From f051b739b2f1bac6cb6e66064c845066c76cbed1 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Sat, 24 Feb 2024 04:26:09 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 46264320 -> 46272512 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 11566748956..5c8527b77a9 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -138,3 +138,13 @@ be6d551f744835946998a7219c67f895 bffb1850509bf03cb97fefe7c5b83687 4571101982628b560ac359d9fed57057 75508d355027c666c98c0eea80a9b34e +6ef3af727eb04d9fb4c43ad16e6db9df +9aa20a833c520e03bd522cadda9df036 +217cfaa9e6233a04fc43cc8767962c90 +3d74df6ef9f8eddaf7c49c733f4db9fa +072a54c202441464684878bf29a5d7ff +b59997fd2729c49c1b31a22454c521ab +36f430982d18bed4c07cf445a1584d55 +861e51f51a27d948f55a498515fc2508 +593fbe0d06bb1faad6234fa9429028aa +66e7d9be46166f8da63f26bf33f82f79 diff --git a/data/cves.db b/data/cves.db index da08f38a46ba31241aa02883c81cb5c6d71e1a27..d933db0ff33450c3b4760f08eae53003ca6a827c 100644 GIT binary patch delta 5812 zcmd7U33L_J83%CQkc0?f4GD&@OajQ3<-M7C8;TIa4hc(;MMb`OZ)V8I%X{H12|+Ol z$tMCTpyIePB;bmupop>HUsT1Bb0)@uKgplz+kdfL+^=lmw;y_vc1 z-tXS;-mmG{`rM`+m*;NDPhZ%rTT#JQagu9cGcmcC1g7pxX-w%%8B9HxGMP?e>dDlL zDT}E$Qy-?jO#PVpGYw$MW*W$p!<5T3i0O2uJf^`+`AkEYhB6If8qOp#6)+VtjbIwd zG>YjArqN7en8q@VV;av?#8k{w!c@xSX7VseOfr+g8q;*98B8;oW--lXn!{AVRLL}#X&%#jrUgt@ObeOLWm?3v zm}v>qQl|5m&S$!SX&KXnOv{-NAC)P@6lT(xbS8so1yePX$#fCZN~Q=?4O5gU##GC+ ziYd;NU`jHjnCh77nN~A3Fs)&_nCTLxwM>^XH8M3ZH8ZVaYGG<+Vy4TO)-zqsw1H_O z(`7N)ICS2JD1bS=|1rt6q2rt6t*V7ig%CZ?O2ZeiNaWHaqxYGZ0= z+R3zw=~kxOm~LmfgXvDDyO?$}-OaRz=^mzgneJoS%e0T_ex?VQ_A@=mbb#q0riYmh zG96+%%yfk55vC5NqfC!7J;wAn(-TbJVfrr9lT1%BJUk zOh00Jf$2r2A2Yqg^b@9+nSRRjGp3(2{etP2Ouu4!h3Od6t4zOUdX4EfOs_M&!Sp86 zZ<*d=I?nVq(>qM>GX0L}J*M}WPB4AI^dZwprr$Gt#Pl)KADI5g^a<0Sm_B9tGt*~G zpKl=7mE-~ex zU^s|S0EI9DM#3mK14hFb7z^WIJQP7Olt3xC!2=S=pnw;A;D-PNVFH{9XTd}`8z#YI zD1&pL9HzijmxTQzzV1a6E1?45P=$qLJVqQ6~rL{Nk~B*)Wd3MfHiP2Tmoz1QfP!GXohvr z0hNV30J{p*aBPOYPbfjg>7&hSa3bu05`%-a5LNj+rfq%&<5?W z6L!I^a2wnXcfg%+7wm?+VGrB`_riU!7xuyZ@Br+G2jKub1P{YOI0T2`2s{EEa1iz%Suf z@CqD*SK-(28vF)chd1C&_$|Bz$Kh>w2i}F>!F%vNoPZDDLpTY)hmYW6_yhbAK7l{M zr|@U^3_f>lAOYzQ0(6HoNQVsQ0hw?b^n_lJ1-+pU^o4%V9|k}+41^rWg+XvSWt`g2k`|mcn^(K3o9H z;6hjqPW)8}K^Qd9!GIM|4JKR!Dm>!llp% zP0$SMpaoii;WAhcm%|3w2%F#vxDu{{&9DWw!qspMTnpRaIcf%gI2kwRYU@z>0`{4oD4-X1Q=zy^6mCUv2+qyZ$ zUPsok1Hwmwz2&j(LfU}=N3U%Ww$01xlT{>gdnFzi&h67T?|l7$fXhS9FO~fV{`hm>A7jky0^Lf_`2(FU2inq zv!ZxxbB^4cqXtz~a;pJZ4tpiH?v_KESCYc2rl~>AaNF|-JtX7{lFwFeu5*pBk14kc zqx&hvZmC$3MM<9E@lJ3Dt+wOS#m;*pEoz%HLQ;w)pC>4_>fAof`Kgu~xur(+>4vNt ze#x(g+=>=7LP}VXRn6nmeVTpZ!