From 2e6b98e95c6d616bf496eb50fa673e13c2d88bc7 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Wed, 20 Sep 2023 05:25:42 +0000 Subject: [PATCH] Updated by Github Bot --- cache/NVD.dat | 10 +++ data/cves.db | Bin 42909696 -> 42917888 bytes docs/index.html | 162 ++++++++++++++++++++++++------------------------ 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/NVD.dat b/cache/NVD.dat index e67b696fa43..626bd33be4a 100644 --- a/cache/NVD.dat +++ b/cache/NVD.dat @@ -175,3 +175,13 @@ ce77a0da1fa468cc51413ee49751ea74 53631702129be2fe0d68e85b7185d04d f24c1e5028f0bc748144fa1f00983354 eaf2ddfde8c15a3ca96d3a361d6400b9 +6a35eb0ecc6baafa493f36c4ed2d4d16 +49f0cb827c6d46a14d0a602569a05300 +50824740e3199c2438bb8b113e7715df +ca4e394cdfce7bbd99ef580f958f01a5 +de838a16a4300c73a497bb3c6cb3d76b +9523fdf7865850f28192d1f6918bbc10 +6079088aebad7baf77d212f549949938 +5bc3f76c3be7820b58d67e17df9a76f6 +f652dd4503ad84b795dc771cfc59d11d +72574b41528b607045249ac1a5af10a1 diff --git a/data/cves.db b/data/cves.db index 3056174d1c73cbf7d82752bcfb8e2713d86c59be..e80426ca8016d7540e6fc34e9867f77cc320e7f6 100644 GIT binary patch delta 4557 zcmd7UX>=4-76)*uvP*yjkbP+&0#TB#>Zh3DOK%1z8PQ16d1M2U!o<067n`5wZz#KI8((g^qR4-(kPuWD3h`%n{wzd>PWfNi8@mk%A~Kk82dXdroL5DlgwR6s}2P#Q+VsgRDOqi6&bQ89VRAd`G#kxdTyDL_GT zsf0@DXey(TG>S&k7&?ZIrLlAzjid22fhN)VJsB6rm`^C{7EgoDy_8Eu=+ML5r!9s%QySQw=4lmd>E1w2YS1 znRFJNO)KaeI+yCGo*HN+H4>n+ z={0(t-k>*WH@!t~(>wGo?V-K2kKUvG^gew+AJRwkF?~Xx(gFI6KBvD>JAFZ4(qHK- z`kKC>Z|OTaNZ->B^f&sE{!Tw>t3~JdlTK-rP8pO*S(HsVbQpD{THX%bDQ<7o<=Kqt~vnnu%U2F;{d zbP~;`lW7jkrBi4gol5iRG)nb9L}7|hlwuU81yoK6I-M5MBC4RpR7q8|gsQ2Al2l7) z&{A4P%jrxyi_WGMbPkI}@RJHb8ujix(J%-aVZR>=dYTMxD zTH$}RVpVLLR^nrJR`aCB_C<%vDs-9(>vJ3<=(7X15wlF!jreRU7!C)+rfJ0j0n=&O zHRPQl-6~Qqmdw_>tJY}?G=HZl%RS>NE2Ez2u}GpyY2VG)OV!50x3wI#^VRWMSJnRH zZk9Wyx2+FSqucs2^*Uv1eN}7uar#)zRoZ>mX+dRNvs%x{Fn_D^zqh!fey!JTnA_OC zFja58>(smTIkp=&BH^Gf5b;NCf5^0>M#yjY9KRbf97|2xa`2a9+?(|%vuwTiYOPOK z(;<8T&Mb@ug|S8Ylp^--zr`Wxmqwx51zw=$=`tUkvdvYc4h zh(#j)a3~ZH*{&70{1H1A^+oNd(wcVg@u%l(&?{BeDcRZpW&F5B>)p~iZbv`mnY%&H zR3F@Tvlh&>iX6jlwDovsgZ_z@+llj#miB3fTr+#@gLyuEciN_@=|!t%au8B`H(O4# z#l4MyYXpO#SU407ghTN_AnG%HamRLD+f{YVZ)iqapLOfFpgMVlrRS-Sn@Qs$;<6o-# z-MqK%*Y%r}3|OzHck%zOOk3Ul_(JySp9}oMYpXFWPjmdC2*kRjre8DhpkYPJM+YLp`kQ0iVhT4_v zq}7~s_fzYT3Pqs>asmPBXxYH)slDMG2`Dq zqZ+>6r@6LOlv;m{ud%&4mDuWhXLWvkPTcSKqEVaGgrY$^9B`dzgs-SbJmR=fQ@yw| zM=Q!mJsMP3t~0d(14C6+W>s~iXGVEtRU(pLdbL%aWF?dFSw_%OOXikqv(>iFUcI9l zcWQ5K$cT7#Wrb&HB3bT9md8Aa#Z|RQPo%Pmjaplq(u~2oS++!45#XfH;nrcbUJ=#!J_p+|L{i_n*SdBLn ztw=2Po?