Auto-Update: 2023-09-11T23:55:26.249370+00:00

2025-05-07 03:02:20 +00:00 · 2023-09-11 23:55:29 +00:00 · 2023-09-11 23:55:29 +00:00 · 073de65bd2
commit 073de65bd2
parent 453819be58
7 changed files with 148 additions and 40 deletions
--- a/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json
+++ b/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json
@ -2,8 +2,8 @@
  "id": "CVE-2021-39473",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-11-04T19:15:10.813",
-  "lastModified": "2022-11-07T02:20:50.473",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-11T22:15:07.680",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -64,6 +64,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://github.com/BrunoTeixeira1996/CVE-2021-39473",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/Saibamen/HotelManager",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38878.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38878.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-38878",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-11T22:15:08.023",
+  "lastModified": "2023-09-11T22:15:08.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/devcode-it/openstamanager",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openstamanager.com/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-390xx/CVE-2023-39069.json
+++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39069.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-39069",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-11T23:15:07.480",
+  "lastModified": "2023-09-11T23:15:07.480",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json
+++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-41635",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-31T14:15:08.763",
-  "lastModified": "2023-09-05T18:15:24.443",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-11T22:15:08.103",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -64,6 +64,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json
+++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-41640",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-31T14:15:08.977",
-  "lastModified": "2023-09-05T18:05:32.360",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-11T22:15:08.193",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -64,6 +64,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41640%20%7C%20RealGimm%20-%20Information%20disclosure.md",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-418xx/CVE-2023-41879.json
+++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41879.json
@ -0,0 +1,71 @@
+{
+  "id": "CVE-2023-41879",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-09-11T22:15:08.267",
+  "lastModified": "2023-09-11T22:15:08.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a \"guest-view\" cookie which contains the order's \"protect_code\". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-330"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-11T22:00:25.044541+00:00
+2023-09-11T23:55:26.249370+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-11T21:15:42.870000+00:00
+2023-09-11T23:15:07.480000+00:00
 ```

 ### Last Data Feed Release
@ -29,48 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-224675
+224678
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `42`
+Recently added CVEs: `3`

-* [CVE-2023-4294](CVE-2023/CVE-2023-42xx/CVE-2023-4294.json) (`2023-09-11T20:15:11.973`)
-* [CVE-2023-4307](CVE-2023/CVE-2023-43xx/CVE-2023-4307.json) (`2023-09-11T20:15:12.117`)
-* [CVE-2023-4314](CVE-2023/CVE-2023-43xx/CVE-2023-4314.json) (`2023-09-11T20:15:12.310`)
-* [CVE-2023-4318](CVE-2023/CVE-2023-43xx/CVE-2023-4318.json) (`2023-09-11T20:15:12.463`)
-* [CVE-2023-35658](CVE-2023/CVE-2023-356xx/CVE-2023-35658.json) (`2023-09-11T21:15:41.660`)
-* [CVE-2023-35664](CVE-2023/CVE-2023-356xx/CVE-2023-35664.json) (`2023-09-11T21:15:41.727`)
-* [CVE-2023-35665](CVE-2023/CVE-2023-356xx/CVE-2023-35665.json) (`2023-09-11T21:15:41.787`)
-* [CVE-2023-35666](CVE-2023/CVE-2023-356xx/CVE-2023-35666.json) (`2023-09-11T21:15:41.847`)
-* [CVE-2023-35667](CVE-2023/CVE-2023-356xx/CVE-2023-35667.json) (`2023-09-11T21:15:41.903`)
-* [CVE-2023-35669](CVE-2023/CVE-2023-356xx/CVE-2023-35669.json) (`2023-09-11T21:15:41.960`)
-* [CVE-2023-35670](CVE-2023/CVE-2023-356xx/CVE-2023-35670.json) (`2023-09-11T21:15:42.020`)
-* [CVE-2023-35671](CVE-2023/CVE-2023-356xx/CVE-2023-35671.json) (`2023-09-11T21:15:42.080`)
-* [CVE-2023-35673](CVE-2023/CVE-2023-356xx/CVE-2023-35673.json) (`2023-09-11T21:15:42.137`)
-* [CVE-2023-35674](CVE-2023/CVE-2023-356xx/CVE-2023-35674.json) (`2023-09-11T21:15:42.193`)
-* [CVE-2023-35675](CVE-2023/CVE-2023-356xx/CVE-2023-35675.json) (`2023-09-11T21:15:42.253`)
-* [CVE-2023-35676](CVE-2023/CVE-2023-356xx/CVE-2023-35676.json) (`2023-09-11T21:15:42.313`)
-* [CVE-2023-35677](CVE-2023/CVE-2023-356xx/CVE-2023-35677.json) (`2023-09-11T21:15:42.367`)
-* [CVE-2023-35679](CVE-2023/CVE-2023-356xx/CVE-2023-35679.json) (`2023-09-11T21:15:42.427`)
-* [CVE-2023-35680](CVE-2023/CVE-2023-356xx/CVE-2023-35680.json) (`2023-09-11T21:15:42.490`)
-* [CVE-2023-35681](CVE-2023/CVE-2023-356xx/CVE-2023-35681.json) (`2023-09-11T21:15:42.543`)
-* [CVE-2023-35682](CVE-2023/CVE-2023-356xx/CVE-2023-35682.json) (`2023-09-11T21:15:42.597`)
-* [CVE-2023-35683](CVE-2023/CVE-2023-356xx/CVE-2023-35683.json) (`2023-09-11T21:15:42.660`)
-* [CVE-2023-35684](CVE-2023/CVE-2023-356xx/CVE-2023-35684.json) (`2023-09-11T21:15:42.717`)
-* [CVE-2023-35687](CVE-2023/CVE-2023-356xx/CVE-2023-35687.json) (`2023-09-11T21:15:42.773`)
-* [CVE-2023-4897](CVE-2023/CVE-2023-48xx/CVE-2023-4897.json) (`2023-09-11T21:15:42.870`)
+* [CVE-2023-38878](CVE-2023/CVE-2023-388xx/CVE-2023-38878.json) (`2023-09-11T22:15:08.023`)
+* [CVE-2023-41879](CVE-2023/CVE-2023-418xx/CVE-2023-41879.json) (`2023-09-11T22:15:08.267`)
+* [CVE-2023-39069](CVE-2023/CVE-2023-390xx/CVE-2023-39069.json) (`2023-09-11T23:15:07.480`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `4`
+Recently modified CVEs: `3`

-* [CVE-2022-47966](CVE-2022/CVE-2022-479xx/CVE-2022-47966.json) (`2023-09-11T20:15:07.817`)
-* [CVE-2023-41932](CVE-2023/CVE-2023-419xx/CVE-2023-41932.json) (`2023-09-11T20:07:12.583`)
-* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T20:15:08.767`)
-* [CVE-2023-41933](CVE-2023/CVE-2023-419xx/CVE-2023-41933.json) (`2023-09-11T20:33:28.030`)
+* [CVE-2021-39473](CVE-2021/CVE-2021-394xx/CVE-2021-39473.json) (`2023-09-11T22:15:07.680`)
+* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-09-11T22:15:08.103`)
+* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-09-11T22:15:08.193`)


 ## Download and Usage