Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Nov 15, 2023
1 parent ec13e94 commit 429b100
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,3 +148,13 @@ f004a8d969cce560692b15f68a7d8a2c
7253588e128397c1c099009d910ea923
cba2a8ef98361d20a62e26c492287de7
2d93417e491a80e55f88dc15d7b75784
e8e430cb471db6b18d2d0afc7a8a4e96
740a695d08aea1a82fc34d7413fa11c1
09165acb21f42aaf941a4786d59b006f
e4ce7c165ca8963d6e306f907bc2fc30
eeee0e733d583a11388840e72e5248a1
15eabae1cebf51bd6469f1bf540a6f50
00d3a7040c03760292377392082a8a02
fc99a42733a8ed022f571ab1b1c38363
bd5361e01f8b75b6059c9d3d67d2cc78
aded0c763a9666bc54e667134fee57ab
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2023-11-15 16:32:00 -->
<!-- RELEASE TIME : 2023-11-15 19:19:34 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>e8e430cb471db6b18d2d0afc7a8a4e96</td>
<td>CVE-2023-48089</td>
<td>2023-11-15 15:15:00 <img src="imgs/new.gif" /></td>
<td>xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48089">详情</a></td>
</tr>

<tr>
<td>740a695d08aea1a82fc34d7413fa11c1</td>
<td>CVE-2023-48088</td>
<td>2023-11-15 15:15:00 <img src="imgs/new.gif" /></td>
<td>xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48088">详情</a></td>
</tr>

<tr>
<td>09165acb21f42aaf941a4786d59b006f</td>
<td>CVE-2023-48087</td>
<td>2023-11-15 15:15:00 <img src="imgs/new.gif" /></td>
<td>xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48087">详情</a></td>
</tr>

<tr>
<td>e4ce7c165ca8963d6e306f907bc2fc30</td>
<td>CVE-2023-5720</td>
<td>2023-11-15 14:15:00 <img src="imgs/new.gif" /></td>
<td>A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5720">详情</a></td>
</tr>

<tr>
<td>eeee0e733d583a11388840e72e5248a1</td>
<td>CVE-2023-5676</td>
<td>2023-11-15 14:15:00 <img src="imgs/new.gif" /></td>
<td>In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5676">详情</a></td>
</tr>

<tr>
<td>15eabae1cebf51bd6469f1bf540a6f50</td>
<td>CVE-2023-5245</td>
<td>2023-11-15 13:15:00 <img src="imgs/new.gif" /></td>
<td>FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5245">详情</a></td>
</tr>

<tr>
<td>00d3a7040c03760292377392082a8a02</td>
<td>CVE-2023-4602</td>
<td>2023-11-15 13:15:00 <img src="imgs/new.gif" /></td>
<td>The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4602">详情</a></td>
</tr>

<tr>
<td>fc99a42733a8ed022f571ab1b1c38363</td>
<td>CVE-2023-23549</td>
<td>2023-11-15 11:15:00 <img src="imgs/new.gif" /></td>
<td>Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23549">详情</a></td>
</tr>

<tr>
<td>bd5361e01f8b75b6059c9d3d67d2cc78</td>
<td>CVE-2023-34062</td>
<td>2023-11-15 10:15:00 <img src="imgs/new.gif" /></td>
<td>In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-34062">详情</a></td>
</tr>

<tr>
<td>aded0c763a9666bc54e667134fee57ab</td>
<td>CVE-2023-46672</td>
<td>2023-11-15 08:15:00 <img src="imgs/new.gif" /></td>
<td>An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46672">详情</a></td>
</tr>

<tr>
<td>736890e63ac7080810c266881de4fe91</td>
<td>CVE-2023-46121</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6083">详情</a></td>
</tr>

<tr>
<td>f1a4d8e03915f796872fc590a345810c</td>
<td>CVE-2023-6103</td>
<td>2023-11-13 18:15:00</td>
<td>A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6103">详情</a></td>
</tr>

<tr>
<td>9179947f447fe027e09c60b188fb8148</td>
<td>CVE-2023-6102</td>
<td>2023-11-13 18:15:00</td>
<td>A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-245064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6102">详情</a></td>
</tr>

<tr>
<td>a984d89a86b187f274e3f59941653234</td>
<td>CVE-2023-32123</td>
<td>2023-11-13 18:15:00</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-32123">详情</a></td>
</tr>

<tr>
<td>49d2e7bdae94453720f3a8f37a3b85e1</td>
<td>CVE-2023-31230</td>
<td>2023-11-13 18:15:00</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31230">详情</a></td>
</tr>

<tr>
<td>4388875b84e8d6d5d4182bda077d3017</td>
<td>CVE-2023-39166</td>
<td>2023-11-13 17:15:00</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39166">详情</a></td>
</tr>

<tr>
<td>1d7a16d758a93dd757054c841f14d564</td>
<td>CVE-2023-35877</td>
<td>2023-11-13 17:15:00</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-35877">详情</a></td>
</tr>

<tr>
<td>9d4df145a406f6be01f7f619341178e6</td>
<td>CVE-2023-6101</td>
<td>2023-11-13 16:15:00</td>
<td>A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6101">详情</a></td>
</tr>

<tr>
<td>1dd72113a15886f6f1ef09fc94dc4236</td>
<td>CVE-2023-6100</td>
<td>2023-11-13 16:15:00</td>
<td>A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6100">详情</a></td>
</tr>

<tr>
<td>d48ac52db785e46ec3edb35e5f594a8c</td>
<td>CVE-2023-6099</td>
<td>2023-11-13 16:15:00</td>
<td>A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6099">详情</a></td>
</tr>

<tr>
<td>6e71b0e92c5726f1a5335987a80b02d1</td>
<td>CVE-2023-48068</td>
<td>2023-11-13 16:15:00</td>
<td>DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48068">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 429b100

Please sign in to comment.