From 8472580e6f358337d1b1a612385671b82501b9cd Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Sat, 5 Oct 2024 09:25:55 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 49541120 -> 49549312 bytes docs/index.html | 174 ++++++++++++++++++------------------- 3 files changed, 97 insertions(+), 87 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index d3c98d22eba..0deae0009b6 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -188,3 +188,13 @@ d8ed090dcada72e81ce792990b43e07d 6df7504b9baed58cebd2f6eb2bdeeb7e b4355797ec78f21e5628dec1bfb8871b 56436b970672affabc72d3b04a9929e1 +2e319570c62aa8ae825332d5c8690889 +8aae912aa967f42c9435bda9238f8d05 +fb9c6bb7e56a3ec367c5554ab19e61a2 +961bbdc758d842aa31033dd4503ce287 +5e0426bd0177e251053678b0498fa705 +5d7c15e4d3d3ea116efceaf48301919e +1c1e932f5b56506c21aae59dd9ef69ad +4fc6550277872dec5609570b4447e789 +d1e805e837511cf4147edd5bea1c6879 +9e07a86de4adfe12a600aede4e25f079 diff --git a/data/cves.db b/data/cves.db index f5e3c295a5d564f895565113ef3643758cf1139f..028328c05f7046e827282dd7978a39c507504c34 100644 GIT binary patch delta 6117 zcmciFd3Y36x(4uck;ob#f-DBLQQ1l8>gwtR6%4D0D9Eaayw%+mh>*nu1Q!G(FA)`4 zRB)xh6>$T1K*SYA5kb_5$SUFjBFM}* zm`YqnOe4w(64Qwa;(B5RaRYH9aT76B{mQn ziT8+2#QVet#D_#B@e#3^_?Xy2d_rs`wh`Nj9mGyz7x5{voA`{_LwrtrL3~MkMeHT^ z5nmJgiEoGl#6jX);t=r{;;+Qti0_EM6aOH-C;mzNK>SGjMEpDhzM1feAvGjjGUPa^ zDYc}w)RDSUPco&xG?0dpCC5u6X)Gs56KN{Vq`90Z+0sHzl9S~W@k>iNRZf%BrIoan zHqutwNqgxa9VJI{rIQ52l%QA=5?jI&k*LI^vz#Gk%30Dyy2{y-C*7pG^pKv?OM1&W z(nrpfzH*-Qlk?>Q=`RE1LK!H7WUvg8p)yP^l8a@yTp}anQW+_!_&XApge1k4d>JL9 zr9du|F)~&PrAUgUL@t+7DU)$BUapV{GEuIStK@3AMkdL%GFhg`RJl&3Nx4v_ONCr7 zGvo%jQErl%a&-lBeYvc~+j2=ViI9kd^X+tdbXHwY(%R%PaD#ye6;9 z8hJzBl(q7fye;eG9a%5$$_Cje@5v^4Up|lzrBXhU&GNBqkxyi+Y?JM>Lw3q8`BZkx zXR=2=moMZ?`AYW6KKWYq%QtdB4$8N3Nd6*!mA}b%@^|@%d@ui$ALK{*Nq+XtfT8ji zLuyF6WXN$+Q))?VsUvlzo@7dWX&?r2{edRpqC+Eur(q9J1g)&eE$zT~GLuHs;Bp1tYxkN_Dr7}`d@pmLH z2}z18`7%mIOMzS_V`QupN|6*xiCiwFQYPbMyj&p@WTIRtSIO0KjZBhjWwK0>sdAl6 zlX9U(sqzvREFLCGv`s*(Td% zhwPMH@~P~W&t#8$E?>x(@|Cd)dyV^N)pCzJD=qc%y1L%%y~Y~D!*v^t^i{{N_jNFy z3m~tHuU@CKS=mfq>B`DRv--~4YpB_mYQ9c2`%}#~spdecIhbm`HCFeXcgR@Yr*3-M zWoh+V)S8mMCT+giztQlV>xb%B>h#NLQ{h+@&d8u^nK3&ONQ8rq6Ls8Z(6+2#(oRIf zu|U+z3$8M~;qgBROC+?2*d_BH2a=nJ5dmHKAd*?SY zF7_H`95C88casI<{Q1SDg=PM>PO`9|sGw|IsWYy))azQ~fKlchxb+ny!)y5QAtSwx z?GIR;O}ld-=q=PR&HjVKe6!_{(Yl5mjILg@`;gJOZdRs(osqUbtzNfUb2C=d7@amh z3+uM#l#f@86_$3>CRx)aId(FVFl{%Kw33$Vm}c0`Pqz_hxy~K!sk{!n7P3~FqC5kasrB#ckri`Mvn!_%|_sNkJ-9< zV|p9CVqe=(C?~bXNO?b2HmwTIU~Af7$94muU^t!(n30GZw9SBRg(J~;AQX${I}z{l zjO|9Y5sKV1`zfQ~cT8~pqAzAO@pjbiWi$@|?|}V|z?|wWHNW-sJ+^^cRcqj*q7&ml zRyIjRr+m0oKHQ0g&3HVSh}h9&G^C=k%z$MjlOa1`CETFba@ZbKl)~yAd}p%}4_0r} z3>@h1IdPm@RHp6Z%^tGLXg~R=L>}4yORUV?Q1IWosOl-$@$mlAgLzb!nQQ&pWyOx{ z(o^iH%@;gesC~R(lc~Ou$2|Q}|E1}BC7D}{cEQv(HY+-?