From 0c3f16243eea96733fc10016ee8d977e33c49a0a Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 18 Sep 2023 05:25:48 +0000 Subject: [PATCH] Updated by Github Bot --- cache/NVD.dat | 10 ++ cache/Tenable (Nessus).dat | 10 ++ data/cves.db | Bin 42795008 -> 42811392 bytes docs/index.html | 268 ++++++++++++++++++------------------- 4 files changed, 154 insertions(+), 134 deletions(-) diff --git a/cache/NVD.dat b/cache/NVD.dat index 524f7fab010..e8afbecfb5c 100644 --- a/cache/NVD.dat +++ b/cache/NVD.dat @@ -171,3 +171,13 @@ fc52900b5b2a1a05f20633c8b0c97e14 f3d7f4147503885748dbe980d7f81ae9 6b086093f6aa032b2fe125219f1fa752 9569aa977db9d5c6c5151be59b3a4ef0 +ed65bc8594926fc00870198104820a56 +2306c301d8d58c27b7ea696df5821621 +3fd907fa3cfc48642d297082b3fc1d53 +52111c8632e4ec561c38e328a922251e +d4b3d6114a20ff6ba8c50b281a8651f7 +8676cfffb784cb267e33e0f1f14ad984 +5e24d726519cb9e77e0fd845029e7f16 +46544730acae18e7747bd7df6cf82919 +447e34497695f62525b42260ed653ddc +b0bff8acbfc8b4e4e556cddb12cca1b1 diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 6f67e57718e..0f8bb0a25b7 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -185,3 +185,13 @@ ab55a3a1ebc4e5bb3519ad6fd63a002d 1abbfd911b04f3566025e320a5fa15c0 cde3b013e550ae536263f87009029957 8ab8d514f2847a82f17bcc942aa08004 +0ecfbc2303e306322b0fad8ce1484d38 +65557e54573bb0fe6fd55b20b0cf6590 +6fa54b05a836af5e43d6d59b01193459 +91b7935c2bbd506f8011d3226455faed +7bb623226ec3e2fc8ca56b00d2047011 +ae8e5e6a2b1158c355ae0b637eb57dbf +686a2aaadc1c9219d4899269a9ac3562 +880c45cb900ff32d101c49fb87536634 +19c9f48348443624c320525d30175aaa +c239442185948f47094cac55e5ba21d6 diff --git a/data/cves.db b/data/cves.db index f8220526d107802398b26798fe6aba1bd508a645..c1088965505b664028bc8faa176100217f8eceec 100644 GIT binary patch delta 7093 zcmc)Nd3;pW*#~g$%|cd^umy;~MAWb)bJv+W$QB?>dDZxY|WzMuE~!+t*6_w&j3 zP9~W-=iKL>^PK1O^gJ}Or|033dnh-{rE6Ssq$3Gpl9*(sET(Lx9Hv~Rp-g#9 z`Ah{&g-k_E#Z1GPN|;KS%9w^TjbIwdG>U07Q#sQZrm;-pm@1e~V;avifoUR>i>Z?7 zbf!s6XE2?~bQV(;(`2S8OjDVrF->QxW~yOwGbv0elg6Yo8B8XVhsn!iG5MHgFrCdb zlW7*yY^FI(bD3(H<}uA@TEJAtbPm(GObeOnnHDiEW?I73z_gTU8Pjs66-+Cc8ktrx zt!7%o)Wmci(^{tUnbt8~z;q$gdZuP3#K&gxGX>c(*~wCrgo+X zQSXF->So%=bTQKS0PSZDrcVlw@M2UZ(9# zJD7GdUCFeIX*bhVOnaEFX4=bi4b!zuUt_wC>3XIcm{LqPGTp>nCT}>KV^EJ z>1RwoXL^C@Fw+sH7nxpSdYS1Jre84qlIc~Z*O-nn{fg;zre8C?!E}u2IMZ*Ke#`Vb zrZ<`1VmiTelIizMe_(o>=@ipDOz$$Kncic1pXmdp51IbR^e3i2GyR3>uS_2?{f+5k zrcanYW%@hQKX#II6-gjN7Gy&X+@HjjH z--9RNDd>lTa0tE+KY$;?)9?&D3qOMA;K%S2_$fROKZBpc3vd{Yz>Dw_ybQ0vFW{H( zD!c|q;aBiF{2JbXV{jaP1HXme!JF_FoPd+?d-wyq4X5B8co)*}9=s19z=!Zh_!ImY z{sMo6kKk|cF?<4_!r$Q^(oT}G{6U5+$c7xqg`toK`A`6bPz1#=3`(FB%3wH*fRQi? zMngG_fw3?SD&RC24-;S_xS$eFhe>b-oC#+^6-N%=`)`R=Rp*5z&+k|~nLiyL;! z&e~D=(hr7|tQ_{(u!+U-f)Dd{=RBExtMq8u3oqR-)$l5`RoJk)Dyf@EJ&_+Y{Cd!