Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Feb 12, 2024
1 parent d277f56 commit 06328ff
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 76 deletions.
3 changes: 3 additions & 0 deletions cache/RedQueen.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,3 +188,6 @@ d3f2789e0c5e123abbd94b34d443cb25
f6a86d275c7d525a8bcdea4fe877ce96
fa0543aac07c01043beb18db7434193b
47340ca90075755836eceed9b701646e
0cf077bf9da444e9fa8e76f8016d9178
e367bfb75742180a0e49d30efcac3cfc
4ac4cea989c488234efc66af02722571
9 changes: 9 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,3 +153,12 @@ a4f6a250e2a5cceccd57d833a0bc1d09
321ee7bd3eff437df0ce32737d318c47
34d2bca3e6d18e59ffc753e611d0daa1
f4f9ca58a6c1a835ad662c25aa818998
2ee0f376aaf6f42762853e62d254d63a
6ef8c696e1d824edf671edcd48a1011b
883e1f93e289237f7a3e603c99a7ca30
c3703210bec0c4bc80d80dcce840cec2
746d865c32c958ee584e146185b6eb54
2f9b668dfeaacb4b634bc3b40d48e004
c18f644104374f1406554b8eb0aac334
a8d2b08352d488b713b5bfcb38282e3a
1535be9aef679e5ce160f81f1c037be8
Binary file modified data/cves.db
View file
Binary file not shown.
152 changes: 76 additions & 76 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-02-11 23:23:16 -->
<!-- RELEASE TIME : 2024-02-12 03:23:40 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,78 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>2ee0f376aaf6f42762853e62d254d63a</td>
<td>CVE-2024-25728</td>
<td>2024-02-11 22:15:08 <img src="imgs/new.gif" /></td>
<td>ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25728">详情</a></td>
</tr>

<tr>
<td>6ef8c696e1d824edf671edcd48a1011b</td>
<td>CVE-2024-25419</td>
<td>2024-02-11 21:15:46 <img src="imgs/new.gif" /></td>
<td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25419">详情</a></td>
</tr>

<tr>
<td>883e1f93e289237f7a3e603c99a7ca30</td>
<td>CVE-2024-25418</td>
<td>2024-02-11 21:15:46 <img src="imgs/new.gif" /></td>
<td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25418">详情</a></td>
</tr>

<tr>
<td>c3703210bec0c4bc80d80dcce840cec2</td>
<td>CVE-2024-25417</td>
<td>2024-02-11 21:15:46 <img src="imgs/new.gif" /></td>
<td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25417">详情</a></td>
</tr>

<tr>
<td>746d865c32c958ee584e146185b6eb54</td>
<td>CVE-2024-1151</td>
<td>2024-02-11 15:15:07 <img src="imgs/new.gif" /></td>
<td>A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1151">详情</a></td>
</tr>

<tr>
<td>2f9b668dfeaacb4b634bc3b40d48e004</td>
<td>CVE-2024-21875</td>
<td>2024-02-11 09:15:07 <img src="imgs/new.gif" /></td>
<td>Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21875">详情</a></td>
</tr>

<tr>
<td>c18f644104374f1406554b8eb0aac334</td>
<td>CVE-2024-25722</td>
<td>2024-02-11 05:15:08 <img src="imgs/new.gif" /></td>
<td>qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25722">详情</a></td>
</tr>

<tr>
<td>a8d2b08352d488b713b5bfcb38282e3a</td>
<td>CVE-2024-25718</td>
<td>2024-02-11 05:15:08 <img src="imgs/new.gif" /></td>
<td>In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25718">详情</a></td>
</tr>

<tr>
<td>1535be9aef679e5ce160f81f1c037be8</td>
<td>CVE-2023-52428</td>
<td>2024-02-11 05:15:08 <img src="imgs/new.gif" /></td>
<td>In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52428">详情</a></td>
</tr>

<tr>
<td>ed12debe3aa15237e1ce625b8bdc75dc</td>
<td>CVE-2023-52427</td>
Expand Down Expand Up @@ -342,23 +414,23 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>321ee7bd3eff437df0ce32737d318c47</td>
<td>CVE-2024-22313</td>
<td>2024-02-10 16:15:08 <img src="imgs/new.gif" /></td>
<td>2024-02-10 16:15:08</td>
<td>IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22313">详情</a></td>
</tr>

<tr>
<td>34d2bca3e6d18e59ffc753e611d0daa1</td>
<td>CVE-2024-22312</td>
<td>2024-02-10 16:15:08 <img src="imgs/new.gif" /></td>
<td>2024-02-10 16:15:08</td>
<td>IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22312">详情</a></td>
</tr>

<tr>
<td>f4f9ca58a6c1a835ad662c25aa818998</td>
<td>CVE-2023-50957</td>
<td>2024-02-10 16:15:07 <img src="imgs/new.gif" /></td>
<td>2024-02-10 16:15:07</td>
<td>IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50957">详情</a></td>
</tr>
Expand Down Expand Up @@ -451,78 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24308">详情</a></td>
</tr>

<tr>
<td>fd1cf0b497971318c8fe486a37c52bfc</td>
<td>CVE-2024-23749</td>
<td>2024-02-09 08:15:08</td>
<td>KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23749">详情</a></td>
</tr>

<tr>
<td>f59d1d9c43f28c051adf1d4d1f5ac467</td>
<td>CVE-2023-50026</td>
<td>2024-02-09 08:15:08</td>
<td>SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50026">详情</a></td>
</tr>

<tr>
<td>96e15dd8dc499c76446e4036057e9875</td>
<td>CVE-2023-46350</td>
<td>2024-02-09 08:15:08</td>
<td>SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46350">详情</a></td>
</tr>

<tr>
<td>77df544383d80ae50f3a7ad2369bbdb4</td>
<td>CVE-2024-25004</td>
<td>2024-02-09 07:16:00</td>
<td>KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25004">详情</a></td>
</tr>

<tr>
<td>31f2847ae835ece92f71727c39536681</td>
<td>CVE-2024-25003</td>
<td>2024-02-09 07:16:00</td>
<td>KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25003">详情</a></td>
</tr>

<tr>
<td>d0d11138811bf4edcad39b9ee51c18c5</td>
<td>CVE-2024-0229</td>
<td>2024-02-09 07:16:00</td>
<td>An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0229">详情</a></td>
</tr>

<tr>
<td>8a67831d3527965ad49aab67bd619aaa</td>
<td>CVE-2023-39683</td>
<td>2024-02-09 07:15:59</td>
<td>Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39683">详情</a></td>
</tr>

<tr>
<td>43d687e4e399c13e13b79354086dad3d</td>
<td>CVE-2023-31506</td>
<td>2024-02-09 07:15:59</td>
<td>A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31506">详情</a></td>
</tr>

<tr>
<td>b853e482e9e024b7ca428d94a4783348</td>
<td>CVE-2024-1122</td>
<td>2024-02-09 05:15:08</td>
<td>The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1122">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 06328ff

Please sign in to comment.