From 5667f1c8782def2873335a2278ef7d7313b65161 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Fri, 16 Feb 2024 21:19:58 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 46096384 -> 46100480 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index faf18d7cbc0..59d4d210716 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -198,3 +198,13 @@ bf6ad87d2a8511d99f253c17c79dcdd3 e21bfe93720eca43aebe350aa7426243 c549c1e3e23fe847b0cac550846cbdc3 c97466358b23783d42d48f5c6667eb6b +53c6301f0b16a3aa4a5ee955344de741 +574016161377ae9ae1592699188687af +00e0ec8936dea0b4a966b587ff45428d +70578916122a5d2d34fb945f0a99dc68 +b912c9386d4340744f88103808ae773e +47b8143ac434ef799ef39620e99cf8f6 +d1bfee929a23cf2ece3a7993813cec56 +909d302aba10cbd9780b93203f2fa1f3 +f9999686045b837373b3ea9157837116 +b7831d3ab4efc3db55ce206998468ce1 diff --git a/data/cves.db b/data/cves.db index 11ba8ac91d5cc458f8d6f092d999823fc0d12532..3ecb63db509194a1213da93c0f82ddc9f5054162 100644 GIT binary patch delta 5712 zcmdVc2XqwW76))<2mwMukpu_<9Ga96GPAQ4MF=G!Kp>Dv6U?36olQoz#4Uk{2qC#3 zB2Cl|wPi|UYR8n$l)==VsRL6- zrcO+!Fm-0iWXfXd!qkciBRsUK5+rqh@PFb!lH z#59;GmuU!79@9{!d?uMmVX`r)Om-#*latBCeC(z%+_! zG}9QSu}p$j6OtnnsGc91cfN3Gqg-nZ>7Bkf`En%u>YG7ifrA*71E@E2FbTQKkrc0PsGOc1- z&9sJTEz_k;>zFQMx}50>rXmO-v?JBhzN4YnZNO+QM`l(^jVI znQmaZk?AI;ZA{ylb};Q^+Qqb+>1L)qOnaGbVcN%ZE7N|a+n5e89b`JhbUV{wrXx&E zOm{FHWxA8;E~dMg?qRx@={~0WnI2$zkm(_&hnXH>dX(ugrejQxGd;odB-2w&PcuEk z^eoeJOwTjD!1N;1OH3~_y~6Y=({ZK~Os_G$&h!S;n@n#pz0LFv)4NRXF}=_90n>*} zA2EH*^a<0aOrJ4*&h!P-mrP$Vea-X@)3;3DF@4YU7p5PWeq{P-ISDIC01;Y33bcY$ zXbo+kEu=v^NQVq)4;`Q*bb?c$Gh{**bb+qW4YHv-WG(g2hk=OQ0SafMF>tgNtA}TnsDV z5?BeVU^T3PwQwn{gUjG@xB`-}9yY+0uo13;t6>wE&hMQpz?1fukAKVK2;Wjt`2jLLh4u|0gG{GHk6z+t(;BL4F?uGl{es};L zgoof^cmy7W$KV(|4o|?7@Dw}^&%m?r96S#%z>Dw_ybQ0vt8g4nz-#b2ya8{*Tktl# z1Mk9n@IHJ1AHqlQF?<4_!e{U~d;wp=SMW7_1K+}T@ICwmet;k0Ct*2>*#00wOGtrM zkP5A#4YY+cXb0(#0qvm!bc9ZD3Ur1{$bv4=6}mw-bcY=10X?A?oC*^3hCa|2`ayp< z4F-`6Un04l`gT%!0FFHq3!@paQJ;Yv2VR_(6vNR6-RP za4yV+AcPR<`fLjy1@g=KINEQgC> z1zZ9vVHK=~HLw;gg>`TlTn<-264t{8xDqzPRd6+I0uvfxGh74L!WOs=w!-yr1KbEV z!8X_qJ76d5g57X4?18;-3+#hi#ly5;-12Ih8L8`ASeLz~^yB-*ouZK1)T#6vVVSsJ zE*&>RXqEdFH=eQDd~3gm$8FZ*fb}?NJq}rq+pWi8vB`Yvh^QNxZG}E9It*_g%h;R# zW_rIiH>Fm!ylsESk(Fse9(O`hX(f4s8nV@fY|SM*TyBrzRBSfQ;kWr!d%)|lI|8!i z@%Vk_<14z0IYaES>~<7~C0`_5qetUq32$XotF9`HMndBXCQ6ZjR90n#MmPV}++4d^ zlr|nC(Vy)2rGEA>n{2b^$+kSjDJh;|ies4U{tufn8=aSl{cX*o;aqM!9n%=l;7}VJ z6|$_$y3g%Voqk=Dy>`vxbb1|bS0G?