From e32bf383044ce69afa243b01d2a0fca99e85b896 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 9 Sep 2024 06:34:31 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Nsfocus.dat | 15 +++ data/cves.db | Bin 49209344 -> 49213440 bytes docs/index.html | 254 +++++++++++++++++++++++----------------------- 3 files changed, 142 insertions(+), 127 deletions(-) diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 7c41974ac6c..cfa61207a69 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -127,3 +127,18 @@ f1a7c4419c46df834b89b51536ddb615 31ec19869cdb35e3015ab9e55de0e202 cd5e1f01752bdad002a88c7fa658df60 35a30cf087d7a29b1aecccad6743a6f2 +48834267f222a0c76e61277d19b79cf6 +aff91e8ce2eef6b7b3af311c0dd00b56 +b58e1bf9486c564048ea4fc08b2e1558 +b263ebf648bf73c46703b709890cd868 +496f6c6938f2e9d51181943a0c088382 +4cc032c5a6e6c4aeca2e5f4c4365afec +d738d7c69daf6f5b92e74d68b011feb8 +c402d1296b85813a8fc1a7240f05eff2 +2f09648c354f1830e6dee16ab601e8d2 +d0777432fbc9ffe1107a68ef376463b7 +dc6be20e1d1c3310f9068634ab799028 +b579b815355a4bab9016d3445e314e2f +2091995d72011ad88fd1c104c38be3d2 +d298a74388929b4199e4596950b2d4ed +d34bcb865e7d75256c46d066efae19a1 diff --git a/data/cves.db b/data/cves.db index b1496bf9d9433d605cf0f0add20811170beb1318..4dd8135562d90423207d55b0f9df0bd14d00338b 100644 GIT binary patch delta 4492 zcmZ|Td6bQX9|mx9nK434_Nay=s?odO_mx6IcCuAe&t2Y^iG~=33b%TcHYAORt9?(3 zQfRbjRWYsF%UVkNUiv*(r}I08&Y92sXU@6L`+UFOd(WJixqeNvnV+s{Huvy?()u-O zbo^#s@hP#=`WX;;M2x6O)FSeU0-`oiNYo(?A?gzKi2B5#L<6EBQA8X@G$I-kO^BvM zGom@sf;gOLNwgx4AdV!CB8rLDL>uC0qAhU@(T+HlXisz?jw6mIP9RE%j>L(CL70R^ z*n~s4gh#{)p9qLf#7RVF;$-3!q6^WL=ti7MbSF+DdJsK{Uc~7{Z=w&;m*_|ICk7A$ zi9y6*;tXO4F_aia3@1hqXA)--XA>idQN%gKxx{&d=93_jM2bigArTRyi7`YeaXvAY z7)M+{lo8{J3B-lOL}C(APD~~)A}%JT5L1b1#3jU~#AU>EVg@mj$PkwkR}fbcBxVs; z5mytliED^!iR*~#i5rMH#9U$?aU(IGxQSRm+)Pvu3yE8ZMZ{v_R$>XUl*kgxh}($U zi93ipiMxoqiF=59iTjBAi3f-WiHC@XiRHv2#0uh3;xS?+v5I({c!F3>JV`u7tRdDC z>xid`N@6|n4Dl@S9PvD{fp~#>zd$yNEA{FNxj6SH#!E9^xC~TjD$7 zd*TP;N8%^qXW|#)SK>F~cj6D?PvS3PFY)(mPdY$ zR2oP_DU!paku;Vj(o~vBb7>)mOG{}bN63+KloU&AX(LBVTRBGB$+6O2I>>Qyyqq8< z(os$nLrk&67Drt1Brd)L(n(H|&T_JxB3-1bbdyu1yPPIHq^Ica*HgI#d51Gk)@KAWpbO`E_cYCa+lmK_sG3+pWH7G$b<5b zJS@xQ5m_OR%44!pR>|Y?gshe)X4%P;b){3gH4AM&UCC41%XyxEB9<1aC(DYYbD3Z%9a zN*y^w>PkJSFNaD4X(&Zg$fQjU^hX)SH!XlX0QNIN-J z+DivHPL7uoq(nN(iDHN;me}HmE1tx~mq0qnNzz$PmQ$pQbd_#$s&tprq=)pBUUIth zmOj!