&@wVv*YFL~^;ewkB5XRlBzC)4D68FiY#$GH=r|PfNdowp{h@iZ8V6D{5!! eYrDEU{on4_Z(aQ#?VrZ|)tJ(ydRdwqwEqFsi(E?p delta 2463 zcmWmG=XVYU7>03qBP2!$5t|^0z4zXG?|s`l_Fge=#8%QhXtlIvYqeI;+AUf-?9mie zv{YNVulK|6`UCEBo^zhW!~3HX6Zc22${UuDCQbZ<)v@(L66VSZu>w}8mDUQg(pl-P za4W*fU}dy2S(&X!D~pxYin6j<*{x_RhZSSxv~pRwtvpsqI~WL37RSXHfRR&}d}Rnw|v)wb$bb**|< zeXD`h&}w8gwwhQ?t!7qptA*9lYGt*y+E{I^c2;|SY54dR(Gq1)zj)_ z^|tz0eXV{L`}DU4SOcv=)?jOhHPjkr4Yx*EBdt-^Xe+@QV~w@OS>vq<))avo>0rtoN-Ctj*RIYpb=* z+HUQzKD0ivc3Qiv-PRs!ul2F@iM7w#Zym4>T8FF@>#%jiI%<7teP$iAj$0?Jlh!Hg zv~|Y%-1@>gYn`*sTVGmVSr@E}*4NfI*0{i1E$g=Ry_IVH zVBN9qTKB9Ut^3wb)&uLI^~n0!`o(%|J+XeZo?5?IzgvG;&#dRxpVnX2-_}3Yzt(?A z3R$iY1Q3d}2tzugM>ryo0U41AnGuOB$ciXrLv}N})8$pe)LvJSw0fDxor}pem}NI%=RMYN0mjpf2j6J{q7Q8lf?o zpedT6Ia;74TA?-Cpe@>=JvyKxI-xVVpewqeJ9?ledZ9P^pfCC%xPN~Pz(5SbU<|=f z48w4Yz(|b3Xe3|^#$p`CV*(~(5+-8`reYeVV+Lko7G`4(5-}I^FdqwGEW{!#MiQ1_ zDVAY5R$wJoVKrXB8mvV!Uc^gy8L!|~yoT5D2HwP5Scmm^8}DEP-o<;^h)sAOA7C@K zU@Nv^J9gkhe1x6Yh27YLz4#cPU?2A501o01Qg9eYa1@{7GaSQloWMz(!fBkr=lB9= zaSrG4CBDK1T*TM-2H)a4T*75s!Bt$tb=<&B+`?^qk5v4CJGhH`_!0N<6CU6p9^q&F zg2#A*U-1;b;dlIjXLyc3@fZHaKlm5_g(NA!`6GZ(q(vCgAw9wofegrqOvsE#WIIO0(PB~c2cQ3hpE4&_k+6;TP5 zQ3X{|4b@QtHBk$-Q3rKV5B1Ri4bcdV(F9G=49(F3Ezt_C(FSeN4(-ta9nlG$(FI-6 z4c*ZLJ<$uj(Fc9e55fKWV*mzX5C&rihGH0oV+2NG6hy5tA?(Q!o|N zFdZ{66SFWIbC8I+n1}gT5I86YHmnREA9g!U@JUL^w90|hKuWgQS%LF` + @@ -2227,6 +2227,78 @@

眈眈探求 | TITLE URL + + 6a35eb0ecc6baafa493f36c4ed2d4d16 + CVE-2023-5060 + 2023-09-19 03:15:08 + Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. + 详情 + + + + 49f0cb827c6d46a14d0a602569a05300 + CVE-2023-5036 + 2023-09-18 06:15:08 + Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. + 详情 + + + + 50824740e3199c2438bb8b113e7715df + CVE-2023-5034 + 2023-09-18 05:15:07 + A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability. + 详情 + + + + ca4e394cdfce7bbd99ef580f958f01a5 + CVE-2023-5033 + 2023-09-18 05:15:07 + A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability. + 详情 + + + + de838a16a4300c73a497bb3c6cb3d76b + CVE-2023-5032 + 2023-09-18 04:15:11 + A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/article/article-edit-run.