From 3e447a32f78fded164558542d44b450ca06a6052 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 15 Apr 2024 23:23:17 +0000 Subject: [PATCH] Updated by Github Bot --- cache/RedQueen.dat | 2 + cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 47091712 -> 47099904 bytes docs/index.html | 162 ++++++++++++++++++------------------- 4 files changed, 93 insertions(+), 81 deletions(-) diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat index 0e46b5a8434..bb65904f837 100644 --- a/cache/RedQueen.dat +++ b/cache/RedQueen.dat @@ -122,3 +122,5 @@ cc96f68cf2bfcf578d886579d983567f c6fc0f1e11b594ee91e2af7ff115c3b6 f8aa964dcb4956c9baacad51d77f32bc 62f2b04710edcb61e6205b457d95317d +727168f026184cc424466bbecdef04bd +3a71226a12484d9d0e5a316e649805d8 diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index a5dde7712a0..9f479f25770 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -128,3 +128,13 @@ d060e0fe962b3d81454627d10fba89a5 7b365de29b57e13e83919e392bd443f1 659aedab25cbfdcf57ce246f4ec11de4 b75eebe5840caaaa3860b868e8bc793c +798ab6950f0b1f5c226d38ef48ceab68 +bdb154373697347c3d5b0c14e78dfcfd +9245743bf25d8b2b7893466790f8be07 +cb0a0970e03dde886437af4ccd433898 +8bca410bebefa3784283edfa816a4c90 +4b9fb08bec71f969dd0e415b4d7020df +04c1d2e1a3b44b4e3f493bfdac25a70c +4864020290eca316abee9e517ddb48b1 +a40fb99669c21a8f7d4fc696875a4e20 +fd3f3eefeb8141fb8d3c8ded8ac20735 diff --git a/data/cves.db b/data/cves.db index e0d7eb5f186ee365ba25f53d1f946f0b7fc9bb3e..73b2b889530bf6215cbe822c27e63079bc9c90f5 100644 GIT binary patch delta 6198 zcmeI!d303e`3LaK%>sc0NLUjHTx1E5?atgg8?qQcHd%rO6$E+i%-l%=NhZup0udLo zJjhNE^a7GxP*haF!G$QIVG$G*3KVJ8DnSJmsTEtRR$KeMiAU)<_Sau~div`hzdt_D z$zc-TasRvUEQz}zWrd~{GOud=NX(-dROv9Ll zGmT&x$#fl4F4HKc(M)5Qu4fv{G>&OJ(*&l8OgAu1Vw%h}g=s2N9@8|Y8<}om%4eF+ zbTiW}Ot&)4V4BHv8`CVN*-W=H&0)g)s7xLvFO!c+WAZZ zU@Bvp&lF?|F@>4RnJSnTFfC-NWV(ZC5!0PacQM_~bPv;FrYfdtrW&SNCT3c~bT89V zre#danN~2ZWLm|vnrRJF9n)H-`aC4X#>+nrcF!_GHqt6XKG+Fn6@x& zWqOF|VWw?Nk1##T^cd52rpK9{V0w~i2h&cbT})3gMVNLoJ}rY5HSOb3__G96-ih3PQU5vEs}USm4Sbd2eBrZqgU;`Nxu!94f-~u-cg==9L42Kag60U<> z7zLwY3|tRmVH}Ky2`~|EfJrbJrodFlgK2Oh+ywbB9d3qO;8vIcGvPLv1+(FHm;>hg ztKb1I_&@_c6hI*q!CaUJ#ZUsJ5P&k64?ze)7|Njn7QjNNggamn+zEHV-Ea>qhAOCr z8mI+^C2%h+g=MfDR=`SF1*>5V)WKS~57xnYxE~$>9X7y5*aQ#4W~he-FklO8g@@o_ z*anZlqwpAPhsWUwcoKHNPS^!cK?HWg)9?&D3(vtGXoTnC1=tHO!ajHjUWO*v4+r2N z9D-NiFdTtb;Wao4$KZ8%1CGN9_ywGVQ*au731{FDmMCbq=p%WxQGIWM6&=tBtcjy5rkP1Da7otf-sar1uTGtPziUyBDfRog1g}!SPWHA z4K+{;3`^i%SPIKvIjn${unJbg8mNP{a38FL^>9Bt06J`djj#zGgw0S74Pd|)*a{E9 z!>|n=fk)vn*ba}w6YwPLfSs@lo`MMMhNs~fcov?6J;F=WC~P~|_F!~^qc23N~+ zwXC{4URAM59?hfqRoUrMY%W>z`Bj(Ip((_lU zt8YWN!O}$+r=CePmgk%h`gF;*Nj4=*QnIXe(PkZLwGWk?