admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-13T03:00:25.159356+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-13 03:00:28 +00:00
parent e45af9d437
commit 1a9d9897b0
28 changed files with 1611 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-334xx/CVE-2023-33472.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33472",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.060",
"lastModified": "2024-01-13T02:15:07.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function."
}
],
"metrics": {},
"references": [
{
"url": "https://hev0x.github.io/posts/scadalts-cve-2023-33472/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-468xx/CVE-2023-46805.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-46805",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-01-12T17:15:09.530",
"lastModified": "2024-01-12T20:46:59.220",
"lastModified": "2024-01-13T02:00:00.970",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-10",
"cisaActionDue": "2024-01-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-469xx/CVE-2023-46942.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46942",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.153",
"lastModified": "2024-01-13T02:15:07.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints."
}
],
"metrics": {},
"references": [
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-46942/",
"source": "cve@mitre.org"
},
{
"url": "https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-469xx/CVE-2023-46943.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46943",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.200",
"lastModified": "2024-01-13T02:15:07.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as \"secret\". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application."
}
],
"metrics": {},
"references": [
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-46943/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-500xx/CVE-2023-50072.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T01:15:38.663",
"lastModified": "2024-01-13T01:15:38.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-50072",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51804.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.257",
"lastModified": "2024-01-13T02:15:07.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rymcu/forest/issues/149",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51805.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51805",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.303",
"lastModified": "2024-01-13T02:15:07.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TDuckCloud/tduck-platform/issues/22",
"source": "cve@mitre.org"
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51952.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51952",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:08.997",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:13.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stbpvid en la funci\u00f3n formSetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51953.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51953",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.043",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:10.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.mode en la funci\u00f3n formSetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51954.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51954",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.093",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:07.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.port en la funci\u00f3n formSetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51955.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51955",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.150",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:05.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stballvlans en la funci\u00f3n formSetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51956.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51956",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.200",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:00.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv"
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.city.vlan en la funci\u00f3n formSetIptv"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51957.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51957",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.247",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:37:02.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.mode en la funci\u00f3n formGetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51958.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51958",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.290",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:59.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.port en la funci\u00f3n formGetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51959.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51959",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.347",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:56.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stbpvid en la funci\u00f3n formGetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51960.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51960",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.450",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:54.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.city.vlan en la funci\u00f3n formGetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51961.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51961",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T14:15:44.520",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:47.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stballvlans en la funci\u00f3n formGetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51962.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51962",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T16:15:49.763",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:45.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.mode en la funci\u00f3n setIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51963.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51963",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.557",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:53.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.city.vlan en la funci\u00f3n setIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51964.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51964",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.610",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:52.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.port en la funci\u00f3n setIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51965.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51965",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T15:15:09.663",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:50.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stbpvid en la funci\u00f3n setIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51966.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51966",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T14:15:44.583",