(l?c-L(D@A>9?U%AS0G^!7tDh5X{GiZYMeEml>{ zDPAZVjADs{@rj^;AH!ED(*(H)2y>^DBh;FwtEaku63A?f) z-8ItQJmj#DE(E2-*2LabKnbbK(>R3s_RtD0?{*#6nTL81|l)rj6=&0Jw7#cF-E zSf@r(x;6iatFm)MRV?gky--Y~LWyMDjIOYT7$=9=?-f;%!t?fFLpX1Cacw?sK#}1g&ws&-~L&~zc+-! ze?A23`Qg`%v7h_kh>+&?%kI{CZm;N^sYbb_Q4RP!y4PcPJ*wo_f=a;fdQ~MD@Or#P zSn^t)_N93}kVJluEZGJ2GS}c-Gb&chF(R>gF`}y)Midj5R8`qWAD<}XXT)ixxN1C_C)9*V{6f?LMBa_o|4*9yI? zefwACj;q7Xq+U}SaWbY(jhkvHq9?v?KK|={%lg~CS&u$(-au>fyO#}CPQ{A*bNd`8 z%B^{FYo03m3`KSa1Cr(mgmg^_yZvE9QM{_h8&EW>S-bj+D9c?V@qB%hvAyU~F`kM> zv68X8PsP$%RQ9Ut7rC<2G&QN(cO(4y6TTAuzke5-&lhihi z^@#QjbMb#Rg8u(70*kWa<4?_(ysn1ZXFK!NoRXVUYRDT52K|O6`K4f335Go(83`gO zUImAf$69s%qCETk0oWZ!1p;MJ(M%*#y0fC!tW4_R82*LKn7DXKMU_}r5-4%oWjpr? zdG_R6mk7iAlo}=$acM{muT0gJ+MZP%0yh1>o?-uHd(Y2#%2i_b%|Yi%0|CYvJF9aY z=E$u%s@pHA7=v@fC?3V9_yS769|##zQ1xnlOYOfg&+gZ!Lr8B7cxFZudN_rhs%&bN zxKeL$# zQx(O3Bnm^nF$~s;z{k1&v9b62>e#LMYd4RxkDfRzq?P&tp4OqbKHz7F0|NxZ`WGCueN3vT=6u1sp*0JgYC)j4k4o`*c{{b8JWoO2Dw3%JlKI%HK?O9kyW>1 zpaKks1Ad=B=##=$bIrCqyXoXnAx-cEtjUu$P58%Jvux5PpIv*fOc;TCC^G{Ar$BP` z33Tgopg*;Y7CJt?GypN<1Jq$@s;&u0WQ)h8R0 zFJvIH0m-mlt)H1^)8a!ydeq~d8AaWI@+79Eu=5s9*P}X8PZvXK+({tRE=bP0m{W(A zqDG3CNWTU#5ix5E#W8vqrAFuTryd{MRWwcQtUt@+dRG#kHL){S-S*xSyM&>3&F(!y cZsV7==$Dm`^1tefbzk}0Bf6GpciH3q3t6EZO8@`> delta 2668 zcmWmG03q5k@I9{-L8An&ADqI~WL37RSXHfRR&}d}Rnw|v)wb$bb**|v$e(A zYHhQ&TRW_s)-G$ewa40P?Xyy?{ni2Npp|AFvJP8EtfSU3>$r8oI%%Dt;^OG>#B9lx^CUDZdw`EE$g=Rl=ZarjPHlJ&CniuJ1X znsvu|-Fm}%(|XH#+j_@(*Lu%--}=D%(E7;w*!sl!)Vgckvp%yvx9(eCSP!f(t*@-F zt#7Pvt%ufk*7w#A){oXt*3Z^2*00uY*6-FM>ksR(^{4g3`pf#;`p5d$`Y%x->lA_j zLXjC^$bzg0M>b?f4n!a)av?YJATJ`35BX65Q7DK)D2yT~iee~^5-5piltO8gL0ObT zc~n3}R6=D`K~+>kb<{vj)Ix34L0!~CeKbHrG(uxEK~pqCbF@H9v_fmNL0hy#dvrhy zIwBUG&>3CO72Obr?&yJ@=!M?sgTCm8{uqFP7=*zXf_Mb?ABtfZju9A%Q5cOe7>jWj zj|rHFNtlc&n2Kqbjv1JVS(uGEn2ULsj|EtWMOcgkEWuJN!*UoauoA0~h}BqwwOEJs zNJ27FumKyf37fG6Td@t>u>(7?3%jugd$A9x*pCA^h%_9+VI09x9K&&(z)76KX`I1X zoWprsz(rg_Ixgc1uHqW5;|6Xb1GjJ+PvL1igJZ#kl)&b=h{&Y02k8NFIhZTKTn*-0FxP{*5zNhCG6ETC4{inGpA^Uznwlv> o;a9^$vc_ad3cC{)m3eSzM&7uGA<2QQ(aAB7Gg9y04#Y?N58pfbX8-^I diff --git a/docs/index.html b/docs/index.html index 33d6f9ec4d9..83c1f03e86e 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 6ef3af727eb04d9fb4c43ad16e6db9df + CVE-2024-22395 + 2024-02-24 00:15:45 + Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. + 详情 + + + + 9aa20a833c520e03bd522cadda9df036 + CVE-2024-26192 + 2024-02-23 23:15:09 + Microsoft Edge (Chromium-based) Information Disclosure Vulnerability + 详情 + + + + 217cfaa9e6233a04fc43cc8767962c90 + CVE-2024-26188 + 2024-02-23 23:15:09 + Microsoft Edge (Chromium-based) Spoofing