diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22363.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22363.json new file mode 100644 index 00000000000..a8d374b4ed4 --- /dev/null +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22363.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22363", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2023-07-25T00:15:09.540", + "lastModified": "2023-07-25T00:15:09.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json new file mode 100644 index 00000000000..0f6fc60e3ee --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25074", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2023-07-25T00:15:09.637", + "lastModified": "2023-07-25T00:15:09.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25704", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32231.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32231.json new file mode 100644 index 00000000000..13fdc346cd7 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32231.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32231", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-25T01:15:09.107", + "lastModified": "2023-07-25T01:15:09.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\\Windows\\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm", + "source": "cve@mitre.org" + }, + { + "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm", + "source": "cve@mitre.org" + }, + { + "url": "https://www.vasion.com/press-releases/printerlogic-rebrands", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32232.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32232.json new file mode 100644 index 00000000000..01d21958664 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32232.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32232", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-25T01:15:09.177", + "lastModified": "2023-07-25T01:15:09.177", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm", + "source": "cve@mitre.org" + }, + { + "url": "https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm", + "source": "cve@mitre.org" + }, + { + "url": "https://www.vasion.com/press-releases/printerlogic-rebrands", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33777.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33777.json new file mode 100644 index 00000000000..159ca1dd0ca --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33777.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33777", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-25T01:15:09.240", + "lastModified": "2023-07-25T01:15:09.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://addons.prestashop.com/fr/marketplace/2501-amazon-market-place.html", + "source": "cve@mitre.org" + }, + { + "url": "https://security.friendsofpresta.org/modules/2023/07/13/amazon.html?_sm_pdc=1&_sm_rid=8j3vvHn3kPrR9r7QVvHpFPR9WHVDpvvHP9PLPMj", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json index 7e9313d33af..ea39a6b195d 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36339.json @@ -2,12 +2,12 @@ "id": "CVE-2023-36339", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-21T20:15:15.887", - "lastModified": "2023-07-24T13:09:06.887", + "lastModified": "2023-07-25T01:15:09.300", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup Tool via a crafted GET request." + "value": "An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37361.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37361.json new file mode 100644 index 00000000000..f01cd9ebdb4 --- /dev/null +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37361.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37361", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-25T01:15:09.377", + "lastModified": "2023-07-25T01:15:09.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://trustwave.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json index 796015372ef..7f9851c18ed 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37742.json @@ -2,12 +2,12 @@ "id": "CVE-2023-37742", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-21T16:15:09.987", - "lastModified": "2023-07-24T13:09:06.887", + "lastModified": "2023-07-25T01:15:09.430", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability." + "value": "WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3873.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3873.json new file mode 100644 index 00000000000..1ac2b94ae18 --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3873.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3873", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-25T00:15:09.720", + "lastModified": "2023-07-25T00:15:09.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235235." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nagenanhai/cve/blob/main/3.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.235235", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.235235", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3874.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3874.json new file mode 100644 index 00000000000..8e4ed7522ca --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3874.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3874", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-25T01:15:09.617", + "lastModified": "2023-07-25T01:15:09.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%206.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.235236", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.235236", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c8eda2da3e3..fff461a8a79 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-24T23:55:25.109002+00:00 +2023-07-25T02:00:25.608267+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-24T23:15:11.230000+00:00 +2023-07-25T01:15:09.617000+00:00 ``` ### Last Data Feed Release @@ -23,29 +23,35 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-24T00:00:13.565398+00:00 +2023-07-25T00:00:13.559776+00:00 ``` ### Total Number of included CVEs ```plain -220935 +220943 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `8` -* [CVE-2023-26045](CVE-2023/CVE-2023-260xx/CVE-2023-26045.json) (`2023-07-24T22:15:10.033`) -* [CVE-2023-3871](CVE-2023/CVE-2023-38xx/CVE-2023-3871.json) (`2023-07-24T22:15:11.363`) -* [CVE-2023-3872](CVE-2023/CVE-2023-38xx/CVE-2023-3872.json) (`2023-07-24T22:15:11.867`) -* [CVE-2023-22428](CVE-2023/CVE-2023-224xx/CVE-2023-22428.json) (`2023-07-24T23:15:11.230`) +* [CVE-2023-22363](CVE-2023/CVE-2023-223xx/CVE-2023-22363.json) (`2023-07-25T00:15:09.540`) +* [CVE-2023-25074](CVE-2023/CVE-2023-250xx/CVE-2023-25074.json) (`2023-07-25T00:15:09.637`) +* [CVE-2023-3873](CVE-2023/CVE-2023-38xx/CVE-2023-3873.json) (`2023-07-25T00:15:09.720`) +* [CVE-2023-32231](CVE-2023/CVE-2023-322xx/CVE-2023-32231.json) (`2023-07-25T01:15:09.107`) +* [CVE-2023-32232](CVE-2023/CVE-2023-322xx/CVE-2023-32232.json) (`2023-07-25T01:15:09.177`) +* [CVE-2023-33777](CVE-2023/CVE-2023-337xx/CVE-2023-33777.json) (`2023-07-25T01:15:09.240`) +* [CVE-2023-37361](CVE-2023/CVE-2023-373xx/CVE-2023-37361.json) (`2023-07-25T01:15:09.377`) +* [CVE-2023-3874](CVE-2023/CVE-2023-38xx/CVE-2023-3874.json) (`2023-07-25T01:15:09.617`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +* [CVE-2023-36339](CVE-2023/CVE-2023-363xx/CVE-2023-36339.json) (`2023-07-25T01:15:09.300`) +* [CVE-2023-37742](CVE-2023/CVE-2023-377xx/CVE-2023-37742.json) (`2023-07-25T01:15:09.430`) ## Download and Usage