{"vulnerability": "cve-2023-2649", "sightings": [{"uuid": "ffe0796a-50f1-4e93-ad54-c2fdb8b28de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26497", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html", "content": "", "creation_timestamp": "2023-03-16T18:07:00.000000Z"}, {"uuid": "7478e470-108a-4bbb-a958-3db5da665295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26496", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html", "content": "", "creation_timestamp": "2023-03-16T18:07:00.000000Z"}, {"uuid": "3ffb6ffa-ec39-46f8-818a-37e5e23425b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26498", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html", "content": "", "creation_timestamp": "2023-03-16T18:07:00.000000Z"}, {"uuid": "1392e4be-ab2f-4ecc-9e57-cadd0e7acd55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26490", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26490\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs.\n\ud83d\udccf Published: 2023-03-03T23:37:03.105Z\n\ud83d\udccf Modified: 2025-02-25T15:02:06.803Z\n\ud83d\udd17 References:\n1. https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7\n2. https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03", "creation_timestamp": "2025-02-25T15:23:29.000000Z"}, {"uuid": "cfc9e8f0-fd20-4ecd-93d3-297e6dc447ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26494", "type": "seen", "source": "https://t.me/cibsecurity/62735", "content": "\u203c CVE-2023-26494 \u203c\n\nlorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T20:19:36.000000Z"}, {"uuid": "7859b650-c06f-4953-be0e-1048641ff50f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26492", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5302", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26492\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.\n\ud83d\udccf Published: 2023-03-03T21:49:02.314Z\n\ud83d\udccf Modified: 2025-02-25T15:02:38.689Z\n\ud83d\udd17 References:\n1. https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h\n2. https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff\n3. https://github.com/directus/directus/releases/tag/v9.23.0", "creation_timestamp": "2025-02-25T15:23:24.000000Z"}, {"uuid": "6d042550-3189-423e-8c1b-3306bc3ffde5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26491", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5306", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26491\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)\n\ud83d\udd39 Description: RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds.\n\ud83d\udccf Published: 2023-03-03T22:41:37.230Z\n\ud83d\udccf Modified: 2025-02-25T15:02:18.810Z\n\ud83d\udd17 References:\n1. https://github.com/DIYgod/RSSHub/security/advisories/GHSA-32gr-4cq6-5w5q\n2. https://github.com/DIYgod/RSSHub/commit/c910c4d28717fb860fbe064736641f379fab2c91", "creation_timestamp": "2025-02-25T15:23:28.000000Z"}, {"uuid": "2d8e58a2-1f98-422e-9fc7-21dc8f308bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2649", "type": "seen", "source": "https://t.me/cibsecurity/63865", "content": "\u203c CVE-2023-2649 \u203c\n\nA vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T12:15:15.000000Z"}, {"uuid": "7a5fad25-9921-435d-951c-41688d7b4c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26495", "type": "seen", "source": "https://t.me/cibsecurity/61805", "content": "\u203c CVE-2023-26495 \u203c\n\nAn issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T00:22:54.000000Z"}, {"uuid": "3cb5d63a-cc61-4513-85c3-8fe6a8b088e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-26492", "type": "published-proof-of-concept", "source": "https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h", "content": "", "creation_timestamp": "2023-03-03T18:22:27.000000Z"}, {"uuid": "bfa50791-b3ef-4a8c-8986-9cddd2ed0d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26492", "type": "seen", "source": "https://t.me/cibsecurity/59400", "content": "\u203c CVE-2023-26492 \u203c\n\nDirectus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-04T00:35:24.000000Z"}, {"uuid": "9c1e3214-7b8d-4675-9aeb-95f72851e4fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26493", "type": "seen", "source": "https://t.me/cibsecurity/60847", "content": "\u203c CVE-2023-26493 \u203c\n\nCocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the `web-interface-check.yml` was subject to command injection. The `web-interface-check.yml` was triggered when a pull request was opened or updated and contained the user controllable field `(${{ github.head_ref }} \u00e2\u20ac\u201c the name of the fork\u00e2\u20ac\u2122s branch)`. This would allow an attacker to take over the GitHub Runner and run custom commands (potentially stealing secrets such as GITHUB_TOKEN) and altering the repository. The workflow has since been removed for the repository. There are no actions required of users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T02:26:17.000000Z"}, {"uuid": "724a29c6-4d9e-40dd-a84f-b2973505565b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26491", "type": "seen", "source": "https://t.me/cibsecurity/59422", "content": "\u203c CVE-2023-26491 \u203c\n\nRSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-04T02:35:51.000000Z"}, {"uuid": "a58bc284-e5f0-4e4e-8bd0-70965396d2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26490", "type": "seen", "source": "https://t.me/cibsecurity/59419", "content": "\u203c CVE-2023-26490 \u203c\n\nmailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-04T02:35:45.000000Z"}]}