diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 89051d4ec84..35ab9323cb7 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -142,3 +142,13 @@ d768d0b6cf54837815bfaeb67117fc0b fda1b5c1d4095322a3e93a9067c98fad 7e01b98183c1a6b72d5cc438a2ceab04 58ee1c1a3573e58c2cbe62c68b43edef +801f710aae50552eeaed4132fc3ebbf5 +5cb5098dd477194b7d5f52c902dbe0f6 +df7f5c827572d2c561e1c206a0a77b0f +b785d7b15d5ef67f24e37119ecdb20c3 +e63781e2ab03c94a69292c2027453e55 +fe915a3342b1dd27be99c924a01adf1e +ad1e6237c7e5ef6847dcc04b891b2353 +5a6922c25dabba5a31bb1f87b6f08f1f +afabc5c7a751dc754a0f7ef3d0f27a33 +698ae292edfc1233afd5d0e9f9a0b3eb diff --git a/data/cves.db b/data/cves.db index 8c5dddd790f..e2fce7d31ed 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 788ee6446fd..d7b9de0ebdb 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 801f710aae50552eeaed4132fc3ebbf5 + CVE-2024-11082 + 2024-11-28 09:47:12 + The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + 详情 + + + + 5cb5098dd477194b7d5f52c902dbe0f6 + CVE-2024-10780 + 2024-11-28 09:47:12 + The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. + 详情 + + + + df7f5c827572d2c561e1c206a0a77b0f + CVE-2024-8672 + 2024-11-28 09:47:11 + The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched. + 详情 + + + + b785d7b15d5ef67f24e37119ecdb20c3 + CVE-2024-10670 + 2024-11-28 09:47:11 + The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. + 详情 + + + + e63781e2ab03c94a69292c2027453e55 + CVE-2024-10798 + 2024-11-28 09:47:10 + The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to. + 详情 + + + + fe915a3342b1dd27be99c924a01adf1e + CVE-2024-11103 + 2024-11-28 09:47:09 + The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. + 详情 + + + + ad1e6237c7e5ef6847dcc04b891b2353 + CVE-2024-22037 + 2024-11-28 09:46:07 + The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. + 详情 + + + + 5a6922c25dabba5a31bb1f87b6f08f1f + CVE-2024-11599 + 2024-11-28 09:42:48 + Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration. + 详情 + + + + afabc5c7a751dc754a0f7ef3d0f27a33 + CVE-2024-22038 + 2024-11-28 09:38:03 + Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. + 详情 + + + + 698ae292edfc1233afd5d0e9f9a0b3eb + CVE-2024-49502 + 2024-11-28 09:26:38 + A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1. + 详情 + + 2f727bde471b13c1ae2e14076ab3a4c8 CVE-2024-52323 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - e07bc2c33b3c45eb1fe555e936e1f44f - CVE-2024-11664 - 2024-11-25 09:15:06 - A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. - 详情 - - - - d2aaafa108cdeddab6eab316968d3f28 - CVE-2024-11663 - 2024-11-25 09:15:06 - A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 17400c831ef3066f86e7e8c3813a506b - CVE-2022-33862 - 2024-11-25 08:54:39 - IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. - 详情 - - - - 9c4fcb1bac12f13476b88489e06bea12 - CVE-2024-11661 - 2024-11-25 08:15:09 - A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue. - 详情 - - - - b32fce327f1088af29d9a77211082940 - CVE-2024-10492 - 2024-11-25 08:15:08 - A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not. - 详情 - - - - b899d342ec994e31ea7d20f69831c44e - CVE-2024-10451 - 2024-11-25 07:37:05 - A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2. - 详情 - - - - fd1c6ff78239ee5f70c92bf0ec3420c8 - CVE-2024-10270 - 2024-11-25 07:37:04 - A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. - 详情 - - - - 6a21b3419e5329a7330f496f9e844fd5 - CVE-2024-9666 - 2024-11-25 07:29:52 - A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. - 详情 - - - - 1f0bffc6e77b30531a3a5027d13a00f1 - CVE-2024-11660 - 2024-11-25 07:00:18 - A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. - 详情 - - - - 73c70b14c7658664dabeafc6a043778e - CVE-2024-6538 - 2024-11-25 06:15:12 - A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clients due to network filtering. Leveraging such an attack vector, the attacker can have an impact on other services and potentially disclose information or have other nefarious effects on the system. The /api/dev-console/proxy/internet endpoint on the OpenShit Console allows authenticated users to have the console's pod perform arbitrary and fully controlled HTTP(s) requests. The full response to these requests is returned by the endpoint. While the name of this endpoint suggests the requests are only bound to the internet, no such checks are in place. An authenticated user can therefore ask the console to perform arbitrary HTTP requests from outside the cluster to a service inside the cluster. - 详情 - -