Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Oct 25, 2024
1 parent 73be121 commit 1715d74
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,3 +192,13 @@ e7e53c40ef0dd619e17f27d243cbfbcf
c3c4f53fe12e4503c06ab818c8cff949
22029d0b9bd83484ed76062e45939beb
498b423cec46bfa9168d78491a089fe5
e41781926644e5b7e01708f59f0e98ae
f6fa6284bf91bb1d0d0d60dd291680d2
fbaeb433df3a076886b57e9a767bb181
7338bfcae89e47a36ac9c4d2f8348d6c
3b0ec2041c38f2b6c8ce4b38b3fcfcd2
c742f88adbc2f1e7ee10af7ecbd18463
5f1301fe94f68f80ed703e0a44a766cf
b726af1b91cf91a01f73ba837637dee1
a5b24b53b530937981c4cb643acc4032
51702a7ed7a213966762449f8f65c69e
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-10-25 03:30:48 -->
<!-- RELEASE TIME : 2024-10-25 06:32:57 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>e41781926644e5b7e01708f59f0e98ae</td>
<td>CVE-2022-30268</td>
<td>2024-10-25 02:43:51 <img src="imgs/new.gif" /></td>
<td>The affected products use the Winloader utility to manage firmware updates by serial port or a serial-over-Ethernet link that were found to not use authentication. This could allow an attacker to push malicious firmware images to the controller and cause a denial-of-service condition or allow remote code execution. This vulnerability only effects version of the CPE302, 205, and 310 that were produced before the "-Bxxx" hardware revisions.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-30268">详情</a></td>
</tr>

<tr>
<td>f6fa6284bf91bb1d0d0d60dd291680d2</td>
<td>CVE-2022-30265</td>
<td>2024-10-25 02:43:23 <img src="imgs/new.gif" /></td>
<td>Control logic downloaded to the PLC, which can be either written in one of the IEC 61131-3 languages or written in C and supplied as an ELF binary block, is not cryptographically authenticated.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-30265">详情</a></td>
</tr>

<tr>
<td>fbaeb433df3a076886b57e9a767bb181</td>
<td>CVE-2024-5717</td>
<td>2024-10-25 02:41:57 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5717">详情</a></td>
</tr>

<tr>
<td>7338bfcae89e47a36ac9c4d2f8348d6c</td>
<td>CVE-2024-5716</td>
<td>2024-10-25 02:41:28 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5716">详情</a></td>
</tr>

<tr>
<td>3b0ec2041c38f2b6c8ce4b38b3fcfcd2</td>
<td>CVE-2024-7240</td>
<td>2024-10-25 02:30:19 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7240">详情</a></td>
</tr>

<tr>
<td>c742f88adbc2f1e7ee10af7ecbd18463</td>
<td>CVE-2024-7238</td>
<td>2024-10-25 02:29:46 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7238">详情</a></td>
</tr>

<tr>
<td>5f1301fe94f68f80ed703e0a44a766cf</td>
<td>CVE-2024-7234</td>
<td>2024-10-25 02:28:29 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7234">详情</a></td>
</tr>

<tr>
<td>b726af1b91cf91a01f73ba837637dee1</td>
<td>CVE-2024-7227</td>
<td>2024-10-25 02:27:49 <img src="imgs/new.gif" /></td>
<td>This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7227">详情</a></td>
</tr>

<tr>
<td>a5b24b53b530937981c4cb643acc4032</td>
<td>CVE-2024-37396</td>
<td>2024-10-25 02:24:26 <img src="imgs/new.gif" /></td>
<td>A stored cross-site scripting (XSS) vulnerability in the Calendar function of Vanderbilt REDCap 13.1.9 allows authenticated users to execute arbitrary web scripts or HTML via injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the event is viewed. Updating to version 14.2.1 or later is recommended to remediate this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37396">详情</a></td>
</tr>

<tr>
<td>51702a7ed7a213966762449f8f65c69e</td>
<td>CVE-2024-37395</td>
<td>2024-10-25 02:24:05 <img src="imgs/new.gif" /></td>
<td>A stored cross-site scripting (XSS) vulnerability in the Public Survey function of Vanderbilt REDCap 13.1.9 allows authenticated users to execute arbitrary web scripts or HTML via injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by attackers to execute malicious scripts when the survey is accessed through its public link. It is advised to update to version 14.2.1 or later to fix this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37395">详情</a></td>
</tr>

