From 9d4979e48bbd6fc8a8bbd6259e3f2ab820337197 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 7 Oct 2024 09:26:36 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 ++ data/cves.db | Bin 49557504 -> 49565696 bytes docs/index.html | 200 ++++++++++++++++++------------------- 3 files changed, 110 insertions(+), 100 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index a4f4ef04890..f77ac9c75eb 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -108,3 +108,13 @@ e3979eac364dda0059e9f9ee2b8a0c1f 79d2eec980bb653edfe58fc10d0858d3 55d6088aa82c826117ce9f4e2eaf22f3 ab19b96c9a50fdc6cb0a45cd25ce22b2 +9780c53f505ca0e5e0bc99eed3f6b600 +0d85c4bcac1a9eeb82904d263acdf665 +daf82040e23ff87537f161b991c86201 +992ee153e21872cd5ad109107582b604 +c10f9e23cd2bcbd805a5fe697e49ac06 +ce0042f4852c30ebcff63903d5f86e51 +0f2105eb619a182af0ab75ab538ac980 +f213a7eafbc34b7a0479cdf22b58ba51 +c5053ea29c150e47d4e6f1a23dac434f +4065b5d528846523e63695068a59a322 diff --git a/data/cves.db b/data/cves.db index 6c14df653c3da4be7d4228b020ae1335315fbcf2..abe39985048a664a22c33215769584d3f779c868 100644 GIT binary patch delta 4742 zcmajhd7Mq<9|v&vFk_tyq@pAodBAcj8R3XkK zsuJfB)rjgu4WcGdi>OW1AxmnP8;O2|&c`ESM4ZSc5=4^dPYfUi z5;qYy6N8As#1P^ZVkj|;7*32JZY4$%qlnSO7~(eKcH$1=PU0@&ZsHzdEHRE4PfQ>R z2om=a_Yo6`NyPocWa0s03Ne+KMocGW5DyX$5f2lO5HpEFVixfz@fh(q@dPoOc#`mm zImBGzDdK5j9`Ot@pLmvdj(DDUfmlGiNW4V6OuRz8N-QK^BNh>hi6zAA#8To7;!R>1 zv7A^ztRz+utBEzlT4Eiso_LGcKx`!5CN>f85bqM3i7mu?#8%>cVjHoY*gVOl2S@CBvVRD87V8}q`Xv+ zEICIiN+rpb%2Gwnm8x={RFmpbLuyJbsV#Nne7Qh!q^?{j^`yQukcQGo8cP#tD$S(1 zi7g>Z$dcG6xhmJZTUI!R}_M7l^o%JedQXtR<4ulPf$GDdEb+vN_qQ|^+x|jnPT3_z@{xQjyX6!4R6di>WsmHYeX?H;$QSaZd?g3vYxzdL zl|%BKd@n!9VL2i{%27EcKgrMXiyW6<<%Ikuzsn!;r~FU;3QU5b&tD8FDWxPsGNrVX zk+M=w%1Z^wl5?b@RFZ6|ELG%OsVe75HK{H&q^8u8+EPc(mkT6E>dJ*uPwGnpX()}P zu{4pU(oC95uC$OmF(oLL*b)*)!V;0FxYANuNo%=C+DKbzC++28=^!1YlXR9#q>FTw zOQoA!Cf%inTrNGOms}yeYvxu6{a6Dwi+cf8)vT0HisLXOIFD1$f7*`tpkgi zOv{^j$k6g#YWY63{E%7>r_YQBY~ya z(>g zhmBJHxT*^R4g7X}djz`rW5?GFjPmCkoNr{eaNVeD23zHH9Wi2LBByJ|mO0&f_sI>0 zO{;}vTA|#anQKOJOuJ>!X=&R2xM~Xm_0KF*{cL4?uj)dhVJMVqnL#s{ir@I3_-208 ziHBlwFCO&VL?RZoTr-q!g>5gMpA7p82OK;VKVbd+%VSTBFuM3_X4eeV^V|Kh!$_nW zh`Lsq27>?6z!_yy4Wuno*lWU=Q~516Vo{^w{CRdkp65oQX56upj_JfbGvOr6Slm@3 z`F1iK3m4AFm|MfIG;FU?s&de@yAH`2J;)o9lN>mF@Mv$iAK3qE04J}a5WD?KZCuj~ z+D`P0P8`=w*U5j?t8vzPe%)F90u4)_yc2tM$0k1+D>AEO=@n;|7*!&xZ@D#P8fVNb znOUMRdrkj%F3al`7dKtSE~w(g)vcZIEH@r>%tR=XA4-IiLC>=Dy?Ds>gOiULwaQzj z={ia{I5g6qaUj#!=R{pM9CbrybQiY6X}Ysc-&^CXd;J;f+8Pc0X(x6V8F{XgO4{O| zq)97idy#~fjK%FxEaI7=h^vQXSurOX^Zf0t+XYVEPevIxeEJU-ht=_=3G4h<*y^dU z>Gt~Vsx~qjoyrPcf$i@pUCC&ET7i=4wsJ1uh1OuCwo@q8;5kL5>A$8(a2 zup3E)T+hdlo}RJPM0=}DYTaezvMh_t;=Z!&f^08jhMky`?