~`bmEoAOmHP43;xwhzylsGF(Q;nR1q#EhA-=oFnJTd6JudLXwh_w1g7LXc;4= za=wg}adLr_$#|I{7s^DLB;_($E|QC7icFPha*13jm&tUQAu}Z-m&+A$rBG(cRdTh= zmTTl%xlXQ^8)S~mm3eZb%$J*Ff!r(=vQTc3MY33Kl_j!Nva(EWliTGExl`_vyX79a zSMHPh~@QT%M5C@}xW^YhUtUM>r%LaKt zUX+*QWqCzjm5uV6ye@CZCfO`i@}|5cZ_7LKuDmB(28)oEHdtM<3GM;2@-I5B@=eymn$&5bqv z*rL3>c~M1i!$+5O%e2tD6!ve?;VirUu(TEUiMV6?eqaSj#|(ndaRV=Kjii-!!t~BH zl{*(_yASVCVi}fGV!N(sWWOENC)S~!Q(^@ADK@-LcJ{OU)v-1`O~W(;FVl!s1qwKJ zpaLu-(3`sHxTW7E(!L+1&6H_4DcetmcG{{I;M#_rHT|uzCfU86x5f&xC6y~<_3Bg$ z8nQ1ao@vIa{9Kb^3QD^1AnBW~9x>r06Uo3Zy|nE(ZfKiMXhqe6EZ^|VZWBr;mQE_} zn~1{k+3&`5jkWyGR(@`5wQ{XS=Ej!tlA&dUrpnm1X+(kH`JU}0lJOugEWcWqTAA5- zUAD$rXD5{YXP+R`fK@efeR|{~jCfp&v7%%uh@#Lmjd;TI!^n<%j%O$1)gp3zjQ#qo z*zjJr3{5YQ^b9lft8K|H(UMGi zMB<`xrDbD_2M_BuVCb;^#iv=lwyj;XYx$Dx*F3P}y3CHXb9Ss;y6Q3>bil1xUNB^Q+4xDt zJtiiKO~a`8?uS>KAEfa=SyrZqRW)*1eRJcD+kQHp@`7|C@*+1GSYg~rdwx=98imON zHfVYNep%VU?bgPcS3k@F`&!wV!?<}yZnn83CzUd6E9EA<&`UXqFqN=EH*!*r?YTO< z)P9S!OB~M&oZ;nRSvaMpa!Q=Q zF?&r+q)W#aX9usEly|TV{S)J7>T>h6TuhhTA!rYd<;5e*vb2`C?m(@VfTX>M&6zr=KR5snRC-!AQ9sSp%MqUHdXi!&C259sj>NW zD+VoVH+fK|C94W^4{~1a_H8GbO8TA~#?x`va&?wo+VH$EN`z*RFst=-9oHH(wS4@< e)R>ZfrK87`mz9=f=gs{vc2xEA&pnYDxc>t=6EpY# delta 2835 zcmWmGQ;;4A6ok>_4=1*5+qP||W7}pYnQ$hyZ9AFRwr#Dl-p%fphtp5@sjIr`j(&D1 z@#tfR5{D#<-1%F$aJjyOrYRNZ{B4Y^@K(TzU`4bdS&^+MR#YpVmDVb2wYA1tYpt`^TN|v6)+TGSwZ+#%jiI%!NkZx@=vsu3Fcu>(&kH zrgh7@ZQZf%TKBB`)&uLI^~ic`J+Yoz&#dRx3+tuz%6e_RvEEwmtoPOj>!bC_`fPo% zez1PDezJbHezCqR$RiXcQo zbi_bR#6oPuL0rT`d?Y|ZBtl{&K~f|`a-={?q(W+>L0Y6kdSpOGWI|?SK~`i#cH}@# zkb<{vj)Ix34 zL0!~CeKbHrG(uxEK~pqCbF@H9v_flq@4pS&q8-|!13ID;I-?7^q8qxS2YR9xdZQ2e zq96KW00v?Z24e_@Vi<;F1V&;MMq>=dVjRZ9n1G3xgkVg@6imf5Ovem_AQUq(3$rl? zb1@I|u>cFP2#c`vcx3ahaOYq1XNu>l*g37fG6Td@t>u>(7?3%jugd$AAu zaR3K#2#0Y5M-hf&IF1uIiBmX@GdPQLIFAdsh)cMPE4YelxQ-jRiCeghJGhH`xQ_>T zh(~ygCwPiyc#ao%iC1`yH+YM8c#jYGh)?*8FZcmJ;wSu!U+@*b;y3(`Kkz61!r%A@ z|Kc0|3m>ci^G5&?5D}3O8Bq`wL5POvh=G`hh1iILxQK`NNPvV$gv3aKq)3M3NP(0{ zh15ucv`B~a$bgK5h1|%4yvT?AD1d?}gu*C-q9}&qD1nkFh0-X4 zvM7i0sDO&7gvzLbs;GwQsDYZOh1#ftx~PZxXn=-jgvMxsrf7!dXn~e!h1U4qe;c$# zJG4g!bVMg~Mi+ENH*`l2^h7W8Mj!M=KlH}{48$M|#t;m}Fbu~CjKnC6#u$vnIE;re z0TVF^!I+FGn2Kqbju{9+C}v_7W@8TKVjkvW0TyBr7GnvPVi}fW1y*7eR$~p;Vjb3F z12$q4He(C6VjH$&2X + @@ -366,7 +366,7 @@

