Updated by Github Bot

Github-Bot · Github-Bot · commit e84f1c261e63 · 2021-08-26T23:26:34.000Z
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -108,3 +108,11 @@ a1494863655a49aaac2216d50a408024
 03ff893eaeb0bbd1639f6dc680d4d436
 38869a40eaa87caa8c5bca422051907f
 9b611e4f0591e12ad3b99b93196437c6
+ab3d2a1baa2de10eb971a8a842d84086
+ebd92be6e1cb2b3c7996752785e65879
+c08676bf3dd82325a4109bdc94155fcc
+cdcc7f91716cf5ca9025449fe9ff8c75
+1cb7ec9f53cb8b76921de6ff2fd35882
+93630190c62628190ecf6a24dc1a1bcd
+16daee4b5b67a6ab1136a3fa0d738424
+814322d2982461ad15831a37fd68b25d
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2021-08-26 22:27:17 -->
+<!-- RELEASE TIME : 2021-08-26 23:26:29 -->
 <html lang="zh-cn">
 
  <head>
@@ -252,6 +252,62 @@ <h2><a href="https://github.com/lyy289065406/threat-broadcast">威胁情报播
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>ab3d2a1baa2de10eb971a8a842d84086</td>
+       <td>CVE-2021-39165</td>
+       <td>2021-08-26 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-39165">详情</a></td>
+      </tr>
+      <tr>
+       <td>ebd92be6e1cb2b3c7996752785e65879</td>
+       <td>CVE-2021-39161</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-39161">详情</a></td>
+      </tr>
+      <tr>
+       <td>c08676bf3dd82325a4109bdc94155fcc</td>
+       <td>CVE-2021-37715</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-37715">详情</a></td>
+      </tr>
+      <tr>
+       <td>cdcc7f91716cf5ca9025449fe9ff8c75</td>
+       <td>CVE-2021-29862</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-29862">详情</a></td>
+      </tr>
+      <tr>
+       <td>1cb7ec9f53cb8b76921de6ff2fd35882</td>
+       <td>CVE-2021-29801</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-29801">详情</a></td>
+      </tr>
+      <tr>
+       <td>93630190c62628190ecf6a24dc1a1bcd</td>
+       <td>CVE-2021-29772</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-29772">详情</a></td>
+      </tr>
+      <tr>
+       <td>16daee4b5b67a6ab1136a3fa0d738424</td>
+       <td>CVE-2021-29727</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-29727">详情</a></td>
+      </tr>
+      <tr>
+       <td>814322d2982461ad15831a37fd68b25d</td>
+       <td>CVE-2021-29715</td>
+       <td>2021-08-26 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.</td>
+       <td><a href="https://www.tenable.com/cve/CVE-2021-29715">详情</a></td>
+      </tr>
       <tr>
        <td>af0b0f7a87448ee32d72a64ad58c0dcc</td>
        <td>CVE-2021-32648</td>
@@ -406,62 +462,6 @@ <h2><a href="https://github.com/lyy289065406/threat-broadcast">威胁情报播
        <td>thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.</td>
        <td><a href="https://www.tenable.com/cve/CVE-2020-19705">详情</a></td>
       </tr>
-      <tr>
-       <td>dcde5a0159d9522271474fe94fdc9585</td>
-       <td>CVE-2020-19704</td>
-       <td>2021-08-26 03:15:00 <img src="imgs/new.gif" /></td>
-       <td>A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2020-19704">详情</a></td>
-      </tr>
-      <tr>
-       <td>eb39d6388eb8babace6dd1df725ab323</td>
-       <td>CVE-2020-19703</td>
-       <td>2021-08-26 03:15:00 <img src="imgs/new.gif" /></td>
-       <td>A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2020-19703">详情</a></td>
-      </tr>
-      <tr>
-       <td>d404f28ea272b1e90e4736841d704701</td>
-       <td>CVE-2021-20815</td>
-       <td>2021-08-26 02:15:00 <img src="imgs/new.gif" /></td>
-       <td>Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-20815">详情</a></td>
-      </tr>
-      <tr>
-       <td>b970dabecc87e56239944e48e15ffc62</td>
-       <td>CVE-2021-20814</td>
-       <td>2021-08-26 02:15:00 <img src="imgs/new.gif" /></td>
-       <td>Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-20814">详情</a></td>
-      </tr>
-      <tr>
-       <td>071fb31e940d792d271ad5519da8d763</td>
-       <td>CVE-2021-20813</td>
-       <td>2021-08-26 02:15:00 <img src="imgs/new.gif" /></td>
-       <td>Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-20813">详情</a></td>
-      </tr>
-      <tr>
-       <td>3fa3baeea365f0939758188139d5b97f</td>
-       <td>CVE-2021-20812</td>
-       <td>2021-08-26 02:15:00 <img src="imgs/new.gif" /></td>
-       <td>Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-20812">详情</a></td>
-      </tr>
-      <tr>
-       <td>c35c9099f35baa426b9fdcea1172d5ab</td>
-       <td>CVE-2021-37334</td>
-       <td>2021-08-25 22:15:00 <img src="imgs/new.gif" /></td>
-       <td>A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-37334">详情</a></td>
-      </tr>
-      <tr>
-       <td>7dc6a625d3f07b2e68db30fa48cf0545</td>
-       <td>CVE-2021-37154</td>
-       <td>2021-08-25 21:15:00 <img src="imgs/new.gif" /></td>
-       <td>In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.</td>
-       <td><a href="https://www.tenable.com/cve/CVE-2021-37154">详情</a></td>
-      </tr>
      </tbody>
     </table>
    </div>
