diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 2177497940b..c5da696aace 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -152,3 +152,13 @@ c3382eca347a7df78808d1152607e4df cc1740c98cbd7aa69183dd5e5ec79a32 8f06033f8a258de4d23a374797fac4af d56b80dc455efba8e48303b45521ae59 +cbd8d6443f9fc379da378217ee1164ec +9703d6d2d2b5fae97f14fe7d4f5bd25a +3f5bee88029c092331e929632da63195 +5791c88871192b1bb5d8461b693d68a3 +7408875a43a72090374b72331b3bb4f5 +728da8338e63797d29c3110366459136 +3ac3cba11db2f3ff154d11566092b855 +c6feee8296a22823d8826eea44ca49ba +7402057616cf607bd232af584cd26e26 +2660540e280ec4f4dc3508083ccc86e7 diff --git a/data/cves.db b/data/cves.db index 4959c0a6c71..46ed00772a4 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 3d1409cc0df..c605880974b 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + cbd8d6443f9fc379da378217ee1164ec + CVE-2023-37263 + 2023-09-15 19:15:08 + Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. + 详情 + + + + 9703d6d2d2b5fae97f14fe7d4f5bd25a + CVE-2023-36479 + 2023-09-15 19:15:08 + Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. + 详情 + + + + 3f5bee88029c092331e929632da63195 + CVE-2023-36472 + 2023-09-15 19:15:08 + Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7. + 详情 + + + + 5791c88871192b1bb5d8461b693d68a3 + CVE-2023-42398 + 2023-09-15 17:15:14 + An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. + 详情 + + + + 7408875a43a72090374b72331b3bb4f5 + CVE-2023-28614 + 2023-09-15 17:15:14 + Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. + 详情 + + + + 728da8338e63797d29c3110366459136 + CVE-2023-4991 + 2023-09-15 16:15:08 + A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 3ac3cba11db2f3ff154d11566092b855 + CVE-2023-4988 + 2023-09-15 16:15:08 + A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799. + 详情 + + + + c6feee8296a22823d8826eea44ca49ba + CVE-2022-47848 + 2023-09-15 16:15:07 + An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service. + 详情 + + + + 7402057616cf607bd232af584cd26e26 + CVE-2022-38636 + 2023-09-15 16:15:07 + ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + 详情 + + + + 2660540e280ec4f4dc3508083ccc86e7 + CVE-2023-4987 + 2023-09-15 15:15:08 + A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + 461e49f95d6b6c09c79b5224f5de618c CVE-2023-4951 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 0592e6b97a214dc4b42769337c995ebe - CVE-2023-20236 - 2023-09-13 17:15:09 - A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device. - 详情 - - - - 90898f1f724c6b0f61113c6880e6caad - CVE-2023-20233 - 2023-09-13 17:15:09 - A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device. - 详情 - - - - 1616219d2aa8645650438ac8af98cdf1 - CVE-2023-20191 - 2023-09-13 17:15:09 - A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . - 详情 - - - - 6ceb67142e97f90d440d734069ed1604 - CVE-2023-20190 - 2023-09-13 17:15:09 - A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . - 详情 - - - - 9759b27220f847232af8ba8a8e6e42a5 - CVE-2023-4899 - 2023-09-12 00:15:00 - SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. - 详情 - - - - b72292b4b248c66007b8aad7b0571000 - CVE-2023-4898 - 2023-09-12 00:15:00 - Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. - 详情 - - - - a4132a5957e40e3c67c1e16a94850015 - CVE-2023-41990 - 2023-09-12 00:15:00 - The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. - 详情 - - - - e6d59eaa902b4746063a179a2624f834 - CVE-2023-40442 - 2023-09-12 00:15:00 - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information. - 详情 - - - - 384596aa524326336a62e45a83e8861f - CVE-2023-40440 - 2023-09-12 00:15:00 - This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. - 详情 - - - - 4df18cf122a5589d80510fc9085818a1 - CVE-2023-39069 - 2023-09-11 23:15:00 - An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. - 详情 - -