Auto-Update: 2023-11-06T07:00:18.818344+00:00

2025-05-07 03:02:20 +00:00 · 2023-11-06 07:00:22 +00:00 · 2023-11-06 07:00:22 +00:00 · a285cc7176
commit a285cc7176
parent 3a199c2b5a
7 changed files with 231 additions and 26 deletions
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-27576",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-18T15:15:09.723",
-  "lastModified": "2023-08-28T17:15:09.600",
+  "lastModified": "2023-11-06T06:15:40.640",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover."
+      "value": "An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover."
    },
    {
      "lang": "es",
@ -76,6 +76,14 @@
        "Technical Description",
        "Third Party Advisory"
      ]
+    },
+    {
+      "url": "https://github.com/phpList/phplist3/pull/986",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.phplist.org/newslist/phplist-3-6-14-release-notes/",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json
+++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-38406",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-06T06:15:40.850",
+  "lastModified": "2023-11-06T06:15:40.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a \"flowspec overflow.\""
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/FRRouting/frr/compare/frr-8.4.2...frr-8.4.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/FRRouting/frr/pull/12884",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json
+++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-38407",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-06T06:15:40.907",
+  "lastModified": "2023-11-06T06:15:40.907",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/FRRouting/frr/pull/12951",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/FRRouting/frr/pull/12956",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json
+++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4625",
+  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+  "published": "2023-11-06T05:15:15.187",
+  "lastModified": "2023-11-06T06:15:41.487",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-307"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/vu/JVNVU94620134",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    },
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    },
+    {
+      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json
+++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4699",
+  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+  "published": "2023-11-06T06:15:41.563",
+  "lastModified": "2023-11-06T06:15:41.563",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.\n\n\n\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-345"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/vu/JVNVU94620134/",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    },
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    },
+    {
+      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf",
+      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json
+++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-47253",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-06T06:15:40.957",
+  "lastModified": "2023-11-06T06:15:40.957",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://openxp.xpsec.co/blog/cve-2023-47253",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.linkedin.com/in/hairrison-wenning-4631a4124/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.linkedin.com/in/xvinicius/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.qualitor.com.br/qualitor-8-20",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-06T05:00:18.979156+00:00
+2023-11-06T07:00:18.818344+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-06T04:15:08.097000+00:00
+2023-11-06T06:15:41.563000+00:00
 ```

 ### Last Data Feed Release
@ -29,38 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-229807
+229812
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `11`
+Recently added CVEs: `5`

-* [CVE-2023-20702](CVE-2023/CVE-2023-207xx/CVE-2023-20702.json) (`2023-11-06T04:15:07.653`)
-* [CVE-2023-32818](CVE-2023/CVE-2023-328xx/CVE-2023-32818.json) (`2023-11-06T04:15:07.713`)
-* [CVE-2023-32825](CVE-2023/CVE-2023-328xx/CVE-2023-32825.json) (`2023-11-06T04:15:07.757`)
-* [CVE-2023-32832](CVE-2023/CVE-2023-328xx/CVE-2023-32832.json) (`2023-11-06T04:15:07.797`)
-* [CVE-2023-32834](CVE-2023/CVE-2023-328xx/CVE-2023-32834.json) (`2023-11-06T04:15:07.843`)
-* [CVE-2023-32835](CVE-2023/CVE-2023-328xx/CVE-2023-32835.json) (`2023-11-06T04:15:07.887`)
-* [CVE-2023-32836](CVE-2023/CVE-2023-328xx/CVE-2023-32836.json) (`2023-11-06T04:15:07.930`)
-* [CVE-2023-32837](CVE-2023/CVE-2023-328xx/CVE-2023-32837.json) (`2023-11-06T04:15:07.973`)
-* [CVE-2023-32838](CVE-2023/CVE-2023-328xx/CVE-2023-32838.json) (`2023-11-06T04:15:08.013`)
-* [CVE-2023-32839](CVE-2023/CVE-2023-328xx/CVE-2023-32839.json) (`2023-11-06T04:15:08.053`)
-* [CVE-2023-32840](CVE-2023/CVE-2023-328xx/CVE-2023-32840.json) (`2023-11-06T04:15:08.097`)
+* [CVE-2023-38406](CVE-2023/CVE-2023-384xx/CVE-2023-38406.json) (`2023-11-06T06:15:40.850`)
+* [CVE-2023-38407](CVE-2023/CVE-2023-384xx/CVE-2023-38407.json) (`2023-11-06T06:15:40.907`)
+* [CVE-2023-47253](CVE-2023/CVE-2023-472xx/CVE-2023-47253.json) (`2023-11-06T06:15:40.957`)
+* [CVE-2023-4625](CVE-2023/CVE-2023-46xx/CVE-2023-4625.json) (`2023-11-06T05:15:15.187`)
+* [CVE-2023-4699](CVE-2023/CVE-2023-46xx/CVE-2023-4699.json) (`2023-11-06T06:15:41.563`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `8`
+Recently modified CVEs: `1`

-* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-11-06T03:15:11.573`)
-* [CVE-2023-22025](CVE-2023/CVE-2023-220xx/CVE-2023-22025.json) (`2023-11-06T03:15:11.670`)
-* [CVE-2023-22081](CVE-2023/CVE-2023-220xx/CVE-2023-22081.json) (`2023-11-06T03:15:11.773`)
-* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-11-06T03:15:11.870`)
-* [CVE-2023-39456](CVE-2023/CVE-2023-394xx/CVE-2023-39456.json) (`2023-11-06T03:15:11.950`)
-* [CVE-2023-41752](CVE-2023/CVE-2023-417xx/CVE-2023-41752.json) (`2023-11-06T03:15:12.027`)
-* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-06T03:15:12.107`)
-* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-06T03:15:12.470`)
+* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-11-06T06:15:40.640`)


 ## Download and Usage