diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json index d6291c30c05..3f6019bc176 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27576.json @@ -2,12 +2,12 @@ "id": "CVE-2023-27576", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T15:15:09.723", - "lastModified": "2023-08-28T17:15:09.600", + "lastModified": "2023-11-06T06:15:40.640", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover." + "value": "An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover." }, { "lang": "es", @@ -76,6 +76,14 @@ "Technical Description", "Third Party Advisory" ] + }, + { + "url": "https://github.com/phpList/phplist3/pull/986", + "source": "cve@mitre.org" + }, + { + "url": "https://www.phplist.org/newslist/phplist-3-6-14-release-notes/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json new file mode 100644 index 00000000000..3580e7d6db8 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38406.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38406", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-06T06:15:40.850", + "lastModified": "2023-11-06T06:15:40.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a \"flowspec overflow.\"" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/FRRouting/frr/compare/frr-8.4.2...frr-8.4.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FRRouting/frr/pull/12884", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json new file mode 100644 index 00000000000..cf7bf8cbad6 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38407.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-38407", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-06T06:15:40.907", + "lastModified": "2023-11-06T06:15:40.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FRRouting/frr/pull/12951", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FRRouting/frr/pull/12956", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json new file mode 100644 index 00000000000..2823e5cda92 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4625", + "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "published": "2023-11-06T05:15:15.187", + "lastModified": "2023-11-06T06:15:41.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/vu/JVNVU94620134", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json new file mode 100644 index 00000000000..49e4c0557d4 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4699.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4699", + "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "published": "2023-11-06T06:15:41.563", + "lastModified": "2023-11-06T06:15:41.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/vu/JVNVU94620134/", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json new file mode 100644 index 00000000000..87e98ce981d --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-47253", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-06T06:15:40.957", + "lastModified": "2023-11-06T06:15:40.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://openxp.xpsec.co/blog/cve-2023-47253", + "source": "cve@mitre.org" + }, + { + "url": "https://www.linkedin.com/in/hairrison-wenning-4631a4124/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.linkedin.com/in/xvinicius/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.qualitor.com.br/qualitor-8-20", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7c5466d2a6d..6c3090bf93a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-06T05:00:18.979156+00:00 +2023-11-06T07:00:18.818344+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-06T04:15:08.097000+00:00 +2023-11-06T06:15:41.563000+00:00 ``` ### Last Data Feed Release @@ -29,38 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229807 +229812 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `5` -* [CVE-2023-20702](CVE-2023/CVE-2023-207xx/CVE-2023-20702.json) (`2023-11-06T04:15:07.653`) -* [CVE-2023-32818](CVE-2023/CVE-2023-328xx/CVE-2023-32818.json) (`2023-11-06T04:15:07.713`) -* [CVE-2023-32825](CVE-2023/CVE-2023-328xx/CVE-2023-32825.json) (`2023-11-06T04:15:07.757`) -* [CVE-2023-32832](CVE-2023/CVE-2023-328xx/CVE-2023-32832.json) (`2023-11-06T04:15:07.797`) -* [CVE-2023-32834](CVE-2023/CVE-2023-328xx/CVE-2023-32834.json) (`2023-11-06T04:15:07.843`) -* [CVE-2023-32835](CVE-2023/CVE-2023-328xx/CVE-2023-32835.json) (`2023-11-06T04:15:07.887`) -* [CVE-2023-32836](CVE-2023/CVE-2023-328xx/CVE-2023-32836.json) (`2023-11-06T04:15:07.930`) -* [CVE-2023-32837](CVE-2023/CVE-2023-328xx/CVE-2023-32837.json) (`2023-11-06T04:15:07.973`) -* [CVE-2023-32838](CVE-2023/CVE-2023-328xx/CVE-2023-32838.json) (`2023-11-06T04:15:08.013`) -* [CVE-2023-32839](CVE-2023/CVE-2023-328xx/CVE-2023-32839.json) (`2023-11-06T04:15:08.053`) -* [CVE-2023-32840](CVE-2023/CVE-2023-328xx/CVE-2023-32840.json) (`2023-11-06T04:15:08.097`) +* [CVE-2023-38406](CVE-2023/CVE-2023-384xx/CVE-2023-38406.json) (`2023-11-06T06:15:40.850`) +* [CVE-2023-38407](CVE-2023/CVE-2023-384xx/CVE-2023-38407.json) (`2023-11-06T06:15:40.907`) +* [CVE-2023-47253](CVE-2023/CVE-2023-472xx/CVE-2023-47253.json) (`2023-11-06T06:15:40.957`) +* [CVE-2023-4625](CVE-2023/CVE-2023-46xx/CVE-2023-4625.json) (`2023-11-06T05:15:15.187`) +* [CVE-2023-4699](CVE-2023/CVE-2023-46xx/CVE-2023-4699.json) (`2023-11-06T06:15:41.563`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `1` -* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-11-06T03:15:11.573`) -* [CVE-2023-22025](CVE-2023/CVE-2023-220xx/CVE-2023-22025.json) (`2023-11-06T03:15:11.670`) -* [CVE-2023-22081](CVE-2023/CVE-2023-220xx/CVE-2023-22081.json) (`2023-11-06T03:15:11.773`) -* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-11-06T03:15:11.870`) -* [CVE-2023-39456](CVE-2023/CVE-2023-394xx/CVE-2023-39456.json) (`2023-11-06T03:15:11.950`) -* [CVE-2023-41752](CVE-2023/CVE-2023-417xx/CVE-2023-41752.json) (`2023-11-06T03:15:12.027`) -* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-06T03:15:12.107`) -* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-06T03:15:12.470`) +* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-11-06T06:15:40.640`) ## Download and Usage