Auto-Update: 2023-10-02T23:55:24.052218+00:00

2025-07-09 16:05:11 +00:00 · 2023-10-02 23:55:27 +00:00 · 2023-10-02 23:55:27 +00:00 · afab870c40
commit afab870c40
parent 43a8f47733
10 changed files with 267 additions and 42 deletions
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28372.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28372.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-28372",
+  "sourceIdentifier": "psirt@purestorage.com",
+  "published": "2023-10-02T23:15:12.293",
+  "lastModified": "2023-10-02T23:15:12.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can  affect the availability of the object lock.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@purestorage.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372",
+      "source": "psirt@purestorage.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-310xx/CVE-2023-31042.json
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31042.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-31042",
+  "sourceIdentifier": "psirt@purestorage.com",
+  "published": "2023-10-02T23:15:12.397",
+  "lastModified": "2023-10-02T23:15:12.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@purestorage.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042",
+      "source": "psirt@purestorage.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-366xx/CVE-2023-36627.json
+++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36627.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-36627",
+  "sourceIdentifier": "psirt@purestorage.com",
+  "published": "2023-10-02T23:15:12.470",
+  "lastModified": "2023-10-02T23:15:12.470",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@purestorage.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627",
+      "source": "psirt@purestorage.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-438xx/CVE-2023-43891.json
+++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43891.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43891",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T22:15:09.933",
+  "lastModified": "2023-10-02T22:15:09.933",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20in%20changing%20password%20feature.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-438xx/CVE-2023-43892.json
+++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43892.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43892",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T22:15:10.137",
+  "lastModified": "2023-10-02T22:15:10.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20hostname%20parameter%20in%20wan%20settings.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-438xx/CVE-2023-43893.json
+++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43893.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43893",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T22:15:10.187",
+  "lastModified": "2023-10-02T22:15:10.187",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20wake%20on%20lan%20functionality%20in%20wakeup_mac%20parameter.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json
+++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43980.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43980",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T23:15:12.533",
+  "lastModified": "2023-10-02T23:15:12.533",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-440xx/CVE-2023-44011.json
+++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44011.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-44011",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T22:15:10.233",
+  "lastModified": "2023-10-02T22:15:10.233",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44011",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-440xx/CVE-2023-44012.json
+++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44012.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-44012",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-02T22:15:10.280",
+  "lastModified": "2023-10-02T22:15:10.280",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44012",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-02T22:00:24.615811+00:00
+2023-10-02T23:55:24.052218+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-02T21:15:34.663000+00:00
+2023-10-02T23:15:12.533000+00:00
 ```

 ### Last Data Feed Release
@ -29,56 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226770
+226779
