{"vulnerability": "CVE-2023-2847", "sightings": [{"uuid": "afaf6edb-e9d2-49d4-9aa0-7dbb5e7ff31c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28470", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5140", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28470\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.\n\ud83d\udccf Published: 2023-03-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T15:19:04.775Z\n\ud83d\udd17 References:\n1. https://forums.couchbase.com/tags/security\n2. https://www.couchbase.com/downloads\n3. https://docs.couchbase.com/server/current/release-notes/relnotes.html\n4. https://www.couchbase.com/alerts/", "creation_timestamp": "2025-02-24T15:27:38.000000Z"}, {"uuid": "2e8a4281-745b-4db0-b45a-2a052fca7c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2847", "type": "seen", "source": "https://t.me/cibsecurity/65259", "content": "\u203c CVE-2023-2847 \u203c\n\nDuring internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-15T12:36:12.000000Z"}, {"uuid": "e2eb521b-929b-4bd9-8045-d74e73ed262a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28471", "type": "seen", "source": "Telegram/Yo7K5_5vIiyqDBZ9EfeK8M4mQVF46BnXunyhWFsv0l38DYIM", "content": "", "creation_timestamp": "2025-02-01T17:28:11.000000Z"}, {"uuid": "f7246e8e-3014-47c0-b9ba-cc59cfe0e214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28479", "type": "seen", "source": "https://t.me/cibsecurity/68537", "content": "\u203c CVE-2023-28479 \u203c\n\nAn issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T18:30:33.000000Z"}, {"uuid": "3088344e-28d1-48a9-a479-c37cbafe8422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28476", "type": "seen", "source": "https://t.me/cibsecurity/63065", "content": "\u203c CVE-2023-28476 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:30.000000Z"}, {"uuid": "04c00b9c-386c-43bf-afce-4e079d360db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28473", "type": "seen", "source": "https://t.me/cibsecurity/63071", "content": "\u203c CVE-2023-28473 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:36.000000Z"}, {"uuid": "65e6a498-1ce8-40b0-972f-9993d3806163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28475", "type": "seen", "source": "https://t.me/cibsecurity/63059", "content": "\u203c CVE-2023-28475 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:24.000000Z"}, {"uuid": "60b53c84-2bb8-4bdf-a8d8-441655c770b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28472", "type": "seen", "source": "https://t.me/cibsecurity/63058", "content": "\u203c CVE-2023-28472 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:23.000000Z"}, {"uuid": "d1a84cc0-0729-440f-91bf-65765755b769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28471", "type": "seen", "source": "https://t.me/cibsecurity/63054", "content": "\u203c CVE-2023-28471 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:19.000000Z"}, {"uuid": "72127530-7360-423f-8c6d-6bf9af3381b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28474", "type": "seen", "source": "https://t.me/cibsecurity/63056", "content": "\u203c CVE-2023-28474 \u203c\n\nConcrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T18:27:21.000000Z"}]}