From 073de65bd234524a0a3c4bb804be5dc2e6edf537 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 11 Sep 2023 23:55:29 +0000 Subject: [PATCH] Auto-Update: 2023-09-11T23:55:26.249370+00:00 --- CVE-2021/CVE-2021-394xx/CVE-2021-39473.json | 8 ++- CVE-2023/CVE-2023-388xx/CVE-2023-38878.json | 28 ++++++++ CVE-2023/CVE-2023-390xx/CVE-2023-39069.json | 20 ++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41635.json | 8 ++- CVE-2023/CVE-2023-416xx/CVE-2023-41640.json | 8 ++- CVE-2023/CVE-2023-418xx/CVE-2023-41879.json | 71 +++++++++++++++++++++ README.md | 45 ++++--------- 7 files changed, 148 insertions(+), 40 deletions(-) create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38878.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39069.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41879.json diff --git a/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json b/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json index e636d1a48cd..38e210d7522 100644 --- a/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json +++ b/CVE-2021/CVE-2021-394xx/CVE-2021-39473.json @@ -2,8 +2,8 @@ "id": "CVE-2021-39473", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-04T19:15:10.813", - "lastModified": "2022-11-07T02:20:50.473", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T22:15:07.680", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "https://github.com/BrunoTeixeira1996/CVE-2021-39473", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Saibamen/HotelManager", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38878.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38878.json new file mode 100644 index 00000000000..16d22caaa63 --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38878.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-38878", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T22:15:08.023", + "lastModified": "2023-09-11T22:15:08.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/devcode-it/openstamanager", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878", + "source": "cve@mitre.org" + }, + { + "url": "https://openstamanager.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39069.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39069.json new file mode 100644 index 00000000000..b15d850b154 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39069.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39069", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T23:15:07.480", + "lastModified": "2023-09-11T23:15:07.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json index 9eaa2d5ed9a..20bf90be070 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41635", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.763", - "lastModified": "2023-09-05T18:15:24.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T22:15:08.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md", + "source": "cve@mitre.org" + }, { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json index 0c02db8c7d1..cb39b263ef2 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41640", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.977", - "lastModified": "2023-09-05T18:05:32.360", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T22:15:08.193", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41640%20%7C%20RealGimm%20-%20Information%20disclosure.md", + "source": "cve@mitre.org" + }, { "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41879.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41879.json new file mode 100644 index 00000000000..2c6dc809407 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41879.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-41879", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-11T22:15:08.267", + "lastModified": "2023-09-11T22:15:08.