^w}jDC}5v zLSMe?nBl1BxSs9L*u250T~g=aZ=br?u>I9X7a5E5%xK8AqGwKb$4++xmcM+;Uc)-M Sx5iob`t9{4{yjAeH}rqYn{=T7 delta 2856 zcmWmG{^1Lr&kk9 zOA>Bls8Bh|Oix)N^u`ggLR$eVj1|@jXN9*SSP`vAR%9!R71fGnMYm#DF|AluY%7ix z*NSJww-Q(htwdI0D~XlVN@gXuQdlXiR90#$jg{6)XQj6?SQ)KMR%R=UmDS2-Ww&xz zIjvk)ZYz(K*UD$*w+dJVtwL5|tB6(9DrOb8N?0YWQdViJj8)buXO*`qSQV{GR%NS- zRn@9yRkvzbHLY4!ZL5w|*Q#gLw;EUttwvU3tBKXrYGyUJT3GDU(rRV3w%S;2t#(#> ztAo|i>ST4cx>#MUZdP}zht<>SW%aiDSbeR2R)1@NHP9Ml4Yr0@L#<)fa4X0fVU4s# zS)(mmW2~{(IBUE$!J24IvL;(otf|&CYq~YVnrY3lW?OTtxz;>uzO}$wXf3i9TT85^ z)-r3kwZd9yt+G~IYpk`_I%~bP!P;nTvNl^=tgY5IYrD0>+G*{wc3XR_z1BW!zjeSm zXdSW+TSu&5>!@|iI&Ph?PFkm|)7Ba5taZ*hZ(Xo1T9>TL))nijb#6n3dTzb2URtlL*VY^Bt@X}&Z+);nTA!@X))(um_09Tj z{jh#ozgWLozgfRqe^`H7e_4N9|5*Q8|BYAZ$qJ1C!XPZdAv_`=A|fF&q97`wAv$6p zCSoBr;vg>KAwCiyArc`mk{~IPAvsbYB~l?Z(jYC;Aw4o6BQhZ~vLGw6AvYy&_ zp*|X*AsV4EnxH9~p*dP0WdD|Eh1O_;wrGd;=zxysgwE)KuIPsD=z*T-h2H3czUYVk z7=VEoguxhsp%{kY2*L=A#3+o0F$QBX4&yNa6EO*sF$GgG4bw3LGcgOZF$Z%o5A(4A z3$X}`u>?!849l?sE3pczu?B0g4(qW28?gzSu?1VP4coB;JFyG9u?Ksx5BqTd2XP38 zaRk9QieosA6F7-eIE^zni*q=S3%H0&xQr{fifg!z8@P#ExQ#owi+i|_2Y84_c#J1_ zif4F^7kG(Rc#SuBi+6aB5BP{r_>3?3if{OiANYx1@GE}9@Aw0M;xGJ-fABB<3q4)| z&L07UL0E)Cctk)%L_%alK~zLTbi_bR#6oPuL0rT`d?Y|ZBtl{&K~f|`a-={?q(W+> zL0Y6kdSpOGWI|?SK~`i#cH}@#kb<{vj)Ix34L0!~CeKbHrG(uxEK~pqCbF@In{w>i8t z*Ki#-a1*z18+ULQ_i!H%@DPvi7*FsN&+r^C@Di`^8gK9x@9;iwSRVqbrbcWZK1ZmK z=QTL$v=4#Hf#BFdy+bz$Gd0(o4*~KqB%ea^IV4{~@--yiLh?NjoNLaHz>V>d!bB + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 9780c53f505ca0e5e0bc99eed3f6b600 + CVE-2024-20103 + 2024-10-07 03:15:03 + In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. + 详情 + + + + 0d85c4bcac1a9eeb82904d263acdf665 + CVE-2024-20102 + 2024-10-07 03:15:03 + In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. + 详情 + + + + daf82040e23ff87537f161b991c86201 + CVE-2024-20101 + 2024-10-07 03:15:03 + In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. + 详情 + + + + 992ee153e21872cd5ad109107582b604 + CVE-2024-20100 + 2024-10-07 03:15:03 + In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. + 详情 + + + + c10f9e23cd2bcbd805a5fe697e49ac06 + CVE-2024-20099 + 2024-10-07 03:15:03 + In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. + 详情 + + + + ce0042f4852c30ebcff63903d5f86e51 + CVE-2024-20098 + 2024-10-07 03:15:03 + In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. + 详情 + + + + 0f2105eb619a182af0ab75ab538ac980 + CVE-2024-20097 + 2024-10-07 03:15:03 + In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. + 详情 + + + + f213a7eafbc34b7a0479cdf22b58ba51 + CVE-2024-20096 + 2024-10-07 03:15:02 + In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. + 详情 + + + + c5053ea29c150e47d4e6f1a23dac434f + CVE-2024-20095 + 2024-10-07 03:15:02 + In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. + 详情 + + + + 4065b5d528846523e63695068a59a322 + CVE-2024-20094 + 2024-10-07 03:15:02 + In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. + 详情 + + cd3dc0caa87be27c7f7d42d654109752 CVE-2024-9549 @@ -294,7 +374,7 @@

