From b65b78389cfaf6f871459bb33b70d838d133e87e Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Fri, 11 Oct 2024 03:28:19 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Nsfocus.dat | 15 ++++++ data/cves.db | Bin 49610752 -> 49614848 bytes docs/index.html | 132 +++++++++++++++++++++++----------------------- 3 files changed, 81 insertions(+), 66 deletions(-) diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 01e4f8ba45a..773b06fd9a8 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -183,3 +183,18 @@ ba973dbffa609f5155007e8944eb5185 9dd1bbcf27a0fe513b528c267417136a 803b03ed0a57f6a2ae5b14b1e13edc13 7f5f025dfb1cef5c6ac4e19db783dd54 +7aeafc0758c3593ec6f58e8fc4887499 +97298db86b6af216d7a237f675d7abec +c16a68ecae6acc5cfecb56244c15f36d +59127b44eba6578f6ab7660f95e3b5b9 +9edb908be454e918dec8659faddb8dc1 +fc3b8f30b5bc64fee45b47a4ed0156f6 +c5ae774397caa2ea5dd49faed44dfe12 +5cdbc6c7e389a754471c4177de7250fa +3177adc027853fda4d87379416217047 +6e401fc8041ebbcb508e66f561426d4f +c41e75b363a0d63008aa1111a275463f +e5aeb22cfaae8005adfe28dc40a93215 +3fd96f0c1be7d79a929bb173a63ffc0e +82ddf24294810834c0a6812d598c2c17 +bae0474506c706f03c84a7d8291d143f diff --git a/data/cves.db b/data/cves.db index f0435d6f670b5cc355e11394d14ecaffdfe4cf15..acc0d2304d529aa7921f83aad12c4944d3f44e4b 100644 GIT binary patch delta 4719 zcmZ|RcXU*B7Qk`lNr2EXgkDBL5jFB==C!fWL~Mc3Q7re(%$pdA2_^yTFv?X>5iEd} z0R;=9h@zmN!CnDT)L5_+P%NNqv90?ZJnL?NopV0FlRt9imfwB%&GhM8I!<4-rQ_VL zdA%An>Nn!1aQ{%RjHrZE43&da8mr`~G*M})(o7{^rMXHAm6j^4R9dUFQE98vPUT>g z0+seEg(@9XI;wP1>8#R4rK?IemF_A%RC=m}RSr=(RHc_nZl_OP- zQaM_sNaYxnek!I)L?x;cQ?XQR6-UKY@l@g}$EqBsa=gk3DkrM+R~eu(P-T$HV3m_p zhNzsZGF0Uhl~YwtQ#oDb43%P)VJgE_N>oOuj8qw=GFoMf%2<_gD&tkoR5?p!g38${ z=ct^ka-ItP@l_HkNtKjJppsT8RXJa!OyvTVi7MqP7phdKRH{r;xk#l-rCOy%WwOc? zm8mKht6ZXTsmf(4m#bW%a;3^NmFX%Om8(>)R+*uqD%Yr7t1?q%mdbT1*Q?y1GF#+a$TUF+%%vV{Ua+}KSDtD;dsdAUf-6{)JvMP&I7OUK&a<9q~m8B~8 zsobyffXag^%TyjxS+4T1$|EW(R324Xsq&c0<0`9Eo=|yGWwpv0m8VpmR#~gEPURVu zXH{xd)~h_H^1R9mDle+Mr1G-LD=M$5yr%NH${Q+gs%%i%sIp1rEtSnGZ>zkcvPI=x zmG@NMSE*C^K;=V~k5oQZ*{br1%BL!yseG>Th02#IU#VR zoyzwrKd9_d*{$-U%1%8f)+rp2k|N!!vjmwOEhm@H}3?i+Bky;}yJ$*YG;tz?;~Bjo5^@uo-XT z9c;n7cn|NR4j6wnV5y^a6N9oY}|-Bn2VcmGj74Hn1}gTfZK38?!cY63wL87 zvRH)0xCi%Q36|nM+>ZzFAeP}FEXTum1S{|;R^l-{j#YR9PhvIJ;3+(fwOEH|@GNSv z9?