"lastModified": "2024-01-10T16:59:53.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:48.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stballvlans en la funci\u00f3n setIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51967.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51967",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T16:15:49.840",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:44.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.port en la funci\u00f3n getIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51968.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51968",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T16:15:49.887",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:42.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stballvlans en la funci\u00f3n getIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51969.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51969",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T16:15:49.930",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:31.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.city.vlan en la funci\u00f3n getIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51970.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51970",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T16:15:49.977",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-13T01:36:40.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro iptv.stb.mode en la funci\u00f3n formSetIptv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-218xx/CVE-2024-21887.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2024-21887",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-01-12T17:15:10.017",
"lastModified": "2024-01-12T20:46:41.213",
"lastModified": "2024-01-13T02:00:00.970",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-10",
"cisaActionDue": "2024-01-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Connect Secure and Policy Secure Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-13T00:55:23.897752+00:00
2024-01-13T03:00:25.159356+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-13T00:15:44.383000+00:00
2024-01-13T02:15:07.303000+00:00
```
### Last Data Feed Release
@ -23,34 +23,52 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-12T01:00:28.251268+00:00
2024-01-13T01:00:28.264436+00:00
```
### Total Number of included CVEs
```plain
235815
235821
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `6`
* [CVE-2023-48166](CVE-2023/CVE-2023-481xx/CVE-2023-48166.json) (`2024-01-12T23:15:08.727`)
* [CVE-2024-0230](CVE-2024/CVE-2024-02xx/CVE-2024-0230.json) (`2024-01-12T23:15:08.847`)
* [CVE-2024-0474](CVE-2024/CVE-2024-04xx/CVE-2024-0474.json) (`2024-01-12T23:15:08.890`)
* [CVE-2024-23301](CVE-2024/CVE-2024-233xx/CVE-2024-23301.json) (`2024-01-12T23:15:10.030`)
* [CVE-2024-0475](CVE-2024/CVE-2024-04xx/CVE-2024-0475.json) (`2024-01-13T00:15:43.943`)
* [CVE-2024-22137](CVE-2024/CVE-2024-221xx/CVE-2024-22137.json) (`2024-01-13T00:15:44.187`)
* [CVE-2024-22142](CVE-2024/CVE-2024-221xx/CVE-2024-22142.json) (`2024-01-13T00:15:44.383`)
* [CVE-2023-50072](CVE-2023/CVE-2023-500xx/CVE-2023-50072.json) (`2024-01-13T01:15:38.663`)
* [CVE-2023-33472](CVE-2023/CVE-2023-334xx/CVE-2023-33472.json) (`2024-01-13T02:15:07.060`)
* [CVE-2023-46942](CVE-2023/CVE-2023-469xx/CVE-2023-46942.json) (`2024-01-13T02:15:07.153`)
* [CVE-2023-46943](CVE-2023/CVE-2023-469xx/CVE-2023-46943.json) (`2024-01-13T02:15:07.200`)
* [CVE-2023-51804](CVE-2023/CVE-2023-518xx/CVE-2023-51804.json) (`2024-01-13T02:15:07.257`)
* [CVE-2023-51805](CVE-2023/CVE-2023-518xx/CVE-2023-51805.json) (`2024-01-13T02:15:07.303`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `21`
* [CVE-2022-4962](CVE-2022/CVE-2022-49xx/CVE-2022-4962.json) (`2024-01-12T23:15:08.440`)
* [CVE-2024-20674](CVE-2024/CVE-2024-206xx/CVE-2024-20674.json) (`2024-01-12T23:15:09.320`)
* [CVE-2023-51969](CVE-2023/CVE-2023-519xx/CVE-2023-51969.json) (`2024-01-13T01:36:31.257`)
* [CVE-2023-51970](CVE-2023/CVE-2023-519xx/CVE-2023-51970.json) (`2024-01-13T01:36:40.447`)
* [CVE-2023-51968](CVE-2023/CVE-2023-519xx/CVE-2023-51968.json) (`2024-01-13T01:36:42.873`)
* [CVE-2023-51967](CVE-2023/CVE-2023-519xx/CVE-2023-51967.json) (`2024-01-13T01:36:44.320`)
* [CVE-2023-51962](CVE-2023/CVE-2023-519xx/CVE-2023-51962.json) (`2024-01-13T01:36:45.693`)
* [CVE-2023-51961](CVE-2023/CVE-2023-519xx/CVE-2023-51961.json) (`2024-01-13T01:36:47.613`)
* [CVE-2023-51966](CVE-2023/CVE-2023-519xx/CVE-2023-51966.json) (`2024-01-13T01:36:48.990`)
* [CVE-2023-51965](CVE-2023/CVE-2023-519xx/CVE-2023-51965.json) (`2024-01-13T01:36:50.583`)
* [CVE-2023-51964](CVE-2023/CVE-2023-519xx/CVE-2023-51964.json) (`2024-01-13T01:36:52.113`)
* [CVE-2023-51963](CVE-2023/CVE-2023-519xx/CVE-2023-51963.json) (`2024-01-13T01:36:53.490`)
* [CVE-2023-51960](CVE-2023/CVE-2023-519xx/CVE-2023-51960.json) (`2024-01-13T01:36:54.740`)
* [CVE-2023-51959](CVE-2023/CVE-2023-519xx/CVE-2023-51959.json) (`2024-01-13T01:36:56.537`)
* [CVE-2023-51958](CVE-2023/CVE-2023-519xx/CVE-2023-51958.json) (`2024-01-13T01:36:59.057`)
* [CVE-2023-51956](CVE-2023/CVE-2023-519xx/CVE-2023-51956.json) (`2024-01-13T01:37:00.747`)
* [CVE-2023-51957](CVE-2023/CVE-2023-519xx/CVE-2023-51957.json) (`2024-01-13T01:37:02.417`)
* [CVE-2023-51955](CVE-2023/CVE-2023-519xx/CVE-2023-51955.json) (`2024-01-13T01:37:05.593`)
* [CVE-2023-51954](CVE-2023/CVE-2023-519xx/CVE-2023-51954.json) (`2024-01-13T01:37:07.867`)
* [CVE-2023-51953](CVE-2023/CVE-2023-519xx/CVE-2023-51953.json) (`2024-01-13T01:37:10.030`)
* [CVE-2023-51952](CVE-2023/CVE-2023-519xx/CVE-2023-51952.json) (`2024-01-13T01:37:13.637`)
* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-13T02:00:00.970`)
* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-13T02:00:00.970`)
## Download and Usage