290", "type": "seen", "source": "https://t.me/thehackernews/3973", "content": "\ud83d\udea8 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access. \n \nRead: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html \n \nIs your system one of the 70,000 exposed?", "creation_timestamp": "2023-10-06T08:11:16.000000Z"}, {"uuid": "4a453cd4-d28d-44db-b78c-352a8298db87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40294", "type": "seen", "source": "https://t.me/cibsecurity/68421", "content": "\u203c CVE-2023-40294 \u203c\n\nlibboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:16.000000Z"}, {"uuid": "5716fc2b-39ee-410b-aa9b-24c18da2fed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40296", "type": "seen", "source": "https://t.me/cibsecurity/68418", "content": "\u203c CVE-2023-40296 \u203c\n\nasync-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:10.000000Z"}, {"uuid": "453bfd44-653e-452d-ba98-b6f356241110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40292", "type": "seen", "source": "https://t.me/cibsecurity/68417", "content": "\u203c CVE-2023-40292 \u203c\n\nHarman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:09.000000Z"}, {"uuid": "6775ac2d-fbeb-4ff6-829e-1968532927e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40293", "type": "seen", "source": "https://t.me/cibsecurity/68416", "content": "\u203c CVE-2023-40293 \u203c\n\nHarman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:08.000000Z"}, {"uuid": "9446ab71-8f72-41bf-873b-aaf73d6c7a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40295", "type": "seen", "source": "https://t.me/cibsecurity/68412", "content": "\u203c CVE-2023-40295 \u203c\n\nlibboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:01.000000Z"}, {"uuid": "e0d7ff8c-8c46-4552-bed3-7159012fee7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40291", "type": "seen", "source": "https://t.me/cibsecurity/68411", "content": "\u203c CVE-2023-40291 \u203c\n\nHarman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:00.000000Z"}, {"uuid": "ccfa0bdd-900a-4a29-9ffa-fc4a87efe23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40296", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8851", "content": "#exploit\n1. CVE-2023-40296:\nasync-sockets-cpp &lt;0.3.1 - buffer overflow vulnerability\nhttps://github.com/Halcy0nic/CVE-2023-40296\n\n2. CVE-2023-4201/4203:\nAdvantech EKI-1524-CE/1522/1521 - Cross Site Scripting\nhttps://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html", "creation_timestamp": "2023-08-15T10:59:01.000000Z"}]}