diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index f444150ae9a..7491ddaa0cd 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -148,3 +148,18 @@ c7d45539f7ed70cd01366f66bfc9f8b9 42e392f592288339f51cb33f1eaf21bc a1ec46fcb6ef79449d1f85c80f4e456b 6f5d25a12e9b936c12438e3cb3649b95 +2b5dba824d7a87e8579c57f05e834f39 +eb7fe5b6e8575cc8f98def69a51ce205 +d17d1e533419c6f95cf30522d2a4744c +fbe35f4479e43ac001f81cb02f972fbb +6ffbbc1bb2ebd11ab7500ae1b4d43677 +e1e0ad67bd472ca090b33089f1cb7289 +5b096586d2cdaacaa8c647f3edbd3cae +d10fa09ba9a1fa5596225b05009bbcc8 +df395d07a8048d09db9744b086387267 +09001954c35190ab6d78dda3bb8fe77f +ed0149826cecae9e42a482f1b0a5a2b9 +5aac0a4073a0d86556e878eebaaa2ae1 +849a6b866b683b0f5f0619bcaba0931c +01f8f41fb723527ea508e14167c4b411 +df155cea924ade5f90e75daf653316cb diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat index 526e3354589..cf093e0741c 100644 --- a/cache/RedQueen.dat +++ b/cache/RedQueen.dat @@ -194,3 +194,7 @@ ce35f552dfbb36551f9430a6d79c0d37 f2dc98879c240eb40825e5c7c742a64b 2cb6f9eaa1222a5345092564d6ff6635 9342521a287e67aead1840e4541cc7d6 +f64c51bf0de6aa3a6e942b053a4c9d3a +1672588bb6d2b1ec02ca9106df348f57 +b988f2d566a670054288eeb2e4ee0304 +b7bc4d67c59e6f6c0c7cc7f41b20c120 diff --git a/data/cves.db b/data/cves.db index 286615ee33a..f09443ae0af 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 2aee2f4f6f7..5572bae7888 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -286,7 +286,7 @@

眈眈探求 | + 2024-04-24 21:15:46 A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 详情 @@ -294,7 +294,7 @@

眈眈探求 | + 2024-04-24 21:15:46 A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 详情 @@ -302,7 +302,7 @@

眈眈探求 | + 2024-04-24 21:15:46 A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 详情 @@ -310,7 +310,7 @@

眈眈探求 | + 2024-04-24 20:15:08 A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -318,7 +318,7 @@

眈眈探求 | + 2024-04-24 20:15:08 A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -326,7 +326,7 @@

眈眈探求 | + 2024-04-24 20:15:07 Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. 详情 @@ -334,7 +334,7 @@

眈眈探求 | + 2024-04-24 20:15:07 A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. 详情 @@ -342,7 +342,7 @@

眈眈探求 | + 2024-04-24 20:15:07 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. 详情 @@ -350,7 +350,7 @@

眈眈探求 | + 2024-04-24 20:15:07 A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 详情 @@ -358,7 +358,7 @@

眈眈探求 | + 2024-04-24 19:15:47 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. 详情 @@ -366,7 +366,7 @@

眈眈探求 | + 2024-04-24 01:15:49 A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. 详情 @@ -2092,123 +2092,123 @@

