diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 6830ea151b4..eb63b23f813 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -163,3 +163,8 @@ a12e6709f2372fba2bedeb76e6ee98f1 881f070e95c767cf158ee51c5fb3fecc fa72333eeec3853c565bbd783727f727 98af55805385d19566f4abc70c0dd3e6 +bcf056f6392e9c7a9510f8294a383740 +4c1a2fe45d699bbdc3e6c767e1c5f594 +d0d79cab92c1436582e965179cd50c1e +c07e9b9b6b9acb10667975fa4aa693e3 +f49e911f7e0cc4a3986461bc64f5d427 diff --git a/data/cves.db b/data/cves.db index 9e13538b3ba..d87cd046a24 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index eb788e9ba7c..a8629996ca0 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,46 @@

眈眈探求 | TITLE URL + + bcf056f6392e9c7a9510f8294a383740 + CVE-2024-27917 + 2024-03-06 20:15:48 + Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done. When Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used. Shopware version 6.5.8.7 contains a patch for this issue. As a workaround, use Redis for Sessions, as this does not trigger the exploit code. + 详情 + + + + 4c1a2fe45d699bbdc3e6c767e1c5f594 + CVE-2024-27915 + 2024-03-06 20:15:47 + Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`. + 详情 + + + + d0d79cab92c1436582e965179cd50c1e + CVE-2024-27308 + 2024-03-06 20:15:47 + Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free. For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio. The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected. This vulnerability has been fixed in mio v0.8.11. All versions of mio between v0.7.2 and v0.8.10 are vulnerable. Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they are not vulnerable. Vulnerable libraries that use mio can work around this issue by detecting and ignoring invalid tokens. + 详情 + + + + c07e9b9b6b9acb10667975fa4aa693e3 + CVE-2024-27307 + 2024-03-06 20:15:47 + JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually. + 详情 + + + + f49e911f7e0cc4a3986461bc64f5d427 + CVE-2023-48703 + 2024-03-06 20:15:47 + RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used. + 详情 + + ea95d9e88f5b6c26b5612f223c42e3a5 CVE-2024-2176 @@ -366,7 +406,7 @@

眈眈探求 | + 2024-03-05 21:15:09 In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands. 详情 @@ -374,7 +414,7 @@

眈眈探求 | + 2024-03-05 21:15:09 Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting. 详情 @@ -382,7 +422,7 @@

眈眈探求 | + 2024-03-05 21:15:08 Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. 详情 @@ -390,7 +430,7 @@

眈眈探求 | + 2024-03-05 21:15:08 An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. 详情 @@ -398,7 +438,7 @@

眈眈探求 | + 2024-03-05 21:15:08 There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. 详情 @@ -406,7 +446,7 @@

眈眈探求 | + 2024-03-05 21:15:08 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 详情 @@ -414,7 +454,7 @@

眈眈探求 | + 2024-03-05 21:15:08 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 详情 @@ -422,7 +462,7 @@

眈眈探求 | + 2024-03-05 21:15:07 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 详情 @@ -430,7 +470,7 @@

眈眈探求 | + 2024-03-05 21:15:07 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 详情 @@ -438,7 +478,7 @@

眈眈探求 | + 2024-03-05 20:16:01 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. 详情 @@ -446,7 +486,7 @@

眈眈探求 | + 2024-03-05 12:15:47 A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. 详情 @@ -454,7 +494,7 @@

眈眈探求 | + 2024-03-05 12:15:47 A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. 详情 @@ -462,7 +502,7 @@

眈眈探求 | + 2024-03-05 12:15:47 A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. 详情 @@ -470,7 +510,7 @@

眈眈探求 | + 2024-03-05 12:15:47 A CWE-862 “Missing Authorization” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. 详情 @@ -478,51 +518,11 @@

眈眈探求 | + 2024-03-05 12:15:47 A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. 详情 - - f78b306978ef587c235655f4c807b83e - CVE-2023-45596 - 2024-03-05 12:15:46 - A CWE-862 “Missing Authorization” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. - 详情 - - - - b1c82b48c669f3e2e25e48e768272111 - CVE-2023-45595 - 2024-03-05 12:15:46 - A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. - 详情 - - - - 85e7e8d532909dbb900575fabb8ee748 - CVE-2023-45594 - 2024-03-05 12:15:46 - A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. - 详情 - - - - 1d55e3514d3305e66045c69f9c12a2e0 - CVE-2023-45593 - 2024-03-05 12:15:46 - A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. - 详情 - - - - ef3b5fb8c7a2242fd818ce0e611f1911 - CVE-2023-45592 - 2024-03-05 12:15:46 - A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. - 详情 - - @@ -2094,7 +2094,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Galaxy Software Services Vitals ESP危险类型文件不受限上传漏洞 详情 @@ -2102,7 +2102,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Ragic跨站脚本漏洞 详情 @@ -2110,7 +2110,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Best Practical Request Tracker信息泄露漏洞 详情 @@ -2118,7 +2118,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Boomerang Parental Control授权错误漏洞 详情 @@ -2126,7 +2126,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Best Practical Request Tracker信息泄露漏洞 详情 @@ -2134,7 +2134,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Kyocera TASKalfa 4053ci Printers路径遍历漏洞 详情 @@ -2142,7 +2142,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Kyocera TASKalfa 4053ci Printers目录遍历漏洞 详情 @@ -2150,7 +2150,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Boomerang Parental Control授权错误漏洞 详情 @@ -2158,7 +2158,7 @@

眈眈探求 | + 2024-03-05 09:20:26 ASUS RT-AX55操作系统命令注入漏洞 详情 @@ -2166,7 +2166,7 @@

眈眈探求 | + 2024-03-05 09:20:26 ASUS RT-AX55操作系统命令注入漏洞 详情 @@ -2174,7 +2174,7 @@

眈眈探求 | + 2024-03-05 09:20:26 ASUS RT-AX55操作系统命令注入漏洞 详情 @@ -2182,7 +2182,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Lost and Found Information System授权绕过漏洞 详情 @@ -2190,7 +2190,7 @@

眈眈探求 | + 2024-03-05 09:20:26 IBM CICS TX和TXSeries for Multiplatforms跨站请求伪造漏洞 详情 @@ -2198,7 +2198,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Best Practical Request Tracker信息泄露漏洞 详情 @@ -2206,7 +2206,7 @@

眈眈探求 | + 2024-03-05 09:20:26 Pillow拒绝服务漏洞 详情