@`TjUH{G_T+avSiu|zl? zkGOW&vD}3AaKg6jkP|m!ZrJpeZGFbbZVhC{|oU&PDn zSz)yF7Pj4HEN%WvasCpY|L<@5Z#rab%C#$EtZZC0rS8`B?jxg)@omkL{=0}ru;vVw%a*Z87@hxRLsj^6D3 z+kAd+L-{@<;x)Wvx6Wt(oc+cR-qJlfbKB?~Iby2E_FLb1C%y5N(W+5uMyYc(J!5xT z=J$0=YR$`7ouz*&Hl?R-FvFL_99FidDiPZ%x1E?9h&a)3(hWJud{^rY2Lg_(N1Z15 z0dGLlUH>{=eGT3;`gN*Sjr4a$xr0gz)OrJIF7`F`7FKjNvL_!=(Et9%uO;%^&Hig0 z{2wLq+rm1kL;{CPr02wv;xcbY{XV|le`E!T|H2Bq0T0gbwfW_^k8&_8v#YW-!YUu( zBuzIOu-&K?u}w3PA2LG`H<`5Kx)&4S=#kkny(LDMs(UH7S}DsbaVPrA#uOBJ8|Q_L z)<+#_zxMsPxiV9^GJ|~zOG=BqA9b%rkA41$BhR!yY5s>ZWgWhl1I%FMiB*}(w8}G` zP<|q8+ks#t5{(3tZo&=+Qtx*0P)I5B<}BRfYwn#At28odL_@Z>(XRxsa= z+hIEpP6SQe1a>T$jJf&YnAh^$okq4VG=KfR?GdwDrB(Hs>37DCEuK(zOV*NX@8P~b k`x>8ls^aanv>n6#Bg6l$m(QAq_jve!0IF4IQ~&?~ delta 2861 zcmWmGL$DrL6h+~@Kelb#wrxAvv2An5wr$(Vi*4IB+MULFgKrJ*U{{^0JAB#I_`{!G zi9aoI*twxXWiLKGMe(4yBV+|x0V}i>#tLhNv%*^utcX@5E3y^EifTo(qFXVnm{u$+ zwiU;UYsItTTM4X$Rw660mBdPFC9{%SDXf%MDl4^>#!73Yv(j4`tc+GBE3=iw%4%h^ zvRgTIQHM5#q?9;+(X|=LiTWzei zRy(V`)xqj$b+S5JU97HFH>tJYlpSd+GXvw_E>wZeb#>K zfOXJ1WF5ASSi#m&>zH-iI$@o(PFbg|GuBz_oORy1U|qB>S(mLV)>Z48b=|sQ-L!65 zx2-$YUF)88-+Ev@v>sWHttZw~>zVc3dSSh^URkfLH`ZJ0o%P=OV12YcS)Z*h)>rGB z_1*em{bK!U{bv1c{bBuS{bl`a{j~nE{5%~$kqMcR1zC{|*^vV| zkqfzz2YHbX`B4A`Q3!=m1VvE{#Zdw!Q3|C|24ztWo_0a$g(Fl#v1WnNl%@MMH3$#Qlv_>1WMLV=d2XsUybVe6+MK^Ru5A;MY^hO`_ zML+b%01U(+48{-)#V`!V2#mxijD|4=V=)fnF#!`X36n7eQ!x$GF#|I(3$rl?b1@I| zu>cFP2#c`vcx3ahaOYq1XNu>l*g37fG6Td@t>u>(7?3%jugd$AAuaR3K# z2#0Y5!8nRzIF1uIiBmX@GdPQLIFAdsh)cMPE4YelxQ-jRiCeghJGhH`xQ_>Th(~yg zCwPiyc#ao%iC1`yH+YM8c#jYGh)?*8FZhaY_>Ld=1;64q{Ek2HC;r0U_=$h;Fa8S} zuK?$d074@S!Xg~PBLX5K5+WlCq9PiiBL-q37Gfg~;vyd6BLNa35fUQ_k|G(BBLz|- z6;dM&(jpzwBLgxb6EY(UvLYL@BL{LK7jh#H@**GdqW}t`5DKFRilP{bqXbH#6iTBE z%Ay>~qXH_T5-Ot#s-haIqXufC7HXpo>Y^U%qX8PC5gMZjnxYw+BV_*;Xo*&6jW%eD zc4&_d=!j0}j4tSkZs?94=!stFjXvm$e&~+@7>Gd_j3F3`VHl1P7>Q9B4Py+(VjRX} z0w!V-CSwYwVj8An24-RwW@8TKVjkvW0TyBr7GnvPVi}fW1y*7eR$~p;Vjb3F12$q4 zHe(C6VjH$&2X diff --git a/docs/index.html b/docs/index.html index 6735bd846a8..c50294ab70e 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 2e319570c62aa8ae825332d5c8690889 + CVE-2024-9528 + 2024-10-05 03:15:02 + The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 8aae912aa967f42c9435bda9238f8d05 + CVE-2024-9455 + 2024-10-05 02:15:02 + The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + 详情 + + + + fb9c6bb7e56a3ec367c5554ab19e61a2 + CVE-2024-9385 + 2024-10-05 02:15:02 + The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + 详情 + + + + 961bbdc758d842aa31033dd4503ce287 + CVE-2024-47841 + 2024-10-05 02:15:02 + Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. + 详情 + + + + 5e0426bd0177e251053678b0498fa705 + CVE-2024-47849 + 2024-10-05 01:15:12 + Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. + 