admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-11 22:00:33 +00:00
parent 92779ef3aa
commit 5b115ccc35
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 171 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/39xxx/CVE-2021-39473.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/Saibamen/HotelManager/issues/49",
"url": "https://github.com/Saibamen/HotelManager/issues/49"
},
{
"refsource": "MISC",
"name": "https://github.com/BrunoTeixeira1996/CVE-2021-39473",
"url": "https://github.com/BrunoTeixeira1996/CVE-2021-39473"
}
]
}

66
2023/38xxx/CVE-2023-38878.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/devcode-it/openstamanager",
"refsource": "MISC",
"name": "https://github.com/devcode-it/openstamanager"
},
{
"url": "https://openstamanager.com/",
"refsource": "MISC",
"name": "https://openstamanager.com/"
},
{
"refsource": "MISC",
"name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878",
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878"
}
]
}

5
2023/41xxx/CVE-2023-41635.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
"refsource": "MISC",
"name": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md"
},
{
"refsource": "MISC",
"name": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md"
}
]
}

5
2023/41xxx/CVE-2023-41640.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md",
"refsource": "MISC",
"name": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md"
},
{
"refsource": "MISC",
"name": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41640%20%7C%20RealGimm%20-%20Information%20disclosure.md",
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41640%20%7C%20RealGimm%20-%20Information%20disclosure.md"
}
]
}

100
2023/41xxx/CVE-2023-41879.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a \"guest-view\" cookie which contains the order's \"protect_code\". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values",
"cweId": "CWE-330"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenMage",
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 19.5.0"
},
{
"version_affected": "=",
"version_value": ">= 20.0.0, <= 20.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp",
"refsource": "MISC",
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp"
},
{
"url": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128",
"refsource": "MISC",
"name": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128"
},
{
"url": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877",
"refsource": "MISC",
"name": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877"
},
{
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1",
"refsource": "MISC",
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1"
},
{
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1",
"refsource": "MISC",
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1"
}
]
},
"source": {
"advisory": "GHSA-9358-cpvx-c2qp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}