admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-11T23:55:26.249370+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-11 23:55:29 +00:00
parent 453819be58
commit 073de65bd2
7 changed files with 148 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-394xx/CVE-2021-39473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-39473", "id": "CVE-2021-39473",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-04T19:15:10.813", "published": "2022-11-04T19:15:10.813",
"lastModified": "2022-11-07T02:20:50.473", "lastModified": "2023-09-11T22:15:07.680",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -64,6 +64,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://github.com/BrunoTeixeira1996/CVE-2021-39473",
"source": "cve@mitre.org"
},
{ {
"url": "https://github.com/Saibamen/HotelManager", "url": "https://github.com/Saibamen/HotelManager",
"source": "cve@mitre.org", "source": "cve@mitre.org",

28
CVE-2023/CVE-2023-388xx/CVE-2023-38878.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-38878",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T22:15:08.023",
"lastModified": "2023-09-11T22:15:08.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/devcode-it/openstamanager",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878",
"source": "cve@mitre.org"
},
{
"url": "https://openstamanager.com/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39069.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39069",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T23:15:07.480",
"lastModified": "2023-09-11T23:15:07.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-416xx/CVE-2023-41635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41635", "id": "CVE-2023-41635",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.763", "published": "2023-08-31T14:15:08.763",
"lastModified": "2023-09-05T18:15:24.443", "lastModified": "2023-09-11T22:15:08.103",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -64,6 +64,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41635%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
"source": "cve@mitre.org"
},
{ {
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md", "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20XML%20External%20Entity%20Injection.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

8
CVE-2023/CVE-2023-416xx/CVE-2023-41640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41640", "id": "CVE-2023-41640",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.977", "published": "2023-08-31T14:15:08.977",
"lastModified": "2023-09-05T18:05:32.360", "lastModified": "2023-09-11T22:15:08.193",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -64,6 +64,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41640%20%7C%20RealGimm%20-%20Information%20disclosure.md",
"source": "cve@mitre.org"
},
{ {
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md", "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Information%20disclosure.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

71
CVE-2023/CVE-2023-418xx/CVE-2023-41879.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-41879",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-11T22:15:08.267",
"lastModified": "2023-09-11T22:15:08.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a \"guest-view\" cookie which contains the order's \"protect_code\". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp",
"source": "security-advisories@github.com"
}
]
}

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-11T22:00:25.044541+00:00 2023-09-11T23:55:26.249370+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-11T21:15:42.870000+00:00 2023-09-11T23:15:07.480000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,48 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
224675 224678
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `42` Recently added CVEs: `3`
* [CVE-2023-4294](CVE-2023/CVE-2023-42xx/CVE-2023-4294.json) (`2023-09-11T20:15:11.973`) * [CVE-2023-38878](CVE-2023/CVE-2023-388xx/CVE-2023-38878.json) (`2023-09-11T22:15:08.023`)
* [CVE-2023-4307](CVE-2023/CVE-2023-43xx/CVE-2023-4307.json) (`2023-09-11T20:15:12.117`) * [CVE-2023-41879](CVE-2023/CVE-2023-418xx/CVE-2023-41879.json) (`2023-09-11T22:15:08.267`)
* [CVE-2023-4314](CVE-2023/CVE-2023-43xx/CVE-2023-4314.json) (`2023-09-11T20:15:12.310`) * [CVE-2023-39069](CVE-2023/CVE-2023-390xx/CVE-2023-39069.json) (`2023-09-11T23:15:07.480`)
* [CVE-2023-4318](CVE-2023/CVE-2023-43xx/CVE-2023-4318.json) (`2023-09-11T20:15:12.463`)
* [CVE-2023-35658](CVE-2023/CVE-2023-356xx/CVE-2023-35658.json) (`2023-09-11T21:15:41.660`)
* [CVE-2023-35664](CVE-2023/CVE-2023-356xx/CVE-2023-35664.json) (`2023-09-11T21:15:41.727`)
* [CVE-2023-35665](CVE-2023/CVE-2023-356xx/CVE-2023-35665.json) (`2023-09-11T21:15:41.787`)
* [CVE-2023-35666](CVE-2023/CVE-2023-356xx/CVE-2023-35666.json) (`2023-09-11T21:15:41.847`)
* [CVE-2023-35667](CVE-2023/CVE-2023-356xx/CVE-2023-35667.json) (`2023-09-11T21:15:41.903`)
* [CVE-2023-35669](CVE-2023/CVE-2023-356xx/CVE-2023-35669.json) (`2023-09-11T21:15:41.960`)
* [CVE-2023-35670](CVE-2023/CVE-2023-356xx/CVE-2023-35670.json) (`2023-09-11T21:15:42.020`)
* [CVE-2023-35671](CVE-2023/CVE-2023-356xx/CVE-2023-35671.json) (`2023-09-11T21:15:42.080`)
* [CVE-2023-35673](CVE-2023/CVE-2023-356xx/CVE-2023-35673.json) (`2023-09-11T21:15:42.137`)
* [CVE-2023-35674](CVE-2023/CVE-2023-356xx/CVE-2023-35674.json) (`2023-09-11T21:15:42.193`)
* [CVE-2023-35675](CVE-2023/CVE-2023-356xx/CVE-2023-35675.json) (`2023-09-11T21:15:42.253`)
* [CVE-2023-35676](CVE-2023/CVE-2023-356xx/CVE-2023-35676.json) (`2023-09-11T21:15:42.313`)
* [CVE-2023-35677](CVE-2023/CVE-2023-356xx/CVE-2023-35677.json) (`2023-09-11T21:15:42.367`)
* [CVE-2023-35679](CVE-2023/CVE-2023-356xx/CVE-2023-35679.json) (`2023-09-11T21:15:42.427`)
* [CVE-2023-35680](CVE-2023/CVE-2023-356xx/CVE-2023-35680.json) (`2023-09-11T21:15:42.490`)
* [CVE-2023-35681](CVE-2023/CVE-2023-356xx/CVE-2023-35681.json) (`2023-09-11T21:15:42.543`)
* [CVE-2023-35682](CVE-2023/CVE-2023-356xx/CVE-2023-35682.json) (`2023-09-11T21:15:42.597`)
* [CVE-2023-35683](CVE-2023/CVE-2023-356xx/CVE-2023-35683.json) (`2023-09-11T21:15:42.660`)
* [CVE-2023-35684](CVE-2023/CVE-2023-356xx/CVE-2023-35684.json) (`2023-09-11T21:15:42.717`)
* [CVE-2023-35687](CVE-2023/CVE-2023-356xx/CVE-2023-35687.json) (`2023-09-11T21:15:42.773`)
* [CVE-2023-4897](CVE-2023/CVE-2023-48xx/CVE-2023-4897.json) (`2023-09-11T21:15:42.870`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `4` Recently modified CVEs: `3`
* [CVE-2022-47966](CVE-2022/CVE-2022-479xx/CVE-2022-47966.json) (`2023-09-11T20:15:07.817`) * [CVE-2021-39473](CVE-2021/CVE-2021-394xx/CVE-2021-39473.json) (`2023-09-11T22:15:07.680`)
* [CVE-2023-41932](CVE-2023/CVE-2023-419xx/CVE-2023-41932.json) (`2023-09-11T20:07:12.583`) * [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-09-11T22:15:08.103`)
* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T20:15:08.767`) * [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-09-11T22:15:08.193`)
* [CVE-2023-41933](CVE-2023/CVE-2023-419xx/CVE-2023-41933.json) (`2023-09-11T20:33:28.030`)
## Download and Usage ## Download and Usage