-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-01-13T03:00:25.159356+00:00
- Loading branch information
1 parent
e45af9d
commit 1a9d989
Showing
28 changed files
with
1,612 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "id": "CVE-2023-33472", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T02:15:07.060", | ||
| "lastModified": "2024-01-13T02:15:07.060", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://hev0x.github.io/posts/scadalts-cve-2023-33472/", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,8 +2,12 @@ | |
| "id": "CVE-2023-46805", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-12T17:15:09.530", | ||
| "lastModified": "2024-01-12T20:46:59.220", | ||
| "lastModified": "2024-01-13T02:00:00.970", | ||
| "vulnStatus": "Analyzed", | ||
| "cisaExploitAdd": "2024-01-10", | ||
| "cisaActionDue": "2024-01-31", | ||
| "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", | ||
| "cisaVulnerabilityName": "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "id": "CVE-2023-46942", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T02:15:07.153", | ||
| "lastModified": "2024-01-13T02:15:07.153", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-46942/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "id": "CVE-2023-46943", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T02:15:07.200", | ||
| "lastModified": "2024-01-13T02:15:07.200", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as \"secret\". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-46943/", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "id": "CVE-2023-50072", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T01:15:38.663", | ||
| "lastModified": "2024-01-13T01:15:38.663", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/ahrixia/CVE-2023-50072", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "id": "CVE-2023-51804", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T02:15:07.257", | ||
| "lastModified": "2024-01-13T02:15:07.257", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/rymcu/forest/issues/149", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "id": "CVE-2023-51805", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-13T02:15:07.303", | ||
| "lastModified": "2024-01-13T02:15:07.303", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/TDuckCloud/tduck-platform/issues/22", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,19 +2,91 @@ | |
| "id": "CVE-2023-51952", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-10T15:15:08.997", | ||
| "lastModified": "2024-01-10T16:59:53.407", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2024-01-13T01:37:13.637", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stbpvid en la funci\u00f3n formSetIptv." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 9.8, | ||
| "baseSeverity": "CRITICAL" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-787" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "operator": "AND", | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": false, | ||
| "criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Exploit", | ||
| "Third Party Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,19 +2,91 @@ | |
| "id": "CVE-2023-51953", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-10T15:15:09.043", | ||
| "lastModified": "2024-01-10T16:59:53.407", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2024-01-13T01:37:10.030", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.mode en la funci\u00f3n formSetIptv." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 9.8, | ||
| "baseSeverity": "CRITICAL" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-787" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "operator": "AND", | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": false, | ||
| "criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Exploit", | ||
| "Third Party Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
Oops, something went wrong.