Vulnerability + 详情 + + + + 3d74df6ef9f8eddaf7c49c733f4db9fa + CVE-2024-25469 + 2024-02-23 23:15:09 + SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. + 详情 + + + + 072a54c202441464684878bf29a5d7ff + CVE-2024-24681 + 2024-02-23 23:15:09 + Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents. + 详情 + + + + b59997fd2729c49c1b31a22454c521ab + CVE-2024-22988 + 2024-02-23 23:15:09 + An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. + 详情 + + + + 36f430982d18bed4c07cf445a1584d55 + CVE-2024-27133 + 2024-02-23 22:15:55 + Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields. + 详情 + + + + 861e51f51a27d948f55a498515fc2508 + CVE-2024-27132 + 2024-02-23 22:15:55 + Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. + 详情 + + + + 593fbe0d06bb1faad6234fa9429028aa + CVE-2024-25730 + 2024-02-23 22:15:55 + Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities). + 详情 + + + + 66e7d9be46166f8da63f26bf33f82f79 + CVE-2024-24310 + 2024-02-23 22:15:54 + In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection. + 详情 + + 9b8817a4cdf6c801151b440311017df3 CVE-2024-23320 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 640710eaf71aecdc74a8d95125237edf - CVE-2024-26445 - 2024-02-22 14:15:47 - flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php - 详情 - - - - d8cd9690eea9b704088fb7439252d0ed - CVE-2024-26352 - 2024-02-22 14:15:47 - flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php - 详情 - - - - bd9db3e6c33812282c832255a42b5dde - CVE-2024-26351 - 2024-02-22 14:15:47 - flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php - 详情 - - - - 4e2c207be20516a7fc6205ce0f4df149 - CVE-2024-26350 - 2024-02-22 14:15:47 - flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php - 详情 - - - - e6933fc77c361acca21adbd8d0ea40dc - CVE-2024-26349 - 2024-02-22 14:15:47 - flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php - 详情 - - - - f3d1d56ec04c70c0095f6c8902f1abfb - CVE-2024-25876 - 2024-02-22 14:15:47 - A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. - 详情 - - - - f7ac6e7a50464b80d3f03045c13a88b8 - CVE-2024-25875 - 2024-02-22 14:15:46 - A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. - 详情 - - - - ee41dd336a3674ec126b82f4f5664a66 - CVE-2024-25874 - 2024-02-22 14:15:46 - A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. - 详情 - - - - 1ede93ed4c1c623b9536e70688154c64 - CVE-2024-25873 - 2024-02-22 14:15:46 - Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. - 详情 - - - - 0b860e00df8cf398294f1315db259d8a - CVE-2024-23094 - 2024-02-22 14:15:46 - Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php - 详情 - -