Auto-Update: 2023-11-05T00:55:19.030960+00:00

2025-06-21 17:41:05 +00:00 · 2023-11-05 00:55:22 +00:00 · 2023-11-05 00:55:22 +00:00 · 0b4d1dfb71
commit 0b4d1dfb71
parent e946a96bef
9 changed files with 173 additions and 6 deletions
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40922.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40922",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-04T23:15:07.807",
+  "lastModified": "2023-11-04T23:15:07.807",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/11/02/kerawen.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json
+++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46380",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-04T23:15:07.910",
+  "lastModified": "2023-11-04T23:15:07.910",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://seclists.org/fulldisclosure/2023/Nov/0",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json
+++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46381",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-04T23:15:07.957",
+  "lastModified": "2023-11-04T23:15:07.957",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://seclists.org/fulldisclosure/2023/Nov/0",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json
+++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46382",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-04T23:15:08.003",
+  "lastModified": "2023-11-04T23:15:08.003",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://seclists.org/fulldisclosure/2023/Nov/0",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json
+++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46963.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46963",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-04T23:15:08.100",
+  "lastModified": "2023-11-04T23:15:08.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/NBSLclass/glassfish/blob/main/Proof-of-vulnerability.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json
+++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46964.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46964",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-05T00:15:08.527",
+  "lastModified": "2023-11-05T00:15:08.527",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://foremost-smash-52a.notion.site/Hillstone-Next-Generation-FireWall-XSS-CVE-2023-46964-6cf1fe91e7ed4795adb1d89d75030d16",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json
+++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46981.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46981",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-05T00:15:08.580",
+  "lastModified": "2023-11-05T00:15:08.580",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/JunFengDeng/Cve-List/blob/main/novel-plus/20231027/vuln/readme.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json
+++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47249.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-47249",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-05T00:15:08.627",
+  "lastModified": "2023-11-05T00:15:08.627",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-04T23:00:19.317035+00:00
+2023-11-05T00:55:19.030960+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-04T22:15:08.517000+00:00
+2023-11-05T00:15:08.627000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-229779
+229787
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `8`

+* [CVE-2023-40922](CVE-2023/CVE-2023-409xx/CVE-2023-40922.json) (`2023-11-04T23:15:07.807`)
+* [CVE-2023-46380](CVE-2023/CVE-2023-463xx/CVE-2023-46380.json) (`2023-11-04T23:15:07.910`)
+* [CVE-2023-46381](CVE-2023/CVE-2023-463xx/CVE-2023-46381.json) (`2023-11-04T23:15:07.957`)
+* [CVE-2023-46382](CVE-2023/CVE-2023-463xx/CVE-2023-46382.json) (`2023-11-04T23:15:08.003`)
+* [CVE-2023-46963](CVE-2023/CVE-2023-469xx/CVE-2023-46963.json) (`2023-11-04T23:15:08.100`)
+* [CVE-2023-46964](CVE-2023/CVE-2023-469xx/CVE-2023-46964.json) (`2023-11-05T00:15:08.527`)
+* [CVE-2023-46981](CVE-2023/CVE-2023-469xx/CVE-2023-46981.json) (`2023-11-05T00:15:08.580`)
+* [CVE-2023-47249](CVE-2023/CVE-2023-472xx/CVE-2023-47249.json) (`2023-11-05T00:15:08.627`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-47233](CVE-2023/CVE-2023-472xx/CVE-2023-47233.json) (`2023-11-04T22:15:08.517`)


 ## Download and Usage