Auto-Update: 2023-07-25T02:00:25.608267+00:00

2025-07-09 16:05:11 +00:00 · 2023-07-25 02:00:29 +00:00 · 2023-07-25 02:00:29 +00:00 · a100a84d8b
commit a100a84d8b
parent e10c2b2f08
11 changed files with 410 additions and 14 deletions
--- a/CVE-2023/CVE-2023-223xx/CVE-2023-22363.json
+++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22363.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-22363",
+  "sourceIdentifier": "disclosures@gallagher.com",
+  "published": "2023-07-25T00:15:09.540",
+  "lastModified": "2023-07-25T00:15:09.540",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "disclosures@gallagher.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "disclosures@gallagher.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363",
+      "source": "disclosures@gallagher.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json
+++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-25074",
+  "sourceIdentifier": "disclosures@gallagher.com",
+  "published": "2023-07-25T00:15:09.637",
+  "lastModified": "2023-07-25T00:15:09.637",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "disclosures@gallagher.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "disclosures@gallagher.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25704",
+      "source": "disclosures@gallagher.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32231.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32231.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-32231",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-25T01:15:09.107",
+  "lastModified": "2023-07-25T01:15:09.107",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\\Windows\\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.vasion.com/press-releases/printerlogic-rebrands",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32232.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32232.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-32232",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-25T01:15:09.177",
+  "lastModified": "2023-07-25T01:15:09.177",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.vasion.com/press-releases/printerlogic-rebrands",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33777.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33777.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-33777",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-25T01:15:09.240",
+  "lastModified": "2023-07-25T01:15:09.240",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://addons.prestashop.com/fr/marketplace/2501-amazon-market-place.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/07/13/amazon.html?_sm_pdc=1&_sm_rid=8j3vvHn3kPrR9r7QVvHpFPR9WHVDpvvHP9PLPMj",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-36339",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-21T20:15:15.887",
-  "lastModified": "2023-07-24T13:09:06.887",
+  "lastModified": "2023-07-25T01:15:09.300",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup Tool via a crafted GET request."
+      "value": "An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request."
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-373xx/CVE-2023-37361.json
+++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37361.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-37361",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-25T01:15:09.377",
+  "lastModified": "2023-07-25T01:15:09.377",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://trustwave.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-37742",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-21T16:15:09.987",
-  "lastModified": "2023-07-24T13:09:06.887",
+  "lastModified": "2023-07-25T01:15:09.430",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability."
+      "value": "WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability."
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3873.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3873.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-3873",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-07-25T00:15:09.720",
+  "lastModified": "2023-07-25T00:15:09.720",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235235."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nagenanhai/cve/blob/main/3.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.235235",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.235235",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3874.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3874.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-3874",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-07-25T01:15:09.617",
+  "lastModified": "2023-07-25T01:15:09.617",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%206.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.235236",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.235236",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-24T23:55:25.109002+00:00
+2023-07-25T02:00:25.608267+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-24T23:15:11.230000+00:00
+2023-07-25T01:15:09.617000+00:00
 ```

 ### Last Data Feed Release
@ -23,29 +23,35 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-07-24T00:00:13.565398+00:00
+2023-07-25T00:00:13.559776+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-220935
+220943
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `8`

-* [CVE-2023-26045](CVE-2023/CVE-2023-260xx/CVE-2023-26045.json) (`2023-07-24T22:15:10.033`)
-* [CVE-2023-3871](CVE-2023/CVE-2023-38xx/CVE-2023-3871.json) (`2023-07-24T22:15:11.363`)
-* [CVE-2023-3872](CVE-2023/CVE-2023-38xx/CVE-2023-3872.json) (`2023-07-24T22:15:11.867`)
-* [CVE-2023-22428](CVE-2023/CVE-2023-224xx/CVE-2023-22428.json) (`2023-07-24T23:15:11.230`)
+* [CVE-2023-22363](CVE-2023/CVE-2023-223xx/CVE-2023-22363.json) (`2023-07-25T00:15:09.540`)
+* [CVE-2023-25074](CVE-2023/CVE-2023-250xx/CVE-2023-25074.json) (`2023-07-25T00:15:09.637`)
+* [CVE-2023-3873](CVE-2023/CVE-2023-38xx/CVE-2023-3873.json) (`2023-07-25T00:15:09.720`)
+* [CVE-2023-32231](CVE-2023/CVE-2023-322xx/CVE-2023-32231.json) (`2023-07-25T01:15:09.107`)
+* [CVE-2023-32232](CVE-2023/CVE-2023-322xx/CVE-2023-32232.json) (`2023-07-25T01:15:09.177`)
+* [CVE-2023-33777](CVE-2023/CVE-2023-337xx/CVE-2023-33777.json) (`2023-07-25T01:15:09.240`)
+* [CVE-2023-37361](CVE-2023/CVE-2023-373xx/CVE-2023-37361.json) (`2023-07-25T01:15:09.377`)
+* [CVE-2023-3874](CVE-2023/CVE-2023-38xx/CVE-2023-3874.json) (`2023-07-25T01:15:09.617`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `2`

+* [CVE-2023-36339](CVE-2023/CVE-2023-363xx/CVE-2023-36339.json) (`2023-07-25T01:15:09.300`)
+* [CVE-2023-37742](CVE-2023/CVE-2023-377xx/CVE-2023-37742.json) (`2023-07-25T01:15:09.430`)


 ## Download and Usage