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239876. + 详情 + + + + 9523fdf7865850f28192d1f6918bbc10 + CVE-2023-5031 + 2023-09-18 02:15:51 + A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875. + 详情 + + + + 6079088aebad7baf77d212f549949938 + CVE-2023-4987 + 2023-09-15 15:15:08 + A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 5bc3f76c3be7820b58d67e17df9a76f6 + CVE-2023-4984 + 2023-09-15 14:15:11 + A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795. + 详情 + + + + f652dd4503ad84b795dc771cfc59d11d + CVE-2023-4983 + 2023-09-15 14:15:11 + A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments</script>'"><img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + 6c1b9c4fee44f66c9d1f8ab988ec1e7f CVE-2023-36659 @@ -2251,6 +2323,14 @@

眈眈探求 | 详情 + + 72574b41528b607045249ac1a5af10a1 + CVE-2023-4972 + 2023-09-14 20:15:13 + Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects . + 详情 + + 2cee661ace7acc1aa83012c59e559654 CVE-2023-32636 @@ -2387,86 +2467,6 @@

眈眈探求 | 详情 - - bff8e66b22f70f7218e5b93898f90949 - CVE-2021-44172 - 2023-09-13 13:15:07 - An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. - 详情 - - - - 540acb5cffec146903bd455b2b17608f - CVE-2023-29306 - 2023-09-13 09:15:15 - Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. - 详情 - - - - 4a88501a6af84d42db17d4c27d44fd67 - CVE-2023-29305 - 2023-09-13 09:15:15 - Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. - 详情 - - - - 0f2f9e74651d194fbf6c54cf290ce621 - CVE-2023-26369 - 2023-09-13 09:15:13 - Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - 详情 - - - - 7abe9e444fb931d9847478bb3d8226b0 - CVE-2023-21523 - 2023-09-12 20:15:08 - A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account. - 详情 - - - - e2a2e5f66f7313ce93cb9b8dcde37c58 - CVE-2023-21520 - 2023-09-12 20:15:07 - A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. - 详情 - - - - 85ca0426243514b04281aa2dcc9a082a - CVE-2023-21522 - 2023-09-12 19:15:36 - A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.  - 详情 - - - - e0f12a28e563b380d0bcd0cb148c9532 - CVE-2023-21521 - 2023-09-12 19:15:36 - An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. - 详情 - - - - 5368dcbad69f59262e1c40243b56d98b - CVE-2023-30962 - 2023-09-12 19:15:36 - The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 . - 详情 - - - - d0568f9dd11713d1c03652f9a0c6e617 - CVE-2023-36804 - 2023-09-12 17:15:16 - Windows GDI Elevation of Privilege Vulnerability - 详情 - -