眈眈探求 | + 2024-10-05 16:15:04 A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -302,7 +382,7 @@

眈眈探求 | + 2024-10-05 16:15:04 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12. 详情 @@ -310,7 +390,7 @@

眈眈探求 | + 2024-10-05 16:15:04 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3. 详情 @@ -318,7 +398,7 @@

眈眈探求 | + 2024-10-05 16:15:03 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ashraf XLTab – Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab – Accordions and Tabs for Elementor Page Builder: from n/a through 1.3. 详情 @@ -326,7 +406,7 @@

眈眈探求 | + 2024-10-05 16:15:03 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. 详情 @@ -334,7 +414,7 @@

眈眈探求 | + 2024-10-05 16:15:03 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. 详情 @@ -342,7 +422,7 @@

眈眈探求 | + 2024-10-05 16:15:03 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. 详情 @@ -350,7 +430,7 @@

眈眈探求 | + 2024-10-05 16:15:03 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2024-10-05 16:15:02 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21. 详情 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-10-05 03:15:02 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-10-05 02:15:02 The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-10-05 02:15:02 The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-10-05 02:15:02 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-10-05 01:15:12 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-10-05 01:15:12 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2024-10-05 01:15:12 Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2024-10-05 01:15:12 Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2024-10-05 01:15:12 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2024-10-05 00:15:02 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 详情 - - 4a557abd7ba519dc90cf8a3065861dd1 - CVE-2024-6443 - 2024-10-04 05:56:30 - In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. - 详情 - - - - 9540b0755ceb1654c6e6c0e1b0a1d6b8 - CVE-2024-6442 - 2024-10-04 05:36:10 - In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. - 详情 - - - - 7edb21d12f2474e5176927682b87dd38 - CVE-2024-9242 - 2024-10-04 05:30:17 - The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - d59db743f7a7296cc7d8b4c86099e9ee - CVE-2024-8804 - 2024-10-04 05:30:17 - The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 633191907af5f9bdf891827649f62431 - CVE-2024-9445 - 2024-10-04 05:15:14 - The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - a00e93a47bf12d491e6f928d90cb7d0c - CVE-2024-9421 - 2024-10-04 05:15:14 - The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - d8ed090dcada72e81ce792990b43e07d - CVE-2024-9384 - 2024-10-04 05:15:13 - The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - 6df7504b9baed58cebd2f6eb2bdeeb7e - CVE-2024-9375 - 2024-10-04 05:15:13 - The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - b4355797ec78f21e5628dec1bfb8871b - CVE-2024-9372 - 2024-10-04 05:15:13 - The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. - 详情 - - - - 56436b970672affabc72d3b04a9929e1 - CVE-2024-9368 - 2024-10-04 05:15:13 - The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. - 详情 - -