眈眈探求 | - IBM PowerSC HTML注入漏洞 - 详情 + 2b5dba824d7a87e8579c57f05e834f39 + CVE-2024-0418 + 2024-04-25 03:23:51 + File Sharing Wizard资源关闭或释放错误漏洞 + 详情 - 67647d5cc7c09321f72d76467021df0d - CVE-2023-51506 - 2024-04-25 03:22:22 - WordPress plugin WPCS跨站脚本漏洞 - 详情 + eb7fe5b6e8575cc8f98def69a51ce205 + CVE-2024-0417 + 2024-04-25 03:23:51 + DeShang DSShop路径遍历漏洞 + 详情 - aebf558e9b1c37fa58d780f32a2a7872 - CVE-2023-6223 - 2024-04-25 03:22:22 - WordPress Plugin LearnPress身份验证绕过漏洞 - 详情 + d17d1e533419c6f95cf30522d2a4744c + CVE-2024-0416 + 2024-04-25 03:23:51 + DeShang DSMall路径遍历漏洞 + 详情 - f144fc6630219bd878236954bf3f120f - CVE-2023-51695 - 2024-04-25 03:22:22 - WordPress plugin Everest Forms跨站脚本漏洞 - 详情 + fbe35f4479e43ac001f81cb02f972fbb + CVE-2024-0415 + 2024-04-25 03:23:51 + DeShang DSMall访问控制错误漏洞 + 详情 - d46a0c52521c49bd5d4df38b4340b2d2 - CVE-2023-47144 - 2024-04-25 03:22:22 - IBM Tivoli Application Dependency Discovery Manager跨站脚本漏洞 - 详情 + 6ffbbc1bb2ebd11ab7500ae1b4d43677 + CVE-2024-0414 + 2024-04-25 03:23:51 + DeShang DSKMS访问控制错误漏洞 + 详情 - 580e58ed6e6bd1cb9e3154a51237daca - CVE-2023-6582 - 2024-04-25 03:22:22 - WordPress ElementsKit Elementor addons plugin信息泄露漏洞 - 详情 + e1e0ad67bd472ca090b33089f1cb7289 + CVE-2024-0413 + 2024-04-25 03:23:51 + DeShang DSKMS访问控制错误漏洞 + 详情 - 6c79fb1e6662b1c1ae0f3a02e4ef24f5 - CVE-2023-47143 - 2024-04-25 03:22:22 - IBM Tivoli Application Dependency Discovery Manager HTTP标头注入漏洞 - 详情 + 5b096586d2cdaacaa8c647f3edbd3cae + CVE-2024-0412 + 2024-04-25 03:23:51 + DeShang DSShop访问控制错误漏洞 + 详情 - b7f30643afbdb1d7df0a609ccc2784d8 - CVE-2023-6875 - 2024-04-25 03:22:22 - WordPress POST SMTP Mailer不合理授权漏洞 - 详情 + d10fa09ba9a1fa5596225b05009bbcc8 + CVE-2024-0411 + 2024-04-25 03:23:51 + DeShang DSMall访问控制错误漏洞 + 详情 - f8376b05f122a5cbe12439eea01499e8 - CVE-2023-51509 - 2024-04-25 03:22:22 - WordPress plugin RegistrationMagic跨站脚本漏洞 - 详情 + df395d07a8048d09db9744b086387267 + CVE-2024-0429 + 2024-04-25 03:23:51 + Hex Workshop缓冲区错误漏洞 + 详情 - 512981509e4442909ecd75932ce0f3ce - CVE-2023-6561 - 2024-04-25 03:22:22 - WordPress Plugin Featured Image from URL跨站脚本执行漏洞 - 详情 + 09001954c35190ab6d78dda3bb8fe77f + CVE-2023-6554 + 2024-04-25 03:23:51 + Tecnick TCExam缺少授权漏洞 + 详情 - aacd0b4a71126b2e578f5f1a3a78445a - CVE-2024-22096 - 2024-04-25 03:22:22 - Rapid Software Rapid SCADA路径遍历漏洞 - 详情 + ed0149826cecae9e42a482f1b0a5a2b9 + CVE-2023-5118 + 2024-04-25 03:23:51 + Kofax Capture跨站脚本漏洞 + 详情 - 321a3076fa689cc83bd15db10929cba7 - CVE-2023-6782 - 2024-04-25 03:22:22 - WordPress AMP for WP Plugin跨站脚本执行漏洞 - 详情 + 5aac0a4073a0d86556e878eebaaa2ae1 + CVE-2023-51989 + 2024-04-25 03:23:51 + D-Link DIR-822+ 关键功能身份验证绕过漏洞 + 详情 - da34fd1cce20f9eb618bace073265b22 - CVE-2024-1201 - 2024-04-25 03:22:22 - PanteraSoft HDD Health DLL劫持漏洞 - 详情 + 849a6b866b683b0f5f0619bcaba0931c + CVE-2023-51987 + 2024-04-25 03:23:51 + D-Link DIR-822+ 关键功能身份验证绕过漏洞 + 详情 - aff24424388dbbe3da897958bd9ade53 - CVE-2024-0963 - 2024-04-25 03:22:22 - WordPress plugin Calculated Fields Form存储型跨站脚本漏洞 - 详情 + 01f8f41fb723527ea508e14167c4b411 + CVE-2023-51984 + 2024-04-25 03:23:51 + D-Link DIR-822+ OS命令注入漏洞 + 详情 - 2e86c3c1241581e57ae5041ebe7f1e94 - CVE-2024-23895 - 2024-04-25 03:22:22 - Cups Easy跨站脚本漏洞 - 详情 + df155cea924ade5f90e75daf653316cb + CVE-2023-6938 + 2024-04-25 03:23:51 + WordPress Oxygen Builder plugin跨站脚本漏洞 + 详情