眈眈探求 | + 2024-09-07 09:15:03 The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 详情 @@ -374,7 +374,7 @@

眈眈探求 | + 2024-09-07 09:15:02 A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -382,7 +382,7 @@

眈眈探求 | + 2024-09-07 09:15:01 The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 详情 @@ -390,7 +390,7 @@

眈眈探求 | + 2024-09-07 08:15:11 A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component. 详情 @@ -398,7 +398,7 @@

眈眈探求 | + 2024-09-07 08:15:11 Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later. 详情 @@ -406,7 +406,7 @@

眈眈探求 | + 2024-09-07 08:15:11 Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. 详情 @@ -1979,6 +1979,126 @@

眈眈探求 | TITLE URL + + 48834267f222a0c76e61277d19b79cf6 + CVE-2024-4889 + 2024-09-09 06:32:17 + LiteLLM代码注入漏洞 + 详情 + + + + aff91e8ce2eef6b7b3af311c0dd00b56 + CVE-2024-4941 + 2024-09-09 06:32:17 + Gradio 本地文件包含漏洞 + 详情 + + + + b58e1bf9486c564048ea4fc08b2e1558 + CVE-2024-5127 + 2024-09-09 06:32:17 + Lunary访问控制错误漏洞 + 详情 + + + + b263ebf648bf73c46703b709890cd868 + CVE-2024-5256 + 2024-09-09 06:32:17 + Sonos Era 100整数下溢漏洞 + 详情 + + + + 496f6c6938f2e9d51181943a0c088382 + CVE-2024-5267 + 2024-09-09 06:32:17 + Sonos Era 100越界写入漏洞 + 详情 + + + + 4cc032c5a6e6c4aeca2e5f4c4365afec + CVE-2023-46694 + 2024-09-09 06:32:17 + Vtenext身份验证绕过漏洞 + 详情 + + + + d738d7c69daf6f5b92e74d68b011feb8 + CVE-2024-5268 + 2024-09-09 06:32:17 + Sonos Era 100越界读取漏洞 + 详情 + + + + c402d1296b85813a8fc1a7240f05eff2 + CVE-2024-5269 + 2024-09-09 06:32:17 + Sonos Era 100释放后重用漏洞 + 详情 + + + + 2f09648c354f1830e6dee16ab601e8d2 + CVE-2023-30313 + 2024-09-09 06:32:17 + Wavlink QUANTUM D2G会话劫持漏洞 + 详情 + + + + d0777432fbc9ffe1107a68ef376463b7 + CVE-2024-28060 + 2024-09-09 06:32:17 + Apiris Kafeo DLL劫持漏洞 + 详情 + + + + dc6be20e1d1c3310f9068634ab799028 + CVE-2024-5301 + 2024-09-09 06:32:17 + Kofax Power PDF堆缓冲区溢出漏洞 + 详情 + + + + b579b815355a4bab9016d3445e314e2f + CVE-2024-28061 + 2024-09-09 06:32:17 + Apiris Kafeo身份认证绕过漏洞 + 详情 + + + + 2091995d72011ad88fd1c104c38be3d2 + CVE-2024-5303 + 2024-09-09 06:32:17 + Kofax Power PDF越界写入漏洞 + 详情 + + + + d298a74388929b4199e4596950b2d4ed + CVE-2024-35510 + 2024-09-09 06:32:17 + Desdev DedeCMS任意文件上传漏洞 + 详情 + + + + d34bcb865e7d75256c46d066efae19a1 + CVE-2024-5452 + 2024-09-09 06:32:17 + Pytorch-Lightning远程代码执行漏洞 + 详情 + + 0e07c6475177d5237d81c903a0a2ab89 CVE-2024-20931 @@ -2099,126 +2219,6 @@

