Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Jun 22, 2024
1 parent 0633572 commit 0514fe4
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 25 deletions.
10 changes: 10 additions & 0 deletions cache/RedQueen.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,3 +170,13 @@ b1155703571a2cf3c245c0c52f37e090
872fc0e8cc5972d21d5a585ac10e2b1f
3bb26de5246d8b05205c8f641fdc4042
dc40a53bd0181327e60dc3cfecabc747
93394ef55f8e04b781394268f5213e48
103ca60d162c07ffd45bfba01b53141e
cfa576954be15a7a83607556bd261fb9
451388ae564dcc1d8ed14b82b478a12a
6f85b1a15db6662962a57e98a85ef050
7f10b27ec6ef80dfea684b6bd1e9168e
99d8651c6eb86f37e51711908791e881
5ce77247fc9adb40d1c803ae4c9a4c96
5fa49b5a65ff1859fe606ecaa587e893
f0a0b70d4d24abef475ea03ecc900cb4
Binary file modified data/cves.db
View file
Binary file not shown.
50 changes: 25 additions & 25 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-06-21 21:20:52 -->
<!-- RELEASE TIME : 2024-06-22 01:22:50 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -446,79 +446,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>11faf00911923c807c2372ce948a89f8</td>
<td>CVE-2024-6187</td>
<td>2024-06-20 13:15:50 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:50</td>
<td>A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6187">详情</a></td>
</tr>

<tr>
<td>220a6db36a25747a056b6dfeac91491f</td>
<td>CVE-2024-6186</td>
<td>2024-06-20 13:15:50 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:50</td>
<td>A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6186">详情</a></td>
</tr>

<tr>
<td>5102f9f9fdf71e243c8d837a55c55e92</td>
<td>CVE-2023-49113</td>
<td>2024-06-20 13:15:49 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:49</td>
<td>The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan. This issue affects Kiuwan SAST: <master.1808.p685.q13371</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49113">详情</a></td>
</tr>

<tr>
<td>50a9f9e8da4831e93a85aa605a68bd36</td>
<td>CVE-2023-49112</td>
<td>2024-06-20 13:15:49 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:49</td>
<td>Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even though they have not been granted the necessary rights to do so. This issue affects Kiuwan SAST: <master.1808.p685.q13371</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49112">详情</a></td>
</tr>

<tr>
<td>28ea75e6a55e6c331907150de4841df0</td>
<td>CVE-2023-49111</td>
<td>2024-06-20 13:15:49 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:49</td>
<td>For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is especially critical in business environments using AD SSO authentication, e.g. via ADFS, where attackers could potentially steal AD passwords. This issue affects Kiuwan SAST: <master.1808.p685.q13371</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49111">详情</a></td>
</tr>

<tr>
<td>b3e8328966ea850a3303912355683e36</td>
<td>CVE-2023-49110</td>
<td>2024-06-20 13:15:49 <img src="imgs/new.gif" /></td>
<td>2024-06-20 13:15:49</td>
<td>When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan. This issue affects Kiuwan SAST: <master.1808.p685.q13371</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49110">详情</a></td>
</tr>

<tr>
<td>0c6421284c121fbe91fc930a753d2360</td>
<td>CVE-2024-6185</td>
<td>2024-06-20 12:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-20 12:15:15</td>
<td>A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6185">详情</a></td>
</tr>

<tr>
<td>f619f9a37fcb57b2a93a0105c3ef7a33</td>
<td>CVE-2024-6184</td>
<td>2024-06-20 12:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-20 12:15:15</td>
<td>A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6184">详情</a></td>
</tr>

<tr>
<td>b85d66027ca5e654f64f2f2f0b80314a</td>
<td>CVE-2024-6183</td>
<td>2024-06-20 12:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-20 12:15:15</td>
<td>A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6183">详情</a></td>
</tr>

<tr>
<td>e17b26aa5d6bc457e114e208a0dd370c</td>
<td>CVE-2023-52883</td>
<td>2024-06-20 12:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-20 12:15:15</td>
<td>In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52883">详情</a></td>
</tr>
Expand Down Expand Up @@ -2110,111 +2110,111 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>6b51053384f1029b384246e74021c5cb</td>
<td>CVE-2023-7225</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>WordPress MapPress Maps Plugin跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96940">详情</a></td>
</tr>

<tr>
<td>c6e2d6f42a62115086afeadd07049c36</td>
<td>CVE-2024-21803</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Linux Kernel内存错误引用漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96939">详情</a></td>
</tr>

<tr>
<td>2af280c19a6a92ba74e79f5497e301cd</td>
<td>CVE-2024-22894</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Alpha Innotec Heatpumps和Novelan Heatpumps加密长度不足漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96938">详情</a></td>
</tr>

<tr>
<td>4ef93079b6fef82ce9db9048d6a89da3</td>
<td>CVE-2024-22523</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Qiyu iFair目录遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96937">详情</a></td>
</tr>

<tr>
<td>831fa63956056064641b96925e8f6639</td>
<td>CVE-2023-36260</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Feed Me Plugin for Craft CMS注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96936">详情</a></td>
</tr>

<tr>
<td>c1a5f7becb8c4d0a74cdff1ae6830456</td>
<td>CVE-2024-23170</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Mbed TLS信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96935">详情</a></td>
</tr>

<tr>
<td>762b5f34d89495d3fa5db83693078bba</td>
<td>CVE-2024-0674</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Lamassu Bitcoin ATM Douro权限提升漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96934">详情</a></td>
</tr>

<tr>
<td>9d06abc86b2a795a5bdbc41e030f08d0</td>
<td>CVE-2023-37518</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>HCL BigFix Compliance任意代码注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96933">详情</a></td>
</tr>

<tr>
<td>0eabb0486f0520add02b7069bcb0a2f6</td>
<td>CVE-2023-6942</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Mitsubishi Electric多款产品身份认证错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96932">详情</a></td>
</tr>

<tr>
<td>fd632b8e53b31a381b863bbcd3c8c3e3</td>
<td>CVE-2024-0675</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Lamassu Bitcoin ATM Douro异常情况检查错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96931">详情</a></td>
</tr>

<tr>
<td>f93e8d6fed034653841dd67280359b79</td>
<td>CVE-2023-6943</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Mitsubishi Electric多款产品不安全反射漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96930">详情</a></td>
</tr>

<tr>
<td>84eb99628c3582c822342fc0ad1d16d1</td>
<td>CVE-2023-36259</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Pixel&tonic Craft CMS Audit Plugin跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96929">详情</a></td>
</tr>

<tr>
<td>1f95d986bebc75a75576e8bb781a8190</td>
<td>CVE-2023-6374</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Mitsubishi Electric MELSEC WS Series WS0-GETH00200身份认证绕过漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96928">详情</a></td>
</tr>

<tr>
<td>1cccf1e730b876d7b22d324062762221</td>
<td>CVE-2024-23775</td>
<td>2024-06-20 09:22:17 <img src="imgs/new.gif" /></td>
<td>2024-06-20 09:22:17</td>
<td>Mbed TLS整数溢出漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/96927">详情</a></td>
</tr>
Expand Down

0 comments on commit 0514fe4

Please sign in to comment.