#)l*g32$LD-o`uFf_L#A-bWoiz=!wz zP+q?ht?M>t%een zpVw?;)A>#6n;e=~)%dN(9S)jeY&1HDF37fB|6XY3fJ~eK`Nf_4W;(`NjftgGaVKpi zBZ$10m zJR&5mNZ{Ium=p8OloK;e&-WvI{HSYNl+mDsXpv>d9B$Bj_tc7-pgdez5sWQ4BV1jXu9@mr1q;l}w-jcFHQi;jXcjSxB4*h9-`*BE zW~Qswb;`v(hq$qb>-wpr8Ff9Ii}bCO=h8|m;zT2^ncY38fQwrE+g77}-kAeOmXu^y zTC0qX*-aGGv_V0mok+&kx{iB$+J&_2@$noh_@iE zT=ezrOX}Cnsb95_XUNJwP$#B2R;It!wdVr*WDX;%c#ulOO)o(o{gQZU-@17~dzcSR@;H{{zOb z@8-{pq5}mea-58-bqDV)y)ZWg5yyADAn6B=pG?}xbifnkL@g^BvD4Y-n(s0S`q_5m zuQI|VdlyEyB&bN1g-2DE2Pr=lKFP1~!^LH#RenunRd&P^)uFBj9>T$nn>j}7+U=eF zP_FfEH15%5C*k<%Xv9gmel+H$9oOcsM38JyA^XI#z3k>z149LNkPa$RK~;EEkepmq zR&z=HygBtVvR~CMuFtIav)TV0g9A;$1joySwXSXMc_<|l*AIM_uxoqCm>rJ=Np^}C zc#=q(9p-h{YOIl`qK5AKfY2cKIG7FK^$yVmR^IWk2sR#x`lu zig%OIdQGD?<6GCZ+f`xQZ`6hd3^vB)=Uz`Mj4`?W(<7H(ZvQ0wz_eV;HrW&=Z;@Ei zvwSz@MdOiF#M)=`=C%ZjZ@>J877xrW9<#~le1N^=+jefzcFzUOEm|*{N~NP#G;Vnj w(~DV2lSzq0Q+C`-Mw1b@!PV>y=Y-Ol;e>waEI+hv)o&uDVrs*wP#EhYhSUIg+R&FbgmDkE=<+lo01+79>VXKH$)GB5bw@O$gtx{HLtBh6FDrc3qDp(b* zN>*j7idEIBW>vRpST(I$R&A?}RoAL#)wdd04Xs92W2=eP)M{q2Pjjn<)zWHZwYJ(= zZLM}zd#i)h(duM%wz^ndt!`F#tB2Lo>Sgt|`dEFfepY{LfHlw>WDT~4SVOI0)^KZt zHPRYo*&1z)vBp~CtntDCNurZvl&ZOyUfTJx;=)&gsxwa8j* zEwPqb%dF+r3Tvgc%35u$vDRAato7CgYooQv+H7sHwp!b)?bZ%!r?t!4ZSAr4TKla1 z)&c9Fb;vqw1zSg~qt-F&xOKuhX`Ql8TW74Z);a6Eb-}u5U9v7)SFEenHS4-{!@6nR zvTj>%R5CdT2ee9$QbWr`9v;x%I+&X}z*uTW_ql);sIH^}+gReX>4VU#zdz zH|x9g!}`_w&HCN?!}@9cY5isWZT(~YYyCG)L6a1O074@S!Xg~PBLX5K5+WlCq9Pii zBL-q37Gfg~;vyd6BLNa35fUQ_lHwO6Lvo}*N~A(+q(NGwLwaODMr1-}WIt^6hToGLvfTqNt8lqltEdPLwQs{MN~p%R6$i#Lv_?ZP1Hhd z)InX;Lwz(rLo`BTG(l4|L&*Nk(E=^e3a!xwZP5?rvPT~|!;|$K?9M0ncF5(g{;|i|g8m{98ZsHbh;|}iP9`54-9^w%m z;|ZSP8J^<>Ug8yA;|<>89p2*uKH?KT;|spx8@}TQe#LM29e>~_{={GS8~@;6{1-G% z0nQ%*ghm*IML2{<1Vlt6L`D=uMKnZ548%k%#6}#%MLfhu0whEtBt{Y>#V<&Pf~u&7>ZpO5sD;|7gSx1P`e=ZLXoSXSf~IJOko}vZ1zMsNTB8lx zq8-|!13ID;I-?7^q8qxS2YR9xdZQ2eq96KW00v?Z24e_@Vi<;F1V&;MjL{f_u^5N( zn1G3xgvpqKshEc8n1Pv?h1r;cxtNFfSb&9CgvD5brC5gLSb>#Th1FPtwOEJs*no}L zgw5E3t=NX`*nyqch27YLz1WBSIDmsVgu@8N5gf%a9LEWq#3`J{8JxvAoW})R#3fwD z6Agyd^TzJ=s_Ao$j- nAAzh5!v`X+4;AH7#Ne1m#stj^?8)A(M7Z$5>wo?T)D8DPiXv0m diff --git a/docs/index.html b/docs/index.html index 06fd71535c1..11f0a712f20 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -366,7 +366,7 @@

