{"vulnerability": "CVE-2023-3802", "sightings": [{"uuid": "630cea22-8d15-475d-bd96-fe774f36b9af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38022", "type": "seen", "source": "https://t.me/cibsecurity/74019", "content": "\u203c\ufe0fCVE-2023-38022\u203c\ufe0f\n\nAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:31:01.000000Z"}, {"uuid": "ccfb2c69-5c02-42a1-80e3-150b5ff75330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38021", "type": "seen", "source": "https://t.me/cibsecurity/74018", "content": "\u203c\ufe0fCVE-2023-38021\u203c\ufe0f\n\nAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointeralignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call layer.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:30:56.000000Z"}, {"uuid": "7196a80b-2184-45d6-88d4-6a31aa3e4b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38021", "type": "seen", "source": "https://t.me/ctinow/170919", "content": "https://ift.tt/g4j5f9X\nCVE-2023-38021 | Fortanix EnclaveOS up to 3.31 on Intel SGX System Call enclave_ecall improper authorization (GHSA-v3vm-9h66-wm76)", "creation_timestamp": "2024-01-21T20:56:42.000000Z"}, {"uuid": "e12a4cc6-d67c-4a3a-b2f7-3dfca4d9a08e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38023", "type": "seen", "source": "https://t.me/ctinow/160751", "content": "https://ift.tt/g96zxpa\nCVE-2023-38023", "creation_timestamp": "2023-12-30T04:26:41.000000Z"}, {"uuid": "15b0cb66-3a6d-481c-b568-fcc6a975ad5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38022", "type": "seen", "source": "https://t.me/ctinow/160750", "content": "https://ift.tt/3wrYij9\nCVE-2023-38022", "creation_timestamp": "2023-12-30T04:26:39.000000Z"}, {"uuid": "90c0bb54-a41a-43f3-8715-7cf60c7133cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38021", "type": "seen", "source": "https://t.me/ctinow/160749", "content": "https://ift.tt/vnYFR6J\nCVE-2023-38021", "creation_timestamp": "2023-12-30T04:26:39.000000Z"}, {"uuid": "4b76607d-ace4-48aa-b676-089ccbf73969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3802", "type": "seen", "source": "https://t.me/cibsecurity/67066", "content": "\u203c CVE-2023-3802 \u203c\n\nA vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:10.000000Z"}, {"uuid": "883556c2-f65e-4317-bf42-116cc992a02b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38023", "type": "seen", "source": "https://t.me/cibsecurity/74020", "content": "\u203c\ufe0fCVE-2023-38023\u203c\ufe0f\n\nAn issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointeralignment logic in sconedispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\"\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:31:06.000000Z"}, {"uuid": "c2197b00-0048-4b17-a946-4350e1fccb56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38022", "type": "seen", "source": "https://t.me/ctinow/170921", "content": "https://ift.tt/74ZeDfG\nCVE-2023-38022 | Fortanix EnclaveOS up to 3.28 on Intel SGX sgx_is_within_user improper authorization", "creation_timestamp": "2024-01-21T20:56:44.000000Z"}, {"uuid": "7ff5ad72-9ea5-4f5f-825c-f64cab8aa994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38023", "type": "seen", "source": "https://t.me/ctinow/170920", "content": "https://ift.tt/mbNSjLs\nCVE-2023-38023 | Scontain SCONE up to 5.7.x on Intel SGX __scone_dispatch improper authorization (GHSA-v3vm-9h66-wm76)", "creation_timestamp": "2024-01-21T20:56:43.000000Z"}, {"uuid": "3b9906fe-fec8-4143-b0fa-0bd5f39ecd6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38029", "type": "seen", "source": "https://t.me/cibsecurity/69276", "content": "\u203c CVE-2023-38029 \u203c\n\nSaho\u00e2\u20ac\u2122s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T12:33:01.000000Z"}, {"uuid": "1cd490e6-faa3-45bd-9ac5-d44c7318d2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38028", "type": "seen", "source": "https://t.me/cibsecurity/69274", "content": "\u203c CVE-2023-38028 \u203c\n\nSaho\u00e2\u20ac\u2122s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can\u00e2\u20ac\u2122t control system or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T12:29:58.000000Z"}, {"uuid": "2331dcd1-3484-4399-abfd-514ffd99782d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38027", "type": "seen", "source": "https://t.me/cibsecurity/69265", "content": "\u203c CVE-2023-38027 \u203c\n\nSpotCam Co., Ltd. SpotCam Sense\u00e2\u20ac\u2122s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T07:21:33.000000Z"}, {"uuid": "62635150-cb62-4e59-bbfd-41ccc05f1f0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38025", "type": "seen", "source": "https://t.me/cibsecurity/69266", "content": "\u203c CVE-2023-38025 \u203c\n\nSpotCam Co., Ltd. SpotCam FHD 2\u00e2\u20ac\u2122s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T07:21:37.000000Z"}, {"uuid": "06a4441e-ef92-4c4c-bcf0-8de9a0786e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38026", "type": "seen", "source": "https://t.me/cibsecurity/69260", "content": "\u203c CVE-2023-38026 \u203c\n\nSpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T07:21:25.000000Z"}, {"uuid": "7b28843f-e7b0-4354-a07e-a3c7664d8fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38024", "type": "seen", "source": "https://t.me/cibsecurity/69257", "content": "\u203c CVE-2023-38024 \u203c\n\nSpotCam Co., Ltd. SpotCam FHD 2\u00e2\u20ac\u2122s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T07:21:22.000000Z"}, {"uuid": "1758efe2-01f9-4928-bd3d-b776b534e7f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38020", "type": "seen", "source": "https://t.me/ctinow/177920", "content": "https://ift.tt/AVdIRYg\nCVE-2023-38020", "creation_timestamp": "2024-02-02T05:21:34.000000Z"}]}