<tr>
<td>4fb0bb949f2e8050bf1802188ae2b3d3</td>
<td>CVE-2023-50355</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48925">详情</a></td>
</tr>

<tr>
<td>727bb6af4ff3c3f25237f907a62c0460</td>
<td>CVE-2024-48605</td>
<td>2024-10-22 16:15:07</td>
<td>An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48605">详情</a></td>
</tr>

<tr>
<td>95114e2e75e5dbfbb235fcda89610508</td>
<td>CVE-2024-47819</td>
<td>2024-10-22 16:15:07</td>
<td>Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47819">详情</a></td>
</tr>

<tr>
<td>23e3ef64a8a75f035fd469f521742678</td>
<td>CVE-2024-46240</td>
<td>2024-10-22 16:15:07</td>
<td>Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-46240">详情</a></td>
</tr>

<tr>
<td>38d401b0c3741491d0d340e85fcf6621</td>
<td>CVE-2022-23862</td>
<td>2024-10-22 16:15:05</td>
<td>A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-23862">详情</a></td>
</tr>

<tr>
<td>d54ffc2467af758ecd75ccd9e2846636</td>
<td>CVE-2022-23861</td>
<td>2024-10-22 16:15:04</td>
<td>Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-23861">详情</a></td>
</tr>

<tr>
<td>15c1d80b8627a4bbb931f777dc3cad42</td>
<td>CVE-2024-50065</td>
<td>2024-10-21 19:39:53</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the allocation to GFP_NOWAIT.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50065">详情</a></td>
</tr>

<tr>
<td>bbbb53699e7a1956d5fd9c6e744b3c4b</td>
<td>CVE-2024-50064</td>
<td>2024-10-21 19:39:52</td>
<td>In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [[email protected]: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/[email protected]</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50064">详情</a></td>
</tr>

<tr>
<td>170f26057e8b0a48413ff3a9e770de72</td>
<td>CVE-2024-50063</td>
<td>2024-10-21 19:39:51</td>
<td>In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is attached to func2 which takes two parameters. Since verifier assumes the bpf ctx passed to prog2 is constructed based on func2's prototype, verifier allows prog2 to access the second parameter from the bpf ctx passed to it. The problem is that verifier does not prevent prog1 from passing its bpf ctx to prog2 via tail call. In this case, the bpf ctx passed to prog2 is constructed from func1 instead of func2, that is, the assumption for ctx access verification is bypassed. Another example, if BPF LSM prog1 is attached to hook file_alloc_security, and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier knows the return value rules for these two hooks, e.g. it is legal for bpf_lsm_audit_rule_known to return positive number 1, and it is illegal for file_alloc_security to return positive number. So verifier allows prog2 to return positive number 1, but does not allow prog1 to return positive number. The problem is that verifier does not prevent prog1 from calling prog2 via tail call. In this case, prog2's return value 1 will be used as the return value for prog1's hook file_alloc_security. That is, the return value rule is bypassed. This patch adds restriction for tail call to prevent such bypasses.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50063">详情</a></td>
</tr>

<tr>
<td>87f38e370d5358a7207964167d3677a2</td>
<td>CVE-2024-50062</td>
<td>2024-10-21 19:39:51</td>
<td>In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-srv: Avoid null pointer deref during path establishment For RTRS path establishment, RTRS client initiates and completes con_num of connections. After establishing all its connections, the information is exchanged between the client and server through the info_req message. During this exchange, it is essential that all connections have been established, and the state of the RTRS srv path is CONNECTED. So add these sanity checks, to make sure we detect and abort process in error scenarios to avoid null pointer deref.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50062">详情</a></td>
</tr>

<tr>
<td>30af04feb4bc93f58a1efd04945f2408</td>
<td>CVE-2024-50061</td>
<td>2024-10-21 19:39:50</td>
<td>In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50061">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 1715d74

Please sign in to comment.