Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Feb 13, 2024
1 parent dc1ffab commit 00d36ec
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,3 +168,13 @@ c7066a1278fbaaa7394cb5700fbf70e2
e4cf737008a30ca57ff4412f12dbe41b
060f7bf21981a500e82c1c0eefef12a8
8fa5a716a7437bfdae163da7d9ecc0e1
932602bf23ed6be6fa7cd58444930af1
42df8328796113c645b60c784cbbaf87
ed5cca03f52b4cfb895ff92a9211bad3
954baa39956472e2e4f25604d4de7005
3d503e6f01e58b930dbdd8267b9ccafa
7b1de36105bcebb60b0301f47e2b21aa
c82f8b94754d3c8405cad1cc1c24367c
f2f1e142d82a127a8a75009515df0d81
4e8a6504adf3b01184d90663573b87cd
fedcff969fe657533267a92fe0fa8bc9
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-02-13 03:24:18 -->
<!-- RELEASE TIME : 2024-02-13 10:28:04 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>932602bf23ed6be6fa7cd58444930af1</td>
<td>CVE-2023-6815</td>
<td>2024-02-13 07:15:46 <img src="imgs/new.gif" /></td>
<td>Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6815">详情</a></td>
</tr>

<tr>
<td>42df8328796113c645b60c784cbbaf87</td>
<td>CVE-2024-25914</td>
<td>2024-02-13 05:15:09 <img src="imgs/new.gif" /></td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25914">详情</a></td>
</tr>

<tr>
<td>ed5cca03f52b4cfb895ff92a9211bad3</td>
<td>CVE-2024-21491</td>
<td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
<td>Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21491">详情</a></td>
</tr>

<tr>
<td>954baa39956472e2e4f25604d4de7005</td>
<td>CVE-2023-52431</td>
<td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
<td>The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52431">详情</a></td>
</tr>

<tr>
<td>3d503e6f01e58b930dbdd8267b9ccafa</td>
<td>CVE-2022-48623</td>
<td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
<td>The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-48623">详情</a></td>
</tr>

<tr>
<td>7b1de36105bcebb60b0301f47e2b21aa</td>
<td>CVE-2024-25643</td>
<td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
<td>The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25643">详情</a></td>
</tr>

<tr>
<td>c82f8b94754d3c8405cad1cc1c24367c</td>
<td>CVE-2024-24741</td>
<td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
<td>SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24741">详情</a></td>
</tr>

<tr>
<td>f2f1e142d82a127a8a75009515df0d81</td>
<td>CVE-2024-22129</td>
<td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
<td>SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22129">详情</a></td>
</tr>

<tr>
<td>4e8a6504adf3b01184d90663573b87cd</td>
<td>CVE-2024-22024</td>
<td>2024-02-13 04:15:07 <img src="imgs/new.gif" /></td>
<td>An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22024">详情</a></td>
</tr>

<tr>
<td>fedcff969fe657533267a92fe0fa8bc9</td>
<td>CVE-2024-25642</td>
<td>2024-02-13 03:15:09 <img src="imgs/new.gif" /></td>
<td>Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25642">详情</a></td>
</tr>

<tr>
<td>6f31033eeb01582e6f7026c776e4fb77</td>
<td>CVE-2024-25744</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1431">详情</a></td>
</tr>

<tr>
<td>a4f6a250e2a5cceccd57d833a0bc1d09</td>
<td>CVE-2024-23724</td>
<td>2024-02-11 01:15:08</td>
<td>Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23724">详情</a></td>
</tr>

<tr>
<td>4af14b5ecf1632767d889fe4108a3b5f</td>
<td>CVE-2024-1430</td>
<td>2024-02-11 01:15:07</td>
<td>A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1430">详情</a></td>
</tr>

<tr>
<td>321ee7bd3eff437df0ce32737d318c47</td>
<td>CVE-2024-22313</td>
<td>2024-02-10 16:15:08</td>
<td>IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22313">详情</a></td>
</tr>

<tr>
<td>34d2bca3e6d18e59ffc753e611d0daa1</td>
<td>CVE-2024-22312</td>
<td>2024-02-10 16:15:08</td>
<td>IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22312">详情</a></td>
</tr>

<tr>
<td>f4f9ca58a6c1a835ad662c25aa818998</td>
<td>CVE-2023-50957</td>
<td>2024-02-10 16:15:07</td>
<td>IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50957">详情</a></td>
</tr>

<tr>
<td>03fffefb6ae52488a2423ab10240a426</td>
<td>CVE-2023-45718</td>
<td>2024-02-09 22:15:08</td>
<td>Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45718">详情</a></td>
</tr>

<tr>
<td>646fecf76a0cda275d7593a2c7559d25</td>
<td>CVE-2023-45716</td>
<td>2024-02-09 22:15:07</td>
<td>Sametime is impacted by sensitive information passed in URL.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45716">详情</a></td>
</tr>

<tr>
<td>8bec4e47b075006cea0a6983203bea78</td>
<td>CVE-2023-50349</td>
<td>2024-02-09 21:15:07</td>
<td>Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50349">详情</a></td>
</tr>

<tr>
<td>ed2021c0efd8928d43fc3bf4201b9bde</td>
<td>CVE-2024-1246</td>
<td>2024-02-09 20:15:54</td>
<td>Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1246">详情</a></td>
</tr>

<tr>
<td>d66473d0e3a60316e1a21e207a0ee59b</td>
<td>CVE-2024-1245</td>
<td>2024-02-09 20:15:54</td>
<td>Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1245">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 00d36ec

Please sign in to comment.