Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Apr 30, 2024
1 parent 2037e28 commit 1ac0b11
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,3 +162,13 @@ d05d84e1991b97aa5bcf00bf20b264f2
e51bd18511f85dd246f6c515ec2af7ad
15e45ef5b7a214d58aadeca8b3096422
b694c1138e76c76fa8e0c545655608f2
a10e2005a12767c8c3c0446d67e0b14f
16aeb31568fc5a65740e8d3d7f527edf
120609d25cef1b0ecb090cb89b2f885e
5ee37ce759172af1063c14e5151d1eb8
e6b3a4872b84544b2c1d81589eeac7fa
e97fe5877d445b61fbb7e13f35ee6829
6f35aef1799fefcea297e47c8598db9d
5a5c9867adcf69240452d650a5433be3
26e166921e93ac7571a1466da9dc86a4
9ab635c06cc8e2248035cc963bb0d061
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-04-30 03:25:17 -->
<!-- RELEASE TIME : 2024-04-30 05:26:34 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>a10e2005a12767c8c3c0446d67e0b14f</td>
<td>CVE-2024-1371</td>
<td>2024-04-30 03:15:06 <img src="imgs/new.gif" /></td>
<td>The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1371">详情</a></td>
</tr>

<tr>
<td>16aeb31568fc5a65740e8d3d7f527edf</td>
<td>CVE-2024-4226</td>
<td>2024-04-30 02:15:06 <img src="imgs/new.gif" /></td>
<td>It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4226">详情</a></td>
</tr>

<tr>
<td>120609d25cef1b0ecb090cb89b2f885e</td>
<td>CVE-2024-0216</td>
<td>2024-04-30 02:15:06 <img src="imgs/new.gif" /></td>
<td>The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0216">详情</a></td>
</tr>

<tr>
<td>5ee37ce759172af1063c14e5151d1eb8</td>
<td>CVE-2024-4327</td>
<td>2024-04-30 01:15:46 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.9 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-262419. NOTE: The vendor was contacted early about this disclosure and explains that the documentation recommends a strict Content Security Policy and the issue was fixed in release 10.9.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4327">详情</a></td>
</tr>

<tr>
<td>e6b3a4872b84544b2c1d81589eeac7fa</td>
<td>CVE-2024-34050</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34050">详情</a></td>
</tr>

<tr>
<td>e97fe5877d445b61fbb7e13f35ee6829</td>
<td>CVE-2024-34049</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34049">详情</a></td>
</tr>

<tr>
<td>6f35aef1799fefcea297e47c8598db9d</td>
<td>CVE-2024-34048</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34048">详情</a></td>
</tr>

<tr>
<td>5a5c9867adcf69240452d650a5433be3</td>
<td>CVE-2024-34047</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34047">详情</a></td>
</tr>

<tr>
<td>26e166921e93ac7571a1466da9dc86a4</td>
<td>CVE-2024-34046</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment().</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34046">详情</a></td>
</tr>

<tr>
<td>9ab635c06cc8e2248035cc963bb0d061</td>
<td>CVE-2024-34045</td>
<td>2024-04-30 00:15:07 <img src="imgs/new.gif" /></td>
<td>The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34045">详情</a></td>
</tr>

<tr>
<td>e3bf125cf831009947f3bbfd387a6c6f</td>
<td>CVE-2024-4296</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4256">详情</a></td>
</tr>

<tr>
<td>e1bb42e08783e8349c9b901a4a8d5547</td>
<td>CVE-2024-2838</td>
<td>2024-04-27 04:15:09</td>
<td>The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2838">详情</a></td>
</tr>

<tr>
<td>2df35630aef744ff595cf8f6b6081e11</td>
<td>CVE-2024-2258</td>
<td>2024-04-27 04:15:08</td>
<td>The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2258">详情</a></td>
</tr>

<tr>
<td>3971e3e034b68833e02e1eb2390f33c6</td>
<td>CVE-2024-2859</td>
<td>2024-04-27 00:15:07</td>
<td>By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2859">详情</a></td>
</tr>

<tr>
<td>c37d2f2b00567a070d842367ddd413eb</td>
<td>CVE-2024-4244</td>
<td>2024-04-26 22:15:08</td>
<td>A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4244">详情</a></td>
</tr>

<tr>
<td>511e69a55f9b3db722c048d02808c416</td>
<td>CVE-2024-4243</td>
<td>2024-04-26 22:15:08</td>
<td>A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4243">详情</a></td>
</tr>

<tr>
<td>584dfff03389ba2a3fdd8cce35a833a2</td>
<td>CVE-2024-31828</td>
<td>2024-04-26 22:15:08</td>
<td>Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31828">详情</a></td>
</tr>

<tr>
<td>0320bfd886c68ff724da6d3106700d0e</td>
<td>CVE-2024-31741</td>
<td>2024-04-26 22:15:08</td>
<td>Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31741">详情</a></td>
</tr>

<tr>
<td>8e0680838acd7b7a0d5c1637057c0d8f</td>
<td>CVE-2024-31551</td>
<td>2024-04-26 22:15:08</td>
<td>Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31551">详情</a></td>
</tr>

<tr>
<td>d490b80eeece4c355200325bc0b2b3b1</td>
<td>CVE-2024-30804</td>
<td>2024-04-26 22:15:08</td>
<td>An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30804">详情</a></td>
</tr>

<tr>
<td>fdad9fb02646a816f9cbdfdc53b0ebc7</td>
<td>CVE-2024-3052</td>
<td>2024-04-26 22:15:08</td>
<td>Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3052">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 1ac0b11

Please sign in to comment.