眈眈探求 | + 2024-10-09 15:15:17 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. 详情 @@ -374,7 +374,7 @@

眈眈探求 | + 2024-10-09 15:15:17 A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. 详情 @@ -382,7 +382,7 @@

眈眈探求 | + 2024-10-09 15:15:17 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. 详情 @@ -390,7 +390,7 @@

眈眈探求 | + 2024-10-09 15:15:17 In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. 详情 @@ -398,7 +398,7 @@

眈眈探求 | + 2024-10-09 15:15:16 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. 详情 @@ -406,7 +406,7 @@

眈眈探求 | + 2024-10-09 15:15:16 In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. 详情 @@ -414,7 +414,7 @@

眈眈探求 | + 2024-10-09 15:15:16 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. 详情 @@ -422,7 +422,7 @@

眈眈探求 | + 2024-10-09 15:15:16 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. 详情 @@ -430,7 +430,7 @@

眈眈探求 | + 2024-10-09 15:15:15 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. 详情 @@ -438,7 +438,7 @@

眈眈探求 | + 2024-10-09 15:15:15 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30 详情 @@ -2132,91 +2132,91 @@

眈眈探求 | - Positron Broadcast Signal Processor TRA7005身份认证绕过漏洞 - 详情 + 7aeafc0758c3593ec6f58e8fc4887499 + CVE-2024-34757 + 2024-10-10 03:26:06 + WordPress plugin Borderless跨站脚本漏洞 + 详情 - 8059274cb32cd301644e18dc332f5188 - CVE-2024-41672 - 2024-10-09 09:24:06 - DuckDB信息泄露漏洞 - 详情 + 97298db86b6af216d7a237f675d7abec + CVE-2022-44581 + 2024-10-10 03:26:06 + WordPress plugin Defender Security敏感信息存储漏洞 + 详情 - b10fe702e5e378c1a321a963d1a64214 - CVE-2024-40872 - 2024-10-09 09:24:06 - Absolute Secure Access权限提升漏洞 - 详情 + c16a68ecae6acc5cfecb56244c15f36d + CVE-2024-3551 + 2024-10-10 03:26:06 + WordPress Plugin Penci Soledad Data Migrator本地文件包含漏洞 + 详情 - 73313f4f9a3d2a2ec169c961c4c0276e - CVE-2024-41666 - 2024-10-09 09:24:06 - Argo CD权限管理错误漏洞 - 详情 + 59127b44eba6578f6ab7660f95e3b5b9 + CVE-2024-3134 + 2024-10-10 03:26:06 + WordPress plugin Master Addons存储型跨站脚本漏洞 + 详情 - c8fc532c66d8b2f4edd1708605b73088 - CVE-2024-37084 - 2024-10-09 09:24:06 - VMware Spring Cloud Data Flow代码注入漏洞 - 详情 + 9edb908be454e918dec8659faddb8dc1 + CVE-2024-4204 + 2024-10-10 03:26:06 + WordPress plugin Bulk Posts Editing For WordPress存储型跨站脚本漏洞 + 详情 - d6a6f261142d596aa86efd3c505b893a - CVE-2024-39671 - 2024-10-09 09:24:06 - Huawei EMUI和HarmonyOS访问控制错误漏洞 - 详情 + fc3b8f30b5bc64fee45b47a4ed0156f6 + CVE-2024-3609 + 2024-10-10 03:26:06 + WordPress plugin ReviewX未经授权的数据删除漏洞 + 详情 - 4e9fb9a8940a70dcd1ed5f38411ca880 - CVE-2024-39672 - 2024-10-09 09:24:06 - Huawei EMUI和HarmonyOS内存请求逻辑漏洞 - 详情 + c5ae774397caa2ea5dd49faed44dfe12 + CVE-2023-23700 + 2024-10-10 03:26:06 + WordPress plugin OceanWP路径遍历漏洞 + 详情 - 1d65dd42b76c4ece297200c67e563570 - CVE-2024-41705 - 2024-10-09 09:24:06 - Archer Platform跨站脚本漏洞 - 详情 + 5cdbc6c7e389a754471c4177de7250fa + CVE-2023-23645 + 2024-10-10 03:26:06 + WordPress plugin MainWP Code Snippets Extension代码注入漏洞 + 详情 - 5638d6b29770d302c6a1ecadc4fcaba8 - CVE-2024-6589 - 2024-10-09 09:24:06 - WordPress LearnPress – WordPress LMS Plugin本地文件包含漏洞 - 详情 + 3177adc027853fda4d87379416217047 + CVE-2022-45374 + 2024-10-10 03:26:06 + WordPress plugin YARPP路径遍历漏洞 + 详情 - 49d87a61bfefc95cb5e792f590d434ed - CVE-2024-39670 - 2024-10-09 09:24:06 - Huawei EMUI和HarmonyOS权限许可和访问控制漏洞 - 详情 + 6e401fc8041ebbcb508e66f561426d4f + CVE-2023-48727 + 2024-10-10 03:26:06 + Intel oneVPL software空指针取消引用漏洞 + 详情 - e059a1c9c1b987b516a4a71db5310c41 - CVE-2024-36537 - 2024-10-09 09:24:06 - cert-manager不安全权限漏洞 - 详情 + c41e75b363a0d63008aa1111a275463f + CVE-2022-45368 + 2024-10-10 03:26:06 + WordPress plugin 1003 Mortgage Application路径遍历漏洞 + 详情