% zs)ns8p^(RKTLDw?YnEzT9#a(unuf~m{#Ot0lBY_kXGR?z)nESNE;&yU$F99p)@u}X z>uJgKto(-6Q!XNFBL1AJxbj7`h0o1=y@b08;b7XMalF` zjDAY8%1l-z3iVLXr+7oQ9tZ^t%VTIk&F57t&98?7YET?{wOm%R4aHD}azc}X*7CiULOmlvn5 z{?^9w>7i)c)rx;O@lID;c!T4br@Qc{^Q!0R)r~PbQoq2}6?NI6kQ3+<_IW3yk+U}1 zZQYJ5?gXOopc8b3Bd)Gi$JG{X>CF5digrhWc2_tW>8#NdO|Mpb)r#d(tbqu4Mc+wH zp8Ovl^rSB^=v3crch3<@(+oLVMR=3`WcuvPbJ;e>+%_jssOgF)pet(73Yu0x^ZLDx z?eTenA=A=SPwM@d>1q*sZ;qT@Y27(CTw08jmLsnoQgk#wn48Lq^_TV(%XM_y#i<#V#C`1E}ZWunV$7hB-nyHz7L(@D;CUSZ(rM|tRTI{zJ zqzYZvMA<#>N#loEHNNRCt438^b|mOZB|ci@5-sr=@~~9h6Hk?iI}TOI&y6)r#jAaO zIcZ8}2B?N8MI#fwP$SuyMns3FNuH%@=${uR)3pPGKhsQ}iNSkJj9*vmfbFQ3*Cz6Lzdcsu>)7Il{ESX=`&W2)Bg0FmLfDywQo{d44L5%rk408cVBDgt&gD zG)mmR=rw6Vq1)AfywK%Z9u22d?b8vd*uaOyp`q zLJCJ(GMOjl#M|wN6X{AFc&B~T^kt1xJ|6~Ua3OdzL-_v~kF-qmeVQlFLO2nW-gq)S z7ZI)E6(+ApL*W z7xal0cUH;n935Y@MCD@%d7fxEf1O+^-gtS3G&;M+Ra`6*&->(wsXZrd%1tfn-C7`e zqi;*);*B-y?~+f8``;`pzsA4h0R>RXd9H9mUN))$jG`W9-x`kCuGNunAlmL)Ro7HoZ7IsR zE~7^EEU8h9=J~5MMKzn(c028k=xcmUS}9!pd!!=P%k z5DxAL%A-VTbwEx@KG7GwS2D%1hWn-5Y$Rx}I9#(^9+Oh8c-i+K>AT6mK8tB(ZTBYA z=VU_FTdVihHhV(0Y4{b>wsemjG93eDQPA}H5iy@`2=&3zjPuQ>4%BG0TeoZP7 zwDn4Pf>{6SlhV1xfwpdcGq%n!cJ!zyyU#667Cptg6U1Wpc5oy|zZ0CJx@ZO)CEidX;@v>iEWY&e8`S zw6AwgGQD6RF!eguH!Dscpt|B|K;?Sh2BJ2{t>Ba zgsJGtV8;06kfN1&cjnBL`pcB>O3z8vz0Ejs41_1FbGX^Elz?F(2P-%a=vq)!)PUg& z`7N)hdpx4{bVVLq2YtI$X~JM|WK9u=9(_$3b^GfdON$31GY*l#Ze+JO?#?dM#LaQ1 z4W;fzr}MKI6|AgVQoE{tOKFB%BU2AwxFdn}Kw*|r@Fr~#j*`hte#LviP`eRe=M#qpkFnP=TnAXSzu$4rPs zT^bHZ27W|Y?`=|(c;KlUBt^`f7L%_-PvXFqd!(}l6Jb#%5xSItgO4f_{t{`z7i=Rs zLSCF%{l@lb$#i{Yu)U_{nG(;JRtrj^g*|UdL~GgJMPQPd>|Ll}~Pv zCX86TY+G3N{P*YHV2>UkevzeTz^C27cOfJd2Z00naOm+K;YbZue%w^(PtQ%nmN8$A;ijO z1nhumI;P*&kp7;1MXJc`;in{Nx}Zo2=KXuEW2Ir@j!)LhlSKMdg`6*reY;GWbj$ui zIaj=Js1~RDVr&hCCD=nEU3Q?WIUK=px?LO(oFk7BdrxeThnKWDvDRqBakoeP;Wo!D zY9B~TRpN!ph@@w>y1p&{svHUj7YwR;Y$l0MN>RPIuByYnsnnk#Fa6Sc{jZuq?M0xL z45S3N&hBQ^s=kn6>DV|7-J=-+T~lz73F74IHEp5ZdHl0gc6j(EX_DxuH{_8bam83E zB)%UnLFG_+)l7MM0m6a27_+-t#o;lR057(u{4y=o;PK-QC@A(_N!`#0`u_8dM|{6hu^TBCyeEPzH@jqjV_h z^?vwWf53gtbIubJvnMhpW_RS$Y)Ru2B`S1wSyauC_!+W7tbmo+N@69ol3B^E6jn+r zl@)5Gw!*A%E5b@+rM1#o>8(gBgO$)MOnG6JXT&SpOxP# zU=_3qS%s}4R#B^%Rop6Jm9$D(rL8hnS*x5?-l||#v?^JZttwVktD05as$tc%YFV|d zI#yk)o>kv!U^TQFS&gkGR#U5))!b@fwX|AUt*tgzTdSSb-s)g=v^rUxtu9tqtDDu` z>S6V?*r%7(+v;QWwfb58tpV0RYmhbA8e$E#hFQa{5!Og+lof4_w#Havt#Q_PYl1b= znq*D3rdU(0Y1VWr#+qTxv}ReeEn9P}xz;=@)|ziEuoha2ti{$6YpJ!&ddpgFt*};F ztE|=58f&e!&RTE1ZM|c?Yi+RJvo>0rtj*RI>wW73Ypb=*`q28w+HUQzKDKsRpIE!B zPp!|a&#m3o9_tG$&ic~YYkg(yv-VpDtavNII%plT4qHd8qt-F&xOKuhX`Ql8TW74V zt#7Pvt?#U});a6Eb-}u5eQ*6>{b>DUU9v7)SFEenHS4-{!@6nxZ2e;WYW-&YZvA21 zvTj>%R5CdT9M={bfC}9$QbWr`9v;x%I+&X}z*uTYp>sSZ}OzL)i*Xo_37CjUn2afyifNdR7|g&-%))FKb1)b45R3U(fQ49u z#aM!+ScbQ-94oLAtFRhtuommE9&h6vyo(KZ4;!%wo3RD&;{$BPHhhSWupK+_F?Qk; z?82w`44-2+_TUS|;Y;krSJ;RBIDmL0;2;j+Fpl6Tj^Q{?;3Q7rG|u2_e1mWC9nRt$ z&f@|u;(PpnAMq0|;WDn^Dz4!