_*lo#z)>`&Jj6zm^F^%%b=t!tK64t}{Xnas%du3q3a%pL$%xey30KA+F`LrOU0v@!m_SHx8x^F z=C)6+xqDRFCgXh}#jNCRRiy;{uhNr{*q zl`5l=M71e&3k$spV@4&S7RJ(9fsRE2@p)QQZw_@-_vuEBE?G@U1^$o`Hezwa87p06 zwIEeTk=Q}KQjeKOKQ9rwnrVAS3F(`j-7T~=Py4=~nALlTT>H7vupdLP zI0vN{l5v)g?VOugk3}epU0@^?*kvB`?7IqX<1Yj-M&SvRAj zc&d5)&;?@u=>>&_6~$wuYAuQ~7RRz^aVcL51T-U>e{$i5R##R3YBxDf7UF-okDTA> z!`yC+5%SGrpB)xcWDLB19yb;=mmfi`7b*fCd^z1t+3xVVRTsX!s;(i52!=~Zp4c}# zyA`&PYB!Z~L(DQieqf#0w*6449J!^>N3I&-%H-zaNZ(|KLkH8+Vn}nTI;i<{^O(yN zGFw~qSt=Tvtk~+yGB;O^5i|Qw*S%#C-&{Q&lWGi28eKNE@K>{UTC+EWoGZjGe?WKb zf8CwAX7E;FklZ{aTipb19N7k?c)B{h!Xtb9s%+D|nj-tWeviv7dp!u48n6X4Q@d!6 z(0$WEtiE|-|30yE@3GM+4yQ;WCTTHie}_;pe_0V-=I$8>u+F=Y|z zT6vWbo{MrH*F#d-RHsXxW|L5PtkXdXY2icwhhhTfpA^7NK+>vlTFy5@T3km}AD;;8 z5{9c-89P3KH~2-B=IJO)K|K(+ma*h-ZD5V1l89f&sbcu5a2h1cobBs`?&cA}F1BkK zj8rB+{j#dFDOD!LR3Vz&yl!S@;N(!6&*5lT3&yOTLJ_|asFhIM{6S!I{l~E&JJ47lgEyK)wiIcxsCsYKrEo!|t&wG1;*mcpbBLDO5 z`7eei^<;d^PKZjs|Cy+m_YeF)=xb89gJQ~1BurfiH=b#w`%HCah27u;`7_u%3oe`^bldpqT|ygE`sOEL jbOzGgIwj}o(Xbv&*5ypm{=tp-kL{%SLO7tM;&l8Kkk9;m delta 2652 zcmWmG03q6-5Qbzz$UG?!@lyj@$0;#<*2f>~8FC#YSCs8r$4tq3cZ-F4Vc} z{qVc~fcu>1oF^{jc~so>=TWQjhQ_8!Rr<;5=z1Zs^JIls0V}nY#tOC4TIsAXE4`J$ z%4mgK5mqKEvlVG&v9em(tn5~lmBY$u<+5^Hd91uvJ}bXfz$$1(TZOE`RuL=4Dryz8 zid!YDl2$3Jv{l9`Yn8LgTNSK|Rwb*lRmG}mRkNyFHLRLeEvvRw$BMP;TJ@~@Rs*Y{ z)yQgWHL;pn&8+5D3#+Bo%4%)3vD#YgtoBw1tE1J)>TGqfx?0_=?p6=0r`5~qZS}GG zTKz2c>2D3N23mux!PXFKs5Q(QZjG=;TBEGd));H7HO?AuO|T|fldQ?s6lSZl3y)_QA$ zwb9ySZML>pTdi%@c58>V)7oVvTDz@1)?RC$wck2m9kdQvhpi*lQR|p>+&W>Mv`$&4 ztuxkH>zsAoO0q6k7p+UyW$TJ{)w*USTi2}{)=ldr>t*W|>s9MD>vii5>rLw|>uu{D z>s{+T>wW73>qF}!>tpMdb=$gQ-L*ckKD9ox?pdE(Us(686zfatE9-0P8|#7f(E8T; z&idZ^!TQnq$@Q23Sbtf6TmM-9T2HNK)^qDW>qWdm5)^^} zQX>sQkrwF?hV;mQj0i^rG9fb}kp)?i4cQTe9LR}W$c;S6i+sqB0w{=R6hdJXK@5tb z7>c6=N}?1>qYTQT9Ll2tDxwl9qYA2`8mglPYN8fuqYh$G7xhpd4bTvc&=^h76wS~a zEzlCJ&>C&f7VXd;9ncY-&>3CO72VJsJMZw7yS_2zdr_GAO>MDhF~a$VK_!$ zBt~I0#$YVQVLT>aA|_!nreG?jVLE1DCT3wa=3p-3Fc0&w01II(!eT5zJeFb^mLmZx zuoA1V8f&l?>#!ahuo0WE8C$Rw+prxwuoJtGh~3zOz1WBSIDmsVgu^(3qd11+IDwNm zh0{2Lvp9$INWukN#3fwD63~(fsq)6(HMiV7>DtgfQgud$(Vwvn1< + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 53c6301f0b16a3aa4a5ee955344de741 + CVE-2024-21915 + 2024-02-16 19:15:08 + A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. + 详情 + + + + 574016161377ae9ae1592699188687af + CVE-2024-1591 + 2024-02-16 19:15:08 + Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. + 详情 + + + + 00e0ec8936dea0b4a966b587ff45428d + CVE-2024-0015 + 2024-02-16 19:15:08 + In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. + 详情 + + + + 70578916122a5d2d34fb945f0a99dc68 + CVE-2023-40085 + 2024-02-16 19:15:08 + In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. + 详情 + + + + b912c9386d4340744f88103808ae773e + CVE-2023-21165 + 2024-02-16 19:15:08 + In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. + 详情 + + + + 47b8143ac434ef799ef39620e99cf8f6 + CVE-2024-1515 + 2024-02-16 18:15:07 + Rejected reason: Erroneous assignement + 详情 + + + + d1bfee929a23cf2ece3a7993813cec56 + CVE-2024-23591 + 2024-02-16 17:15:08 + ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. + 详情 + + + + 909d302aba10cbd9780b93203f2fa1f3 + CVE-2024-1444 + 2024-02-16 17:15:08 + Rejected reason: Erroneous assignment + 详情 + + + + f9999686045b837373b3ea9157837116 + CVE-2024-1342 + 2024-02-16 16:15:57 + A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. + 详情 + + + + b7831d3ab4efc3db55ce206998468ce1 + CVE-2024-25320 + 2024-02-16 15:15:08 + Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. + 详情 + + f4b6c8602f534398ec169444ba866ec5 CVE-2024-25620 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 932602bf23ed6be6fa7cd58444930af1 - CVE-2023-6815 - 2024-02-13 07:15:46 - Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. - 详情 - - - - 42df8328796113c645b60c784cbbaf87 - CVE-2024-25914 - 2024-02-13 05:15:09 - Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. - 详情 - - - - ed5cca03f52b4cfb895ff92a9211bad3 - CVE-2024-21491 - 2024-02-13 05:15:08 - Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. - 详情 - - - - 954baa39956472e2e4f25604d4de7005 - CVE-2023-52431 - 2024-02-13 05:15:08 - The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). - 详情 - - - - 3d503e6f01e58b930dbdd8267b9ccafa - CVE-2022-48623 - 2024-02-13 05:15:08 - The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. - 详情 - - - - 7b1de36105bcebb60b0301f47e2b21aa - CVE-2024-25643 - 2024-02-13 04:15:08 - The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. - 详情 - - - - c82f8b94754d3c8405cad1cc1c24367c - CVE-2024-24741 - 2024-02-13 04:15:08 - SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. - 详情 - - - - f2f1e142d82a127a8a75009515df0d81 - CVE-2024-22129 - 2024-02-13 04:15:08 - SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. - 详情 - - - - 4e8a6504adf3b01184d90663573b87cd - CVE-2024-22024 - 2024-02-13 04:15:07 - An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. - 详情 - - - - fedcff969fe657533267a92fe0fa8bc9 - CVE-2024-25642 - 2024-02-13 03:15:09 - Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system. - 详情 - -