diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 19d81c94239..e9c959e9679 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -197,3 +197,13 @@ cb5bee0fab72e1ad282db6ffa8c3cf18 242f2b581083447e98041fd20c2ac405 6fdbe543b2b85fed2515d756f9fcb94f 90293cb407b95f5cf0bb9d6a06c3d17e +5991221dd7f4bcd9c44785cd47953117 +0e1621c0a5bc7a5153775703e7cb31c4 +3fa4694833633ad1173795aabcaea301 +68656cccb9984b1f650202b0f3069692 +83c0eccfffb9bd2dce182b29562c6066 +617f10c22f3ffd8a74c54c15c78dadef +e757e8a5c2d00621918a48f6c00ee72e +0c1b3d495fc1c36904152a1ff63ae0c1 +16e968d73608700219404c31eb0c64c3 +2ccbebfc1797839db85a8edce3fcc38d diff --git a/data/cves.db b/data/cves.db index 16525d20099..cd977d9accd 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index a7bff483786..d8e2b05f5f1 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 5991221dd7f4bcd9c44785cd47953117 + CVE-2024-5749 + 2024-10-15 17:27:51 + Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. + 详情 + + + + 0e1621c0a5bc7a5153775703e7cb31c4 + CVE-2024-48915 + 2024-10-15 17:15:11 + Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification. + 详情 + + + + 3fa4694833633ad1173795aabcaea301 + CVE-2024-9676 + 2024-10-15 16:15:06 + A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. + 详情 + + + + 68656cccb9984b1f650202b0f3069692 + CVE-2024-9506 + 2024-10-15 16:15:06 + Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. + 详情 + + + + 83c0eccfffb9bd2dce182b29562c6066 + CVE-2024-48914 + 2024-10-15 16:15:06 + Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`. + 详情 + + + + 617f10c22f3ffd8a74c54c15c78dadef + CVE-2024-48913 + 2024-10-15 16:15:05 + Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue. + 详情 + + + + e757e8a5c2d00621918a48f6c00ee72e + CVE-2024-48624 + 2024-10-15 16:15:05 + In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. + 详情 + + + + 0c1b3d495fc1c36904152a1ff63ae0c1 + CVE-2024-48623 + 2024-10-15 16:15:05 + In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). + 详情 + + + + 16e968d73608700219404c31eb0c64c3 + CVE-2024-48622 + 2024-10-15 16:15:05 + A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. + 详情 + + + + 2ccbebfc1797839db85a8edce3fcc38d + CVE-2024-47876 + 2024-10-15 16:15:05 + Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability. + 详情 + + c652841329565df1bf626d9405b2415b CVE-2024-48799 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 7394ad54ea5cfecf16c44ca325766a55 - CVE-2024-9894 - 2024-10-12 13:15:13 - A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 01f3ab32d4923ab15ff26a5c0dd2252f - CVE-2024-8902 - 2024-10-12 10:15:03 - The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. - 详情 - - - - 97c4b8438a627e6398170982959869e3 - CVE-2024-8757 - 2024-10-12 10:15:02 - The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - 详情 - - - - 4e852442438d081475e76d53907c0b1d - CVE-2024-9696 - 2024-10-12 09:15:03 - The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - a4ff18657d26c66cad75072596031452 - CVE-2024-9595 - 2024-10-12 09:15:03 - The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 8e6c151521ba806991bed6a65f6d6afa - CVE-2024-8915 - 2024-10-12 09:15:02 - The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. - 详情 - - - - cf46e57588594d6ef37da1e5cc6b521f - CVE-2024-8760 - 2024-10-12 09:15:02 - The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. - 详情 - - - - bd9aa95a2b29bd09789d4e077b5134f9 - CVE-2024-9756 - 2024-10-12 07:15:02 - The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. - 详情 - - - - 83231ce0e4aebbe43c412aaac391d414 - CVE-2024-9704 - 2024-10-12 07:15:02 - The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 9f4c5e4f9bdeaeb76801955a8f2387a3 - CVE-2024-6985 - 2024-10-11 15:38:08 - A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. - 详情 - -