diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 325daa5797e..d58a981681c 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -128,3 +128,13 @@ df6bcb19e65f6b1c59002087af562ad8 d349cefd043daf680900ef3e9225fac8 1a1d88cb88b74363c74901a647d50785 2101f920a56f7429f92d02208db26021 +17011e370c7709795d6c97cd10ffd77c +76580dc98577d8753e3e67bff62df45d +d7b0babe33e61d6aaafb4e214393812b +298819c0331142aa3012544fbe7d5bc6 +b2d0fdc90226d8528b00de0a8c7e6344 +1601995ad07507e8b7edfd5d2522b51a +e4b49475254cebadf5277e08b33f87e2 +7cd4148e37fddea9b598df3657d118c1 +291bcbdb32d373dfe04a4672524cba2d +90f9a72a099d5af0058554e3e534c686 diff --git a/data/cves.db b/data/cves.db index ee266c83497..1e741446fc8 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index c122e774edc..7ee76beeeb1 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 17011e370c7709795d6c97cd10ffd77c + CVE-2023-5460 + 2023-10-09 19:15:00 + A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 76580dc98577d8753e3e67bff62df45d + CVE-2023-5459 + 2023-10-09 19:15:00 + A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + d7b0babe33e61d6aaafb4e214393812b + CVE-2023-41672 + 2023-10-09 19:15:00 + Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. + 详情 + + + + 298819c0331142aa3012544fbe7d5bc6 + CVE-2023-41670 + 2023-10-09 19:15:00 + Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. + 详情 + + + + b2d0fdc90226d8528b00de0a8c7e6344 + CVE-2023-41669 + 2023-10-09 19:15:00 + Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. + 详情 + + + + 1601995ad07507e8b7edfd5d2522b51a + CVE-2022-3431 + 2023-10-09 19:15:00 + A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. + 详情 + + + + e4b49475254cebadf5277e08b33f87e2 + CVE-2023-41668 + 2023-10-09 18:15:00 + Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. + 详情 + + + + 7cd4148e37fddea9b598df3657d118c1 + CVE-2023-41667 + 2023-10-09 18:15:00 + Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. + 详情 + + + + 291bcbdb32d373dfe04a4672524cba2d + CVE-2023-39194 + 2023-10-09 18:15:00 + A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. + 详情 + + + + 90f9a72a099d5af0058554e3e534c686 + CVE-2023-39193 + 2023-10-09 18:15:00 + A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. + 详情 + + 4bb123e521032e807438cf60c52f017c CVE-2023-45356 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 5ff7a179ca0e52ad35af09234260e743 - CVE-2023-5182 - 2023-10-07 00:15:00 - Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. - 详情 - - - - ceaba1cde842d751c921570050432457 - CVE-2023-36123 - 2023-10-07 00:15:00 - Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. - 详情 - - - - d7c9148f172e7f87fa1d39b430c3ce25 - CVE-2023-44860 - 2023-10-06 23:15:00 - An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. - 详情 - - - - 478b6d47c0f482a555aacf7770b3e0fc - CVE-2023-44061 - 2023-10-06 23:15:00 - File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. - 详情 - - - - fca3794018c119647c192df84dec1aaf - CVE-2023-45322 - 2023-10-06 22:15:00 - ** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." - 详情 - - - - 1f998874f1edb701c462073f897f7996 - CVE-2022-33160 - 2023-10-06 22:15:00 - IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. - 详情 - - - - 9c9c09c38fbad0dc232ee947a80410cb - CVE-2023-45311 - 2023-10-06 21:15:00 - fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. - 详情 - - - - e7e4836b459bc502ed72b03e71295413 - CVE-2023-3725 - 2023-10-06 21:15:00 - Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem - 详情 - - - - e3ec2575a1c23253b20fdaedcdfff5cf - CVE-2023-45303 - 2023-10-06 19:15:00 - ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). - 详情 - - - - 004d187d4b6141a1cf6956d672706151 - CVE-2023-45282 - 2023-10-06 19:15:00 - In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action. - 详情 - -