{"vulnerability": "CVE-2023-4630", "sightings": [{"uuid": "3d342ad1-cc28-4b6a-903a-41a2ff4e9ae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46309", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2lamniy25", "content": "", "creation_timestamp": "2025-01-02T12:16:40.671868Z"}, {"uuid": "f3d66ace-0ff6-4e72-9875-1f543c075d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46300", "type": "seen", "source": "https://t.me/cibsecurity/72741", "content": "\u203c CVE-2023-46300 \u203c\n\niTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-22T07:41:28.000000Z"}, {"uuid": "723615e7-7b3b-4947-b168-2c108ae7eb86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46309", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113759032903015004", "content": "", "creation_timestamp": "2025-01-02T13:38:08.094237Z"}, {"uuid": "18e4dc28-f34b-4e99-9509-f72083a8f45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46307", "type": "seen", "source": "https://t.me/ctinow/155594", "content": "https://ift.tt/BvW8C0T\nCVE-2023-46307 | etc-browser 87ae63d75260 Web Server server.js path traversal", "creation_timestamp": "2023-12-17T13:12:02.000000Z"}, {"uuid": "82fdf3d9-84f5-48ec-a0ae-4d8cb7650209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46308", "type": "seen", "source": "https://t.me/cibsecurity/74274", "content": "\u203c\ufe0fCVE-2023-46308\u203c\ufe0f\n\nIn Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:32:05.000000Z"}, {"uuid": "714c2460-c0aa-40b3-8c4b-a83ec2194048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46306", "type": "seen", "source": "https://t.me/cibsecurity/72746", "content": "\u203c CVE-2023-46306 \u203c\n\nThe web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-23T00:39:04.000000Z"}, {"uuid": "ddc07f9c-4ed5-4f2a-a3c8-1783660d22ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46301", "type": "seen", "source": "https://t.me/cibsecurity/72740", "content": "\u203c CVE-2023-46301 \u203c\n\niTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-22T07:41:28.000000Z"}, {"uuid": "a2a170e9-7ba6-4075-9dc1-2c2e3b6a7632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46303", "type": "seen", "source": "https://t.me/cibsecurity/72744", "content": "\u203c CVE-2023-46303 \u203c\n\nlink_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2024-08-12T23:54:17.000000Z"}, {"uuid": "1e9eb75b-7e2a-4699-acfc-4a0189671325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46308", "type": "seen", "source": "https://t.me/ctinow/162205", "content": "https://ift.tt/9AJISVP\nCVE-2023-46308", "creation_timestamp": "2024-01-03T06:26:39.000000Z"}, {"uuid": "4c9d3abd-eaca-4c6f-b7ad-6337a1777267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46303", "type": "seen", "source": "https://t.me/arpsyndicate/2943", "content": "#ExploitObserverAlert\n\nCVE-2023-46303\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-46303. link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-19T17:14:58.000000Z"}, {"uuid": "e2200274-b258-412a-92b7-08e4fe0d15f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46308", "type": "seen", "source": "https://t.me/ctinow/171920", "content": "https://ift.tt/maLfy6t\nCVE-2023-46308 | plotly.js up to 2.25.1 API Call expandObjectPaths/nestedProperty code injection", "creation_timestamp": "2024-01-23T12:51:47.000000Z"}]}