=Zr~<<#xM94zu|ZMfm^tZJGhH`xQ_>Th(GZc9^o;b z;3=NrIbPr;Ug0(V#y@z2fAL>PtOA@r0!WM`NQz`gjuc3VR0u_CgdrReNQ1OUhxCX< z24qAgWJVTbMK)wd4&+2GL?JiwATRPEKMJ5A3ZXEHpeTx=I7*--N})8$pe)LvJSw0f zDxor}pem}NI%=RMYN0mjpf2j6J{q7Q8lf?opedT6Ia;74TA?-Cpe@>=JvyKxI-xVV zpewqeJ9?leg8TPEZ}dT5^h19Pz(5SbU<|=f48w4Yz(|ZjG)7|##$p`CV*(~(5+-8` zreYeVBL*`t6SFWoa6k@hS(2h-vJHuXPf|kar4H;2#HHI6zbGUw>glY~Vlif9wQH#}EZTw1m26-bCGH6^#A|> diff --git a/docs/index.html b/docs/index.html index 503a4c303bc..afd8e86b674 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 0ecfbc2303e306322b0fad8ce1484d38 + CVE-2023-5030 + 2023-09-17 22:15:47 + A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872. + 详情 + + + + 65557e54573bb0fe6fd55b20b0cf6590 + CVE-2023-5029 + 2023-09-17 22:15:46 + A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. + 详情 + + + + 6fa54b05a836af5e43d6d59b01193459 + CVE-2023-5027 + 2023-09-17 17:15:44 + A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file club_validator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239869 was assigned to this vulnerability. + 详情 + + + + 91b7935c2bbd506f8011d3226455faed + CVE-2023-5028 + 2023-09-17 11:15:07 + A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability. + 详情 + + + + 7bb623226ec3e2fc8ca56b00d2047011 + CVE-2023-5026 + 2023-09-17 10:15:07 + A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868. + 详情 + + + + ae8e5e6a2b1158c355ae0b637eb57dbf + CVE-2023-5025 + 2023-09-17 07:15:10 + A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability. + 详情 + + + + 686a2aaadc1c9219d4899269a9ac3562 + CVE-2023-5024 + 2023-09-17 07:15:10 + A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability. + 详情 + + + + 880c45cb900ff32d101c49fb87536634 + CVE-2023-5023 + 2023-09-17 07:15:09 + A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864. + 详情 + + + + 19c9f48348443624c320525d30175aaa + CVE-2023-5022 + 2023-09-17 06:15:07 + A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863. + 详情 + + + + c239442185948f47094cac55e5ba21d6 + CVE-2023-5021 + 2023-09-17 05:15:10 + A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability. + 详情 + + 1abbfd911b04f3566025e320a5fa15c0 CVE-2023-5014 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 72874a4880a81f91caa47a6895dd84fc - CVE-2023-0923 - 2023-09-15 21:15:09 - A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. - 详情 - - - - 289ac4c577149654907e7c1d72e2aed9 - CVE-2023-0813 - 2023-09-15 21:15:08 - A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. - 详情 - - - - af709ad1efe7bf77a47af53292a7e030 - CVE-2022-3261 - 2023-09-15 21:15:08 - A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. - 详情 - - - - cbd8d6443f9fc379da378217ee1164ec - CVE-2023-37263 - 2023-09-15 19:15:08 - Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. - 详情 - - - - 9703d6d2d2b5fae97f14fe7d4f5bd25a - CVE-2023-36479 - 2023-09-15 19:15:08 - Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. - 详情 - - - - 3f5bee88029c092331e929632da63195 - CVE-2023-36472 - 2023-09-15 19:15:08 - Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7. - 详情 - - - - 5791c88871192b1bb5d8461b693d68a3 - CVE-2023-42398 - 2023-09-15 17:15:14 - An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. - 详情 - - - - 7408875a43a72090374b72331b3bb4f5 - CVE-2023-28614 - 2023-09-15 17:15:14 - Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. - 详情 - - - - 728da8338e63797d29c3110366459136 - CVE-2023-4991 - 2023-09-15 16:15:08 - A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - 3ac3cba11db2f3ff154d11566092b855 - CVE-2023-4988 - 2023-09-15 16:15:08 - A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799. - 详情 - - @@ -2227,6 +2227,46 @@

眈眈探求 | TITLE URL + + d4b3d6114a20ff6ba8c50b281a8651f7 + CVE-2023-3301 + 2023-09-13 17:15:10 + A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. + 详情 + + + + 5e24d726519cb9e77e0fd845029e7f16 + CVE-2023-3255 + 2023-09-13 17:15:09 + A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. + 详情 + + + + 52111c8632e4ec561c38e328a922251e + CVE-2023-33136 + 2023-09-12 17:15:09 + Azure DevOps Server Remote Code Execution Vulnerability + 详情 + + + + ed65bc8594926fc00870198104820a56 + CVE-2023-34470 + 2023-09-12 16:15:09 + AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. + 详情 + + + + 2306c301d8d58c27b7ea696df5821621 + CVE-2023-34469 + 2023-09-12 16:15:09 + AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality.  + 详情 + + fc52900b5b2a1a05f20633c8b0c97e14 CVE-2023-4914 @@ -2259,6 +2299,14 @@

眈眈探求 | 详情 + + 8676cfffb784cb267e33e0f1f14ad984 + CVE-2023-32558 + 2023-09-12 02:15:12 + The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. + 详情 + + fb1e3cb3265a69b8db1ecd980ea3b7f6 CVE-2023-4899 @@ -2412,59 +2460,11 @@

眈眈探求 | 详情 - - - - 58dbdcfe7cc0d60cf84438cdf2e78ff0 - CVE-2023-4843 - 2023-09-08 17:15:30 - Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. - 详情 - - - - 9569aa977db9d5c6c5151be59b3a4ef0 - CVE-2014-5329 - 2023-09-08 03:15:07 - GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition. - 详情 - - - - 783d43ff42c42388e1bf5c5c7dabcda5 - CVE-2023-4685 - 2023-09-07 18:15:07 - Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. - 详情 - - - - 989c507fc0d35249c74d04dee335b88d - CVE-2023-4815 - 2023-09-07 07:15:08 - Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. - 详情 - - - - f778b9d3b305d352762ca37eef3b3d94 - CVE-2023-4792 - 2023-09-07 02:15:08 - The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages. - 详情 - - - - c8af0979e890c285b74fdb6e2b50a6ab - CVE-2023-4772 - 2023-09-07 02:15:08 - The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 + 447e34497695f62525b42260ed653ddc + CVE-2023-32332 + 2023-09-08 20:15:14 + IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. + 详情