详情 + + + + 5d7c15e4d3d3ea116efceaf48301919e + CVE-2024-47847 + 2024-10-05 01:15:12 + Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. + 详情 + + + + 1c1e932f5b56506c21aae59dd9ef69ad + CVE-2024-47846 + 2024-10-05 01:15:12 + Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. + 详情 + + + + 4fc6550277872dec5609570b4447e789 + CVE-2024-47845 + 2024-10-05 01:15:12 + Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. + 详情 + + + + d1e805e837511cf4147edd5bea1c6879 + CVE-2024-47840 + 2024-10-05 01:15:12 + Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. + 详情 + + + + 9e07a86de4adfe12a600aede4e25f079 + CVE-2024-47848 + 2024-10-05 00:15:02 + Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. + 详情 + + 4a557abd7ba519dc90cf8a3065861dd1 CVE-2024-6443 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-10-03 04:15:04 The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-10-03 03:15:02 Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-10-03 03:15:02 Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-10-03 03:15:02 Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-10-03 02:58:49 The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-10-03 02:54:58 The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 1ccc799c9730574b923457c1da8fa1b8 - CVE-2024-7855 - 2024-10-02 05:15:11 - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. - 详情 - - - - 4b1f19431ef777d600e7efceb0915df6 - CVE-2024-45186 - 2024-10-02 05:15:11 - FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. - 详情 - - - - 56db77ed78c66d177c336064f69d07a7 - CVE-2024-33662 - 2024-10-02 05:15:11 - Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. - 详情 - - - - 197b25657cce43dd45267cb82aa1432c - CVE-2024-21530 - 2024-10-02 05:15:11 - Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. - 详情 - - - - 528c0dbbc9590077dcd38260e823114f - CVE-2024-45519 - 2024-10-02 03:10:16 - A security vulnerability was discovered in the postjournal service, which may allow unauthenticated users to execute commands. - 详情 - - - - 86d94eb2b646191e1c531f314f7e0e81 - CVE-2024-9407 - 2024-10-01 21:15:08 - A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. - 详情 - - - - 9a9135067dfaba9ee7d7ee3c47b23017 - CVE-2024-47609 - 2024-10-01 21:15:08 - Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix. - 详情 - - - - fee40dcdde8f1e8bc716b8d0e472546d - CVE-2024-47528 - 2024-10-01 21:15:08 - LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. - 详情 - - - - cddc44d93b4200595c3265d027f45dfe - CVE-2024-47527 - 2024-10-01 21:15:07 - LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. - 详情 - - - - 9d96d585675e1b7c595042440bc3f575 - CVE-2024-47526 - 2024-10-01 21:15:07 - LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. - 详情 - -