diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 06d93166288..cfffd1c07bd 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -170,3 +170,13 @@ b2f60dc31292aa9f5768b2d439fda37a a0c275e58017500731ab01a930a918f1 c1a94b28efbdab10aaddc13f2e04db9d 78cf826dd92e31873c6a55c7bbf111f6 +044fab7c833f1af6ac82268c278d7418 +9099f6faf65efa1b0b03d8856001729c +914c423b3981184918f21f7130d3b2dd +abf3a808aa2d555cfc40ce6e4d098844 +2242db6a2a4918e7444006e4fc535290 +56215f4021883131f7443ce65cde8be9 +943f14db45f1a466c986b6657361354e +b2d4f556197b32b1f590cd3be68fe722 +d1d35ab76cc6395d9356736c419bb8e3 +2bd870293df7cb86364e3875365c397d diff --git a/data/cves.db b/data/cves.db index 56a5065ed09..39233dea24a 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 29ee5c2831d..371741e36fa 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 044fab7c833f1af6ac82268c278d7418 + CVE-2023-43278 + 2023-09-25 23:15:00 + A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. + 详情 + + + + 9099f6faf65efa1b0b03d8856001729c + CVE-2023-38907 + 2023-09-25 23:15:00 + An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function. + 详情 + + + + 914c423b3981184918f21f7130d3b2dd + CVE-2023-43326 + 2023-09-25 22:15:00 + mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function. + 详情 + + + + abf3a808aa2d555cfc40ce6e4d098844 + CVE-2023-4258 + 2023-09-25 22:15:00 + In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. + 详情 + + + + 2242db6a2a4918e7444006e4fc535290 + CVE-2023-5129 + 2023-09-25 21:15:00 + With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue. + 详情 + + + + 56215f4021883131f7443ce65cde8be9 + CVE-2023-43457 + 2023-09-25 21:15:00 + An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. + 详情 + + + + 943f14db45f1a466c986b6657361354e + CVE-2023-43132 + 2023-09-25 21:15:00 + szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. + 详情 + + + + b2d4f556197b32b1f590cd3be68fe722 + CVE-2023-42753 + 2023-09-25 21:15:00 + An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. + 详情 + + + + d1d35ab76cc6395d9356736c419bb8e3 + CVE-2023-42426 + 2023-09-25 21:15:00 + Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. + 详情 + + + + 2bd870293df7cb86364e3875365c397d + CVE-2023-43644 + 2023-09-25 20:15:00 + Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments. + 详情 + + adef21e65acb244b2799e2385716c9bb CVE-2023-39408 @@ -366,7 +446,7 @@

眈眈探求 | + 2023-09-24 01:15:00 A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2023-09-24 01:15:00 A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2023-09-24 01:15:00 An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2023-09-24 01:15:00 An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 479509c6cec2ebe99c21465cc2e109d7 - CVE-2023-43338 - 2023-09-23 00:15:00 - Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. - 详情 - - - - 217d19479cdd4cebcf6aba90e3666556 - CVE-2023-43130 - 2023-09-22 23:15:00 - D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. - 详情 - - - - b431992ad614cc5b635566a93079f335 - CVE-2023-43129 - 2023-09-22 23:15:00 - D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. - 详情 - - - - 32523e76dfb35ff3717db01e92fe3f86 - CVE-2023-40989 - 2023-09-22 20:15:00 - SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. - 详情 - - - - d90f474764947fd9018f2701b1edede4 - CVE-2023-43270 - 2023-09-22 19:15:00 - dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. - 详情 - - - - 4be0e0b7dcbfa7985ab1e337bfafa4a2 - CVE-2023-23364 - 2023-09-22 04:15:00 - A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later - 详情 - - - - 85e83fef12d37bec604f1f22ae863236 - CVE-2023-23363 - 2023-09-22 04:15:00 - A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later - 详情 - - - - 02bd6c0b4a2f4cab127191f125adc7ea - CVE-2023-23362 - 2023-09-22 04:15:00 - An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later - 详情 - - - - b094359a59d899b3026cedd328a6b4fb - CVE-2023-31719 - 2023-09-22 00:15:00 - FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. - 详情 - - - - d61674902f7df9f3dcab43faf5c7e158 - CVE-2023-31718 - 2023-09-22 00:15:00 - FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. - 详情 - - @@ -1798,7 +1798,7 @@

眈眈探求 | + 2023-09-24 20:05:55 CIMG CIMG Vulnerability 详情 @@ -1806,7 +1806,7 @@

眈眈探求 | + 2023-09-24 20:05:55 WEBMIN WEBMIN Vulnerability 详情 @@ -1814,7 +1814,7 @@

眈眈探求 | + 2023-09-24 20:05:54 JETBRAINS TEAMCITY Vulnerability 详情 @@ -1822,7 +1822,7 @@

眈眈探求 | + 2023-09-24 20:05:54 NAGIOS NAGIOS_XI Vulnerability 详情 @@ -1830,7 +1830,7 @@

眈眈探求 | + 2023-09-24 20:05:54 NAGIOS NAGIOS_XI Vulnerability 详情 @@ -1838,7 +1838,7 @@

眈眈探求 | + 2023-09-24 20:05:54 JETBRAINS TEAMCITY Vulnerability 详情 @@ -1846,7 +1846,7 @@

眈眈探求 | + 2023-09-24 20:05:54 PHPPGADMIN_PROJECT PHPPGADMIN Vulnerability 详情 @@ -1854,7 +1854,7 @@

眈眈探求 | + 2023-09-24 20:05:54 NAGIOS NAGIOS_XI Vulnerability 详情 @@ -1862,7 +1862,7 @@

眈眈探求 | + 2023-09-24 20:04:54 NAGIOS NAGIOS_XI Vulnerability 详情