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a \"guest-view\" cookie which contains the order's \"protect_code\". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1c1e71ff683..66dbdb37525 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-11T22:00:25.044541+00:00 +2023-09-11T23:55:26.249370+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-11T21:15:42.870000+00:00 +2023-09-11T23:15:07.480000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224675 +224678 ``` ### CVEs added in the last Commit -Recently added CVEs: `42` +Recently added CVEs: `3` -* [CVE-2023-4294](CVE-2023/CVE-2023-42xx/CVE-2023-4294.json) (`2023-09-11T20:15:11.973`) -* [CVE-2023-4307](CVE-2023/CVE-2023-43xx/CVE-2023-4307.json) (`2023-09-11T20:15:12.117`) -* [CVE-2023-4314](CVE-2023/CVE-2023-43xx/CVE-2023-4314.json) (`2023-09-11T20:15:12.310`) -* [CVE-2023-4318](CVE-2023/CVE-2023-43xx/CVE-2023-4318.json) (`2023-09-11T20:15:12.463`) -* [CVE-2023-35658](CVE-2023/CVE-2023-356xx/CVE-2023-35658.json) (`2023-09-11T21:15:41.660`) -* [CVE-2023-35664](CVE-2023/CVE-2023-356xx/CVE-2023-35664.json) (`2023-09-11T21:15:41.727`) -* [CVE-2023-35665](CVE-2023/CVE-2023-356xx/CVE-2023-35665.json) (`2023-09-11T21:15:41.787`) -* [CVE-2023-35666](CVE-2023/CVE-2023-356xx/CVE-2023-35666.json) (`2023-09-11T21:15:41.847`) -* [CVE-2023-35667](CVE-2023/CVE-2023-356xx/CVE-2023-35667.json) (`2023-09-11T21:15:41.903`) -* [CVE-2023-35669](CVE-2023/CVE-2023-356xx/CVE-2023-35669.json) (`2023-09-11T21:15:41.960`) -* [CVE-2023-35670](CVE-2023/CVE-2023-356xx/CVE-2023-35670.json) (`2023-09-11T21:15:42.020`) -* [CVE-2023-35671](CVE-2023/CVE-2023-356xx/CVE-2023-35671.json) (`2023-09-11T21:15:42.080`) -* [CVE-2023-35673](CVE-2023/CVE-2023-356xx/CVE-2023-35673.json) (`2023-09-11T21:15:42.137`) -* [CVE-2023-35674](CVE-2023/CVE-2023-356xx/CVE-2023-35674.json) (`2023-09-11T21:15:42.193`) -* [CVE-2023-35675](CVE-2023/CVE-2023-356xx/CVE-2023-35675.json) (`2023-09-11T21:15:42.253`) -* [CVE-2023-35676](CVE-2023/CVE-2023-356xx/CVE-2023-35676.json) (`2023-09-11T21:15:42.313`) -* [CVE-2023-35677](CVE-2023/CVE-2023-356xx/CVE-2023-35677.json) (`2023-09-11T21:15:42.367`) -* [CVE-2023-35679](CVE-2023/CVE-2023-356xx/CVE-2023-35679.json) (`2023-09-11T21:15:42.427`) -* [CVE-2023-35680](CVE-2023/CVE-2023-356xx/CVE-2023-35680.json) (`2023-09-11T21:15:42.490`) -* [CVE-2023-35681](CVE-2023/CVE-2023-356xx/CVE-2023-35681.json) (`2023-09-11T21:15:42.543`) -* [CVE-2023-35682](CVE-2023/CVE-2023-356xx/CVE-2023-35682.json) (`2023-09-11T21:15:42.597`) -* [CVE-2023-35683](CVE-2023/CVE-2023-356xx/CVE-2023-35683.json) (`2023-09-11T21:15:42.660`) -* [CVE-2023-35684](CVE-2023/CVE-2023-356xx/CVE-2023-35684.json) (`2023-09-11T21:15:42.717`) -* [CVE-2023-35687](CVE-2023/CVE-2023-356xx/CVE-2023-35687.json) (`2023-09-11T21:15:42.773`) -* [CVE-2023-4897](CVE-2023/CVE-2023-48xx/CVE-2023-4897.json) (`2023-09-11T21:15:42.870`) +* [CVE-2023-38878](CVE-2023/CVE-2023-388xx/CVE-2023-38878.json) (`2023-09-11T22:15:08.023`) +* [CVE-2023-41879](CVE-2023/CVE-2023-418xx/CVE-2023-41879.json) (`2023-09-11T22:15:08.267`) +* [CVE-2023-39069](CVE-2023/CVE-2023-390xx/CVE-2023-39069.json) (`2023-09-11T23:15:07.480`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `3` -* [CVE-2022-47966](CVE-2022/CVE-2022-479xx/CVE-2022-47966.json) (`2023-09-11T20:15:07.817`) -* [CVE-2023-41932](CVE-2023/CVE-2023-419xx/CVE-2023-41932.json) (`2023-09-11T20:07:12.583`) -* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T20:15:08.767`) -* [CVE-2023-41933](CVE-2023/CVE-2023-419xx/CVE-2023-41933.json) (`2023-09-11T20:33:28.030`) +* [CVE-2021-39473](CVE-2021/CVE-2021-394xx/CVE-2021-39473.json) (`2023-09-11T22:15:07.680`) +* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-09-11T22:15:08.103`) +* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-09-11T22:15:08.193`) ## Download and Usage