diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
index 75894d066f1..19e8015e307 100644
--- a/cache/Tenable (Nessus).dat
+++ b/cache/Tenable (Nessus).dat
@@ -108,3 +108,11 @@ a1494863655a49aaac2216d50a408024
03ff893eaeb0bbd1639f6dc680d4d436
38869a40eaa87caa8c5bca422051907f
9b611e4f0591e12ad3b99b93196437c6
+ab3d2a1baa2de10eb971a8a842d84086
+ebd92be6e1cb2b3c7996752785e65879
+c08676bf3dd82325a4109bdc94155fcc
+cdcc7f91716cf5ca9025449fe9ff8c75
+1cb7ec9f53cb8b76921de6ff2fd35882
+93630190c62628190ecf6a24dc1a1bcd
+16daee4b5b67a6ab1136a3fa0d738424
+814322d2982461ad15831a37fd68b25d
diff --git a/data/cves.db b/data/cves.db
index 7be096793df..28edd74190c 100644
Binary files a/data/cves.db and b/data/cves.db differ
diff --git a/docs/index.html b/docs/index.html
index 739ee7fd15e..db1a916350b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,4 +1,4 @@
-
+
@@ -252,6 +252,62 @@ 威胁情报播
TITLE |
URL |
+
+ ab3d2a1baa2de10eb971a8a842d84086 |
+ CVE-2021-39165 |
+ 2021-08-26 21:15:00 |
+ Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. |
+ 详情 |
+
+
+ ebd92be6e1cb2b3c7996752785e65879 |
+ CVE-2021-39161 |
+ 2021-08-26 20:15:00 |
+ Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. |
+ 详情 |
+
+
+ c08676bf3dd82325a4109bdc94155fcc |
+ CVE-2021-37715 |
+ 2021-08-26 20:15:00 |
+ A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. |
+ 详情 |
+
+
+ cdcc7f91716cf5ca9025449fe9ff8c75 |
+ CVE-2021-29862 |
+ 2021-08-26 20:15:00 |
+ IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. |
+ 详情 |
+
+
+ 1cb7ec9f53cb8b76921de6ff2fd35882 |
+ CVE-2021-29801 |
+ 2021-08-26 20:15:00 |
+ IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. |
+ 详情 |
+
+
+ 93630190c62628190ecf6a24dc1a1bcd |
+ CVE-2021-29772 |
+ 2021-08-26 20:15:00 |
+ IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. |
+ 详情 |
+
+
+ 16daee4b5b67a6ab1136a3fa0d738424 |
+ CVE-2021-29727 |
+ 2021-08-26 20:15:00 |
+ IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. |
+ 详情 |
+
+
+ 814322d2982461ad15831a37fd68b25d |
+ CVE-2021-29715 |
+ 2021-08-26 20:15:00 |
+ IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018. |
+ 详情 |
+
af0b0f7a87448ee32d72a64ad58c0dcc |
CVE-2021-32648 |
@@ -406,62 +462,6 @@ 威胁情报播
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. |
详情 |
-
- dcde5a0159d9522271474fe94fdc9585 |
- CVE-2020-19704 |
- 2021-08-26 03:15:00 |
- A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. |
- 详情 |
-
-
- eb39d6388eb8babace6dd1df725ab323 |
- CVE-2020-19703 |
- 2021-08-26 03:15:00 |
- A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
- 详情 |
-
-
- d404f28ea272b1e90e4736841d704701 |
- CVE-2021-20815 |
- 2021-08-26 02:15:00 |
- Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
- 详情 |
-
-
- b970dabecc87e56239944e48e15ffc62 |
- CVE-2021-20814 |
- 2021-08-26 02:15:00 |
- Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
- 详情 |
-
-
- 071fb31e940d792d271ad5519da8d763 |
- CVE-2021-20813 |
- 2021-08-26 02:15:00 |
- Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
- 详情 |
-
-
- 3fa3baeea365f0939758188139d5b97f |
- CVE-2021-20812 |
- 2021-08-26 02:15:00 |
- Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
- 详情 |
-
-
- c35c9099f35baa426b9fdcea1172d5ab |
- CVE-2021-37334 |
- 2021-08-25 22:15:00 |
- A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion. |
- 详情 |
-
-
- 7dc6a625d3f07b2e68db30fa48cf0545 |
- CVE-2021-37154 |
- 2021-08-25 21:15:00 |
- In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. |
- 详情 |
-