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `12`
+Recently added CVEs: `9`

-* [CVE-2023-3592](CVE-2023/CVE-2023-35xx/CVE-2023-3592.json) (`2023-10-02T20:15:10.123`)
-* [CVE-2023-43835](CVE-2023/CVE-2023-438xx/CVE-2023-43835.json) (`2023-10-02T20:15:10.187`)
-* [CVE-2023-43890](CVE-2023/CVE-2023-438xx/CVE-2023-43890.json) (`2023-10-02T20:15:10.233`)
-* [CVE-2023-44463](CVE-2023/CVE-2023-444xx/CVE-2023-44463.json) (`2023-10-02T20:15:10.277`)
-* [CVE-2023-5344](CVE-2023/CVE-2023-53xx/CVE-2023-5344.json) (`2023-10-02T20:15:10.327`)
-* [CVE-2023-43267](CVE-2023/CVE-2023-432xx/CVE-2023-43267.json) (`2023-10-02T21:15:34.377`)
-* [CVE-2023-43268](CVE-2023/CVE-2023-432xx/CVE-2023-43268.json) (`2023-10-02T21:15:34.430`)
-* [CVE-2023-43297](CVE-2023/CVE-2023-432xx/CVE-2023-43297.json) (`2023-10-02T21:15:34.480`)
-* [CVE-2023-43361](CVE-2023/CVE-2023-433xx/CVE-2023-43361.json) (`2023-10-02T21:15:34.520`)
-* [CVE-2023-43836](CVE-2023/CVE-2023-438xx/CVE-2023-43836.json) (`2023-10-02T21:15:34.567`)
-* [CVE-2023-44008](CVE-2023/CVE-2023-440xx/CVE-2023-44008.json) (`2023-10-02T21:15:34.617`)
-* [CVE-2023-44009](CVE-2023/CVE-2023-440xx/CVE-2023-44009.json) (`2023-10-02T21:15:34.663`)
+* [CVE-2023-43891](CVE-2023/CVE-2023-438xx/CVE-2023-43891.json) (`2023-10-02T22:15:09.933`)
+* [CVE-2023-43892](CVE-2023/CVE-2023-438xx/CVE-2023-43892.json) (`2023-10-02T22:15:10.137`)
+* [CVE-2023-43893](CVE-2023/CVE-2023-438xx/CVE-2023-43893.json) (`2023-10-02T22:15:10.187`)
+* [CVE-2023-44011](CVE-2023/CVE-2023-440xx/CVE-2023-44011.json) (`2023-10-02T22:15:10.233`)
+* [CVE-2023-44012](CVE-2023/CVE-2023-440xx/CVE-2023-44012.json) (`2023-10-02T22:15:10.280`)
+* [CVE-2023-28372](CVE-2023/CVE-2023-283xx/CVE-2023-28372.json) (`2023-10-02T23:15:12.293`)
+* [CVE-2023-31042](CVE-2023/CVE-2023-310xx/CVE-2023-31042.json) (`2023-10-02T23:15:12.397`)
+* [CVE-2023-36627](CVE-2023/CVE-2023-366xx/CVE-2023-36627.json) (`2023-10-02T23:15:12.470`)
+* [CVE-2023-43980](CVE-2023/CVE-2023-439xx/CVE-2023-43980.json) (`2023-10-02T23:15:12.533`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `73`
+Recently modified CVEs: `0`

-* [CVE-2023-43727](CVE-2023/CVE-2023-437xx/CVE-2023-43727.json) (`2023-10-02T20:23:35.937`)
-* [CVE-2023-43726](CVE-2023/CVE-2023-437xx/CVE-2023-43726.json) (`2023-10-02T20:23:42.153`)
-* [CVE-2023-43725](CVE-2023/CVE-2023-437xx/CVE-2023-43725.json) (`2023-10-02T20:23:49.507`)
-* [CVE-2023-43724](CVE-2023/CVE-2023-437xx/CVE-2023-43724.json) (`2023-10-02T20:23:55.357`)
-* [CVE-2023-43723](CVE-2023/CVE-2023-437xx/CVE-2023-43723.json) (`2023-10-02T20:24:01.857`)
-* [CVE-2023-43722](CVE-2023/CVE-2023-437xx/CVE-2023-43722.json) (`2023-10-02T20:24:07.800`)
-* [CVE-2023-43721](CVE-2023/CVE-2023-437xx/CVE-2023-43721.json) (`2023-10-02T20:24:12.980`)
-* [CVE-2023-43720](CVE-2023/CVE-2023-437xx/CVE-2023-43720.json) (`2023-10-02T20:24:18.953`)
-* [CVE-2023-43735](CVE-2023/CVE-2023-437xx/CVE-2023-43735.json) (`2023-10-02T20:24:51.227`)
-* [CVE-2023-43734](CVE-2023/CVE-2023-437xx/CVE-2023-43734.json) (`2023-10-02T20:24:59.287`)
-* [CVE-2023-43733](CVE-2023/CVE-2023-437xx/CVE-2023-43733.json) (`2023-10-02T20:25:05.513`)
-* [CVE-2023-43730](CVE-2023/CVE-2023-437xx/CVE-2023-43730.json) (`2023-10-02T20:25:14.447`)
-* [CVE-2023-43732](CVE-2023/CVE-2023-437xx/CVE-2023-43732.json) (`2023-10-02T20:25:22.140`)
-* [CVE-2023-43731](CVE-2023/CVE-2023-437xx/CVE-2023-43731.json) (`2023-10-02T20:25:27.757`)
-* [CVE-2023-43729](CVE-2023/CVE-2023-437xx/CVE-2023-43729.json) (`2023-10-02T20:25:31.980`)
-* [CVE-2023-43728](CVE-2023/CVE-2023-437xx/CVE-2023-43728.json) (`2023-10-02T20:25:37.520`)
-* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-10-02T20:25:54.513`)
-* [CVE-2023-5323](CVE-2023/CVE-2023-53xx/CVE-2023-5323.json) (`2023-10-02T20:26:24.737`)
-* [CVE-2023-5112](CVE-2023/CVE-2023-51xx/CVE-2023-5112.json) (`2023-10-02T20:26:32.583`)
-* [CVE-2023-4659](CVE-2023/CVE-2023-46xx/CVE-2023-4659.json) (`2023-10-02T20:26:54.460`)
-* [CVE-2023-0809](CVE-2023/CVE-2023-08xx/CVE-2023-0809.json) (`2023-10-02T20:26:54.460`)
-* [CVE-2023-37605](CVE-2023/CVE-2023-376xx/CVE-2023-37605.json) (`2023-10-02T20:26:54.460`)
-* [CVE-2023-44080](CVE-2023/CVE-2023-440xx/CVE-2023-44080.json) (`2023-10-02T20:30:36.210`)
-* [CVE-2023-38873](CVE-2023/CVE-2023-388xx/CVE-2023-38873.json) (`2023-10-02T20:48:21.003`)
-* [CVE-2023-44273](CVE-2023/CVE-2023-442xx/CVE-2023-44273.json) (`2023-10-02T21:06:10.147`)


 ## Download and Usage