diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json new file mode 100644 index 00000000000..6d01a722b07 --- /dev/null +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34829.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34829", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T03:15:07.587", + "lastModified": "2023-12-28T03:15:07.587", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/SecureScripts/TP-Link_Tapo_Hack", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json index c712df93140..7434a657b1d 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48795", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", - "lastModified": "2023-12-26T04:15:07.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-28T03:15:07.660", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -284,6 +284,14 @@ "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202312-16", + "source": "cve@mitre.org" + }, + { + "url": "https://security.gentoo.org/glsa/202312-17", + "source": "cve@mitre.org" + }, { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json new file mode 100644 index 00000000000..78194c7cef7 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49228.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49228", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T04:15:08.023", + "lastModified": "2023-12-28T04:15:08.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49229.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49229.json new file mode 100644 index 00000000000..da076c32519 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49229.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49229", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T04:15:08.100", + "lastModified": "2023-12-28T04:15:08.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json new file mode 100644 index 00000000000..c1156372d20 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49230.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49230", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T04:15:08.150", + "lastModified": "2023-12-28T04:15:08.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json new file mode 100644 index 00000000000..489e2058d83 --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51006.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51006", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T04:15:08.227", + "lastModified": "2023-12-28T04:15:08.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/firmianay/security-issues/tree/main/app/cn.etouch.ecalendar", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json new file mode 100644 index 00000000000..93cb3e70b30 --- /dev/null +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51010.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51010", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-28T04:15:08.280", + "lastModified": "2023-12-28T04:15:08.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/firmianay/security-issues/tree/main/app/com.sdjictec.qdmetro", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json index d0225381e3b..f053b89f721 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51385", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T19:15:08.773", - "lastModified": "2023-12-26T18:15:08.817", + "lastModified": "2023-12-28T03:15:07.990", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202312-17", + "source": "cve@mitre.org" + }, { "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json new file mode 100644 index 00000000000..7a14d80b1b0 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7124.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7124", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-28T03:15:08.070", + "lastModified": "2023-12-28T03:15:08.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input