{"vulnerability": "CVE-2023-4625", "sightings": [{"uuid": "45f92282-151c-4596-b6a8-ed8e303382b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4625", "type": "seen", "source": "https://t.me/cibsecurity/73562", "content": "\u203c CVE-2023-4625 \u203c\n\nImproper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T07:30:31.000000Z"}, {"uuid": "80c9fb7d-ddd9-4fef-ae42-3a2f78b83bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46254", "type": "seen", "source": "https://t.me/cibsecurity/73635", "content": "\u203c CVE-2023-46254 \u203c\n\ncapsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn't allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T22:26:02.000000Z"}, {"uuid": "185c48a0-1975-4fa3-a146-26cbc6720ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46251", "type": "published-proof-of-concept", "source": "Telegram/vrYhd9EGO9YMgYE7p-1wX1LQ0PsHTFM-ZHccSrg8msBuxQ", "content": "", "creation_timestamp": "2023-11-06T20:28:49.000000Z"}, {"uuid": "801371dc-c13e-4318-9781-8df0bf8338f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46251", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/73623", "content": "\u203c CVE-2023-46251 \u203c\n\nMyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_):- _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T20:25:59.000000Z"}, {"uuid": "b25e25af-103e-4a49-9d91-6f23d17a1d66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46251", "type": "published-proof-of-concept", "source": "Telegram/nvHcaD1k09ioCsXkfpvyYRjz9w6NVZp19bu9X1G4nCv6Eg", "content": "", "creation_timestamp": "2023-11-07T03:38:07.000000Z"}, {"uuid": "926c842f-43d0-4f86-8c5e-34d3b717ca74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46250", "type": "seen", "source": "https://t.me/cibsecurity/73260", "content": "\u203c CVE-2023-46250 \u203c\n\npypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T19:22:29.000000Z"}, {"uuid": "72bff15a-9a4b-41ee-93f4-b812dbf6df47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46256", "type": "seen", "source": "https://t.me/cibsecurity/73256", "content": "\u203c CVE-2023-46256 \u203c\n\nPX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T19:22:24.000000Z"}, {"uuid": "efcf0e15-0dca-417c-83ed-7a64c5fff714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46255", "type": "seen", "source": "https://t.me/cibsecurity/73251", "content": "\u203c CVE-2023-46255 \u203c\n\nSpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T19:22:14.000000Z"}, {"uuid": "24aec9d6-d157-4a88-998a-f272290cb700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46251", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1814", "content": "CVE-2023-46251 - Stored DOM XSS\nMyBB < 1.8.37\nusage:\n[size='1337px;\\\">>\\<img/src=ccc/ onerror=alert`1`//id=name //&pt;']eviltext[/size]\n\nUPD: impact", "creation_timestamp": "2023-11-06T20:09:30.000000Z"}, {"uuid": "a0d92eac-fd27-4828-9079-c1f19cd04aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46259", "type": "seen", "source": "https://t.me/ctinow/167743", "content": "https://ift.tt/NgUdKGj\nCVE-2023-46259 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T08:46:17.000000Z"}, {"uuid": "624ee616-7a89-4677-b5ae-e0e7c8522f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46251", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4605", "content": "https://system32.ink/mybb-cve-2023-46251-stored-dom-xss/", "creation_timestamp": "2023-11-10T11:11:22.000000Z"}]}