{"vulnerability": "CVE-2023-3961", "sightings": [{"uuid": "0208344e-0da5-427d-acd1-d18351d16b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39610", "type": "seen", "source": "https://t.me/cibsecurity/73276", "content": "\u203c CVE-2023-39610 \u203c\n\nAn issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T23:21:13.000000Z"}, {"uuid": "a8cc4a0d-7e72-46a7-beb0-ba908088c918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3961", "type": "seen", "source": "https://t.me/cibsecurity/73527", "content": "\u203c CVE-2023-3961 \u203c\n\nA path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T15:23:35.000000Z"}, {"uuid": "30f76fb1-eca0-4e30-8ce7-e3c7b61912e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39611", "type": "seen", "source": "https://t.me/ctinow/192788", "content": "https://ift.tt/vXnxg8H\nCVE-2023-39611 | Software FX Chart FX 7 7.0.4962.20829 Web Request information disclosure", "creation_timestamp": "2024-02-25T09:11:32.000000Z"}, {"uuid": "6877cd86-2f62-4ba1-a086-b2c1ac7e08e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39611", "type": "seen", "source": "https://t.me/ctinow/178029", "content": "https://ift.tt/qEMQyUB\nCVE-2023-39611", "creation_timestamp": "2024-02-02T11:31:47.000000Z"}, {"uuid": "e3780c58-f7c7-47c2-acfa-8b524cbb8d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39612", "type": "seen", "source": "https://t.me/cibsecurity/70627", "content": "\u203c CVE-2023-39612 \u203c\n\nA cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T07:26:03.000000Z"}, {"uuid": "a3a0a6ab-21ff-410a-8139-cd0f683eb5ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39611", "type": "seen", "source": "https://t.me/ctinow/182245", "content": "https://ift.tt/rRtXCmj\nCVE-2023-39611 Exploit", "creation_timestamp": "2024-02-09T21:17:14.000000Z"}, {"uuid": "833c67dc-04aa-4368-b5e3-83f9a82c1325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39616", "type": "seen", "source": "https://t.me/cibsecurity/69363", "content": "\u203c CVE-2023-39616 \u203c\n\nAOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-29T20:17:39.000000Z"}, {"uuid": "4454fa39-62a5-494d-afd2-da3cf363e45a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39615", "type": "seen", "source": "https://t.me/cibsecurity/69365", "content": "\u203c CVE-2023-39615 \u203c\n\nXmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-29T20:17:41.000000Z"}]}