眈眈探求 | 详情 - - 0a3f5eb4456977032e8fbd62be008472 - CVE-2024-1648 - 2024-07-18 09:20:36 - Electron-PDF跨站脚本漏洞 - 详情 - - - - d42b6f720ca92d70e0314d6900af9649 - CVE-2024-1608 - 2024-07-18 09:20:36 - OPPO Usercenter Credit SDK权限提升漏洞 - 详情 - - - - e3c3696efd24652a8aa97ae91d6d7816 - CVE-2024-25604 - 2024-07-18 09:20:36 - Liferay Portal和Liferay DXP授权错误漏洞 - 详情 - - - - 10eacfcd215080032deabc6db047ed91 - CVE-2024-25605 - 2024-07-18 09:20:36 - Liferay Portal和Liferay DXP默认权限错误漏洞 - 详情 - - - - f5035417996cb21ba7de9b9002e87154 - CVE-2024-25606 - 2024-07-18 09:20:36 - Liferay Portal和Liferay DXP XML外部实体引用漏洞 - 详情 - - - - 2a8e84408864730d3325e6c2189e4bf8 - CVE-2023-49250 - 2024-07-18 09:20:36 - Apache DolphinScheduler证书验证错误漏洞 - 详情 - - - - 2e43c0859f9975222946cea9f83441b6 - CVE-2023-6398 - 2024-07-18 09:20:36 - Zyxel多款产品命令注入漏洞 - 详情 - - - - c9b2fc28f109ac9c4d6df74889193941 - CVE-2023-6399 - 2024-07-18 09:20:36 - Zyxel多款产品格式化字符串错误漏洞 - 详情 - - - - 82ee11e731034cff19796ae373b8032a - CVE-2024-25149 - 2024-07-18 09:20:36 - Liferay Portal和Liferay DXP授权错误漏洞 - 详情 - - - - 430f0acce997ae1dfaadbef1ce9d1339 - CVE-2024-21892 - 2024-07-18 09:20:36 - Node.js权限提升漏洞 - 详情 - - - - 6960028273b421f789f90ebb54925ba2 - CVE-2023-5190 - 2024-07-18 09:20:36 - Liferay Portal和Liferay DXP开放重定向漏洞 - 详情 - - - - 5253657a28772a15b1b0cca70ad126e4 - CVE-2023-6764 - 2024-07-18 09:20:36 - Zyxel多款产品格式化字符串错误漏洞 - 详情 - - - - 6d75dc6ed550f9c98e3f1340df44e2ad - CVE-2024-22019 - 2024-07-18 09:20:36 - Node.js拒绝服务漏洞 - 详情 - - - - b1086aef4634dabb38e29fd8dd39418e - CVE-2024-25973 - 2024-07-18 09:20:36 - OpenOlat LMS跨站脚本漏洞 - 详情 - - - - d6f3c9f633c4dc8998b5f24b6bec6b1f - CVE-2023-44308 - 2024-07-18 09:20:36 - Liferay DXP开放重定向漏洞 - 详情 - -