Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Sep 15, 2023
1 parent e45df97 commit a62e3db
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,13 @@ c3382eca347a7df78808d1152607e4df
cc1740c98cbd7aa69183dd5e5ec79a32
8f06033f8a258de4d23a374797fac4af
d56b80dc455efba8e48303b45521ae59
cbd8d6443f9fc379da378217ee1164ec
9703d6d2d2b5fae97f14fe7d4f5bd25a
3f5bee88029c092331e929632da63195
5791c88871192b1bb5d8461b693d68a3
7408875a43a72090374b72331b3bb4f5
728da8338e63797d29c3110366459136
3ac3cba11db2f3ff154d11566092b855
c6feee8296a22823d8826eea44ca49ba
7402057616cf607bd232af584cd26e26
2660540e280ec4f4dc3508083ccc86e7
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2023-09-15 14:25:42 -->
<!-- RELEASE TIME : 2023-09-15 21:19:48 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>cbd8d6443f9fc379da378217ee1164ec</td>
<td>CVE-2023-37263</td>
<td>2023-09-15 19:15:08 <img src="imgs/new.gif" /></td>
<td>Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37263">详情</a></td>
</tr>

<tr>
<td>9703d6d2d2b5fae97f14fe7d4f5bd25a</td>
<td>CVE-2023-36479</td>
<td>2023-09-15 19:15:08 <img src="imgs/new.gif" /></td>
<td>Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-36479">详情</a></td>
</tr>

<tr>
<td>3f5bee88029c092331e929632da63195</td>
<td>CVE-2023-36472</td>
<td>2023-09-15 19:15:08 <img src="imgs/new.gif" /></td>
<td>Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-36472">详情</a></td>
</tr>

<tr>
<td>5791c88871192b1bb5d8461b693d68a3</td>
<td>CVE-2023-42398</td>
<td>2023-09-15 17:15:14 <img src="imgs/new.gif" /></td>
<td>An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42398">详情</a></td>
</tr>

<tr>
<td>7408875a43a72090374b72331b3bb4f5</td>
<td>CVE-2023-28614</td>
<td>2023-09-15 17:15:14 <img src="imgs/new.gif" /></td>
<td>Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-28614">详情</a></td>
</tr>

<tr>
<td>728da8338e63797d29c3110366459136</td>
<td>CVE-2023-4991</td>
<td>2023-09-15 16:15:08 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4991">详情</a></td>
</tr>

<tr>
<td>3ac3cba11db2f3ff154d11566092b855</td>
<td>CVE-2023-4988</td>
<td>2023-09-15 16:15:08 <img src="imgs/new.gif" /></td>
<td>A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4988">详情</a></td>
</tr>

<tr>
<td>c6feee8296a22823d8826eea44ca49ba</td>
<td>CVE-2022-47848</td>
<td>2023-09-15 16:15:07 <img src="imgs/new.gif" /></td>
<td>An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-47848">详情</a></td>
</tr>

<tr>
<td>7402057616cf607bd232af584cd26e26</td>
<td>CVE-2022-38636</td>
<td>2023-09-15 16:15:07 <img src="imgs/new.gif" /></td>
<td>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-38636">详情</a></td>
</tr>

<tr>
<td>2660540e280ec4f4dc3508083ccc86e7</td>
<td>CVE-2023-4987</td>
<td>2023-09-15 15:15:08 <img src="imgs/new.gif" /></td>
<td>A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4987">详情</a></td>
</tr>

<tr>
<td>461e49f95d6b6c09c79b5224f5de618c</td>
<td>CVE-2023-4951</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-2680">详情</a></td>
</tr>

<tr>
<td>0592e6b97a214dc4b42769337c995ebe</td>
<td>CVE-2023-20236</td>
<td>2023-09-13 17:15:09</td>
<td>A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-20236">详情</a></td>
</tr>

<tr>
<td>90898f1f724c6b0f61113c6880e6caad</td>
<td>CVE-2023-20233</td>
<td>2023-09-13 17:15:09</td>
<td>A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-20233">详情</a></td>
</tr>

<tr>
<td>1616219d2aa8645650438ac8af98cdf1</td>
<td>CVE-2023-20191</td>
<td>2023-09-13 17:15:09</td>
<td>A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-20191">详情</a></td>
</tr>

<tr>
<td>6ceb67142e97f90d440d734069ed1604</td>
<td>CVE-2023-20190</td>
<td>2023-09-13 17:15:09</td>
<td>A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-20190">详情</a></td>
</tr>

<tr>
<td>9759b27220f847232af8ba8a8e6e42a5</td>
<td>CVE-2023-4899</td>
<td>2023-09-12 00:15:00</td>
<td>SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4899">详情</a></td>
</tr>

<tr>
<td>b72292b4b248c66007b8aad7b0571000</td>
<td>CVE-2023-4898</td>
<td>2023-09-12 00:15:00</td>
<td>Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4898">详情</a></td>
</tr>

<tr>
<td>a4132a5957e40e3c67c1e16a94850015</td>
<td>CVE-2023-41990</td>
<td>2023-09-12 00:15:00</td>
<td>The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41990">详情</a></td>
</tr>

<tr>
<td>e6d59eaa902b4746063a179a2624f834</td>
<td>CVE-2023-40442</td>
<td>2023-09-12 00:15:00</td>
<td>A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40442">详情</a></td>
</tr>

<tr>
<td>384596aa524326336a62e45a83e8861f</td>
<td>CVE-2023-40440</td>
<td>2023-09-12 00:15:00</td>
<td>This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40440">详情</a></td>
</tr>

<tr>
<td>4df18cf122a5589d80510fc9085818a1</td>
<td>CVE-2023-39069</td>
<td>2023-09-11 23:15:00</td>
<td>An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39069">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit a62e3db

Please sign in to comment.