|L`gO<3lI=8`NX35R-$q z)Y>_cVRo)&xLh+_^?D>#ayunWl6^kS<#H&pQ}rueuTPO>z3+!-Q`;z6veluu^xW`- z-bQfQaG{r8*8kf$ququ*LYA>5;cd%k7M3m17qqFU+`M`>z# zxKhju27Kk-uzn@&N@qR&;AxLBY5i$SYW$D0Z+v%XrO>}m(LeQkcYX1`WBq>Yyt}p| zM+UcazPnu0UG?}pRy*cjcDS9g;`GWsyGQa`70v1L`Mt&g{|iFT7_5ceIG>Pi>HWWd zdGsVTWUTG*wx!FzK7bgs5jIZUciJMi4j{*2mullVGN@$$Npek+>U6tQkHc-3{F2A& zw|i|ihfj8Ce#Pb0R3rC`3`=V3?Awh~56}B&Mqr$rIZJ3`JT)fAlK8KW;i^{J8Igr& zEI+J8fx~XAa&sg-esW4;WmIC7T~?h|^j@{v6qn+2`y|b-V&*l6;&w^cS|9Cw=tAA< zNkygQ3&nX_uv9A+OXn1XN-l2SdZAvwuyezO&D$?*+w|e{Ph8x*udDg z^>;W2d9l#4;>mLPobD_|wb`>&o6DJHb2$8NkK3zAUSHKzjtn$rPuVY=Y#O=pgm56b zV#qV{v z9WJL`RW!Y-xirOSE;ug443K2|gc7wtyQxqOmWf5!`=V`(SP)dp3e8N&&6|)d=IT|w zYSZ-3&&-HPx$4KoMV_DHvUXz!<2HMRrJcTd zS4l!g5h+q+zDo3I-hj{8`jy|(U2hI=NFI7sqiQ&;m6U};VmKg{1p{6!6#C&Qe^If9 ze;49tQG;e9p`wCPeRt*j&c^qvS6SlX^9#{^f3dnipFc3ao4&tkMy!!I{as6EU2@&i zrkAG@&y*D-!%GW(Y`R1%!NHViOnYmqrL*y3#HaAG&8Y7gj^_LfPVUeesck?#Akw(L$$&foYZmefGh|c>QzzNc(m_HDQb$IZ)_l zB)hi@U4?+(uqGT7I_onwXuZZ&$l2CxrRDsou;EYF-<+6|dC*&}KehD#>-B%TUI|yP zSHqXbg{&Op(~^E1$uV=0Gi1(C6_ip5_1Z0IUi0WsJ(}j$>{h4G=TY>$NefbcOhv~( zURqZ8?N7dINzx-bPb7@}_iWq$%CWV-YHTe_EJ?CsSr$jKvBc?1o$^xW97*w7eKyUi z${t1WD4Oh7+_-x9RIkmhI`vbBmZZeuvf+}9E8lLkj2&>Z7OD*4oD)YE2g-fo7%em} z94HgZ%gpIFuXd6mxs2SZG|SM8ymC)*kvC_7<|!{L4yZmYm?Pn2u;+xdAl4$@;xQTte$@vGou!)TNF8@s2zqw@iXkg9@8v zCP;OzT%D^b9=G2k;a28#TK#T^+lL~nSnVFg=S1EZ^Cun^dPU22yHSX1v8Y?y?^|T# ztb0v}OZ=JpZ|m36@JT4?Emz$HyWM4$OiSXhsKlnE{lhF7LX(&`UKrfAQQDG!PRQbs z9I=|+sU0WRj#K?U*)MCFU-P)Eiq-FN`DCxlr}8*FrXt!JXE3rM&UH||9 delta 2746 zcmWmGRdAM97)4?72MG||-QC@TySu~2-Q9KLZb3tEcL^Tcq0~zSXsOXscZ06);#n8x za?iXoXXdkW8E3|x%eW$2qM`{B6o0WYcg?V(vt)%?AuHTUXeF`|TS=@4E2)*tN^V73 zDXf%MDl4^>#!73Yv(j4`tc+GBE3=iw%4%h^vRgTDTCtxeWuYl{_QZM9;pZPs>chqcq%W$m{1SbME~)_&`Nb-SEb>6yQU9>J)@z!PQignexW?i>#SU0U()@|#Kb=SIQ-M1cC53M(> zN7kFxTh`mwJJ!3_d)E8b2i9ZjL+c~!W9t*^iS^WaW_@aXW<9q)x4y8xw7#;wwq97@ zSl?PNt?#Vwtskr(t)Hx)tzWEPt>3KQtv{?kt-q|lt$(b4t^cf7*6W1|TdFXG5RQaM zgv3aK2qZ-^Bu6AtASF^EHPRq0(jh%EAR{s%GqNBnvLQQiASZGmH}W7a@*zJ8pdbpN zFp8ikilI14pd?D6G|HeX%Aq_epdu=vGOC~|s-Ze+APO~63$;-Pbx{xX(Ett62#wJM zP0iF zz)GybYOKLptV1-`V*@r~6EMCT`(2?%*!&;XWSVA>P0vyotB)Hr~Oz zcn|O613bou_y`~46Fk9FJj18>4A1d7zQC9G3SZ*|zQMP6iSO_|e!!3T2|wc({EFZ3 zJO03*_zQpIAN-5|@CvWP7AnN~BZP1yL?R?c5=0;=k|8-Fkpd}^3aOC>X^{@;kpUTz z37L@vS&6PCTNOgXpRXpau)h)(E?F6fGG z=#C!fiD3U;=#4(;i+<>j0T_ru7>pqpieVUz5g3V47>zL)i*Xo_37CjUn2afyifNdR z8JLM#n2kA@3u7MUV*wUo5f)nR9tB1(}>IATM`7Hz33;SqZ({| zbTuXv8Q + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 798ab6950f0b1f5c226d38ef48ceab68 + CVE-2024-31652 + 2024-04-15 21:15:07 + A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. + 详情 + + + + bdb154373697347c3d5b0c14e78dfcfd + CVE-2024-31650 + 2024-04-15 21:15:07 + A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. + 详情 + + + + 9245743bf25d8b2b7893466790f8be07 + CVE-2024-31649 + 2024-04-15 21:15:07 + A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. + 详情 + + + + cb0a0970e03dde886437af4ccd433898 + CVE-2024-31648 + 2024-04-15 21:15:07 + Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. + 详情 + + + + 8bca410bebefa3784283edfa816a4c90 + CVE-2024-23561 + 2024-04-15 21:15:07 + HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. + 详情 + + + + 4b9fb08bec71f969dd0e415b4d7020df + CVE-2024-23558 + 2024-04-15 21:15:07 + HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. + 详情 + + + + 04c1d2e1a3b44b4e3f493bfdac25a70c + CVE-2024-3804 + 2024-04-15 20:15:11 + A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 4864020290eca316abee9e517ddb48b1 + CVE-2024-32036 + 2024-04-15 20:15:11 + ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8. + 详情 + + + + a40fb99669c21a8f7d4fc696875a4e20 + CVE-2024-32035 + 2024-04-15 20:15:11 + ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8. + 详情 + + + + fd3f3eefeb8141fb8d3c8ded8ac20735 + CVE-2024-31990 + 2024-04-15 20:15:11 + Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16. + 详情 + + 34289f659d466a7e6c7c77846c04e973 CVE-2024-3762 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 3315ff09ef4002882586b280ebba5973 - CVE-2024-0157 - 2024-04-12 17:17:21 - Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session. - 详情 - - - - d6e69687d570799e00c72934be69ee83 - CVE-2024-3707 - 2024-04-12 14:15:09 - Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. - 详情 - - - - 2294de2743ac043fbc4fa1e30c6c20f7 - CVE-2024-3706 - 2024-04-12 14:15:09 - Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. - 详情 - - - - 19243d5e8ea0ce74eb09c5fc33114ec8 - CVE-2024-3705 - 2024-04-12 14:15:08 - Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. - 详情 - - - - 513133c591989f557bb35bec9e5077fd - CVE-2024-30273 - 2024-04-11 18:15:07 - Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - 详情 - - - - f6b8f13db1401a8ba826ede7e715fcc1 - CVE-2024-30272 - 2024-04-11 18:15:07 - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - 详情 - - - - 1c90d23ed00ba1a43ab95e7925d74016 - CVE-2024-30271 - 2024-04-11 18:15:07 - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - 详情 - - - - aac4c1426c19d0045cf88150ce31e439 - CVE-2023-50949 - 2024-04-11 17:15:30 - IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. - 详情 - - - - a5e43454e3256085139beec86ec6d1f0 - CVE-2024-31678 - 2024-04-11 16:15:25 - Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. - 详情 - - - - b616bedffb88e07bfa65121ffc7a7a9d - CVE-2024-0881 - 2024-04-11 16:15:24 - The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts - 详情 - -