Auto-Update: 2023-06-25T20:00:26.767837+00:00

CVE-2023/CVE-2023-33xx/CVE-2023-3396.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-3396",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-25T19:15:09.027",
+  "lastModified": "2023-06-25T19:15:09.027",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/bao22033/bao/blob/main/Retro%20Cellphone%20Online%20Store%20-%20vlun%201.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.232351",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.232351",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-366xx/CVE-2023-36632.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-36632",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-25T18:15:09.313",
+  "lastModified": "2023-06-25T18:15:09.313",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.python.org/3/library/email.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.python.org/3/library/email.utils.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/Daybreak2019/PoC_python3.9_Vul/blob/main/RecursionError-email.utils.parseaddr.py",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-25T18:00:25.227255+00:00
+2023-06-25T20:00:26.767837+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-25T17:15:14.187000+00:00
+2023-06-25T19:15:09.027000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,15 +29,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-218513
+218515
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-* [CVE-2015-20109](CVE-2015/CVE-2015-201xx/CVE-2015-20109.json) (`2023-06-25T17:15:14.187`)
-* [CVE-2023-36630](CVE-2023/CVE-2023-366xx/CVE-2023-36630.json) (`2023-06-25T16:15:09.480`)
+* [CVE-2023-36632](CVE-2023/CVE-2023-366xx/CVE-2023-36632.json) (`2023-06-25T18:15:09.313`)
+* [CVE-2023-3396](CVE-2023/CVE-2023-33xx/CVE-2023-3396.json) (`2023-06-25T19:15:09.027`)
 
 
 ### CVEs modified in the last Commit