Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Dec 17, 2024
1 parent 9d9e49e commit 5882f4d
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,13 @@ e43d3adfe02255c292babe3226af2c7b
594936095c8c3c421f9605a13558eb31
286d1bce15445150c4f662c6cd7e40d6
aa1e25452e020caa59e946d938f4420c
3246b89d17ebce389ad043c2a5c46a02
0110a638f9542db0151b15913612ab7b
0ab2d39bdfff0e23d4d8d88f0f6277fe
145033e556d1e530ea6a0b253f2d5076
7cde8f0f4cc3ce2107f1b9d29acc3798
4a5aca1b061dafb45b2596285c7b52b6
3b6e859f26639254ed32fb8e64162bbe
76de3ac3512dd89b9892cb5fbd135978
b6d1b5a24856c4e6171b742be38c0516
b7621d7f4b2ce07c211af869a2a8dc89
Binary file modified data/cves.db
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-12-17 12:51:32 -->
<!-- RELEASE TIME : 2024-12-17 18:35:04 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>3246b89d17ebce389ad043c2a5c46a02</td>
<td>CVE-2024-53144</td>
<td>2024-12-17 16:15:25 <img src="imgs/new.gif" /></td>
<td>In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53144">详情</a></td>
</tr>

<tr>
<td>0110a638f9542db0151b15913612ab7b</td>
<td>CVE-2024-12671</td>
<td>2024-12-17 16:15:25 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12671">详情</a></td>
</tr>

<tr>
<td>0ab2d39bdfff0e23d4d8d88f0f6277fe</td>
<td>CVE-2024-12670</td>
<td>2024-12-17 16:15:25 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12670">详情</a></td>
</tr>

<tr>
<td>145033e556d1e530ea6a0b253f2d5076</td>
<td>CVE-2024-12669</td>
<td>2024-12-17 16:15:25 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12669">详情</a></td>
</tr>

<tr>
<td>7cde8f0f4cc3ce2107f1b9d29acc3798</td>
<td>CVE-2024-12200</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12200">详情</a></td>
</tr>

<tr>
<td>4a5aca1b061dafb45b2596285c7b52b6</td>
<td>CVE-2024-12199</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12199">详情</a></td>
</tr>

<tr>
<td>3b6e859f26639254ed32fb8e64162bbe</td>
<td>CVE-2024-12198</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12198">详情</a></td>
</tr>

<tr>
<td>76de3ac3512dd89b9892cb5fbd135978</td>
<td>CVE-2024-12197</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12197">详情</a></td>
</tr>

<tr>
<td>b6d1b5a24856c4e6171b742be38c0516</td>
<td>CVE-2024-12194</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12194">详情</a></td>
</tr>

<tr>
<td>b7621d7f4b2ce07c211af869a2a8dc89</td>
<td>CVE-2024-12193</td>
<td>2024-12-17 16:15:24 <img src="imgs/new.gif" /></td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12193">详情</a></td>
</tr>

<tr>
<td>a4e974165785ddf24fd970bc098dd3bc</td>
<td>CVE-2024-12478</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31891">详情</a></td>
</tr>

<tr>
<td>3a4c39732fe461e569bd2add1427a4c3</td>
<td>CVE-2024-11721</td>
<td>2024-12-14 09:15:06</td>
<td>The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11721">详情</a></td>
</tr>

<tr>
<td>f44aa4fccf31b48bc527f2a267845279</td>
<td>CVE-2024-11720</td>
<td>2024-12-14 09:15:05</td>
<td>The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11720">详情</a></td>
</tr>

<tr>
<td>97419371ce8b8688c70a6a22a4091b11</td>
<td>CVE-2024-12628</td>
<td>2024-12-14 07:15:07</td>
<td>The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12628">详情</a></td>
</tr>

<tr>
<td>b43a3c1adf4b73a84a7f08c7884ac754</td>
<td>CVE-2024-12446</td>
<td>2024-12-14 07:15:07</td>
<td>The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12446">详情</a></td>
</tr>

<tr>
<td>9484696f80a32b277cd45b2512d9674c</td>
<td>CVE-2024-11715</td>
<td>2024-12-14 07:15:06</td>
<td>The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11715">详情</a></td>
</tr>

<tr>
<td>ade6aea0eabac5dd052166664db80e27</td>
<td>CVE-2024-11714</td>
<td>2024-12-14 07:15:06</td>
<td>The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11714">详情</a></td>
</tr>

<tr>
<td>0487694e96a32b018b402bc6a3c1afde</td>
<td>CVE-2024-11713</td>
<td>2024-12-14 07:15:06</td>
<td>The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11713">详情</a></td>
</tr>

<tr>
<td>8bd4e638fd93d384e254024bcf0d69ed</td>
<td>CVE-2024-11712</td>
<td>2024-12-14 07:15:06</td>
<td>The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11712">详情</a></td>
</tr>

<tr>
<td>c25a2ba2d3bed359741f69e4db5ca730</td>
<td>CVE-2024-55889</td>
<td>2024-12-13 14:15:22</td>
<td>phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55889">详情</a></td>
</tr>

<tr>
<td>b2370b33d7c90304933eaa0265322413</td>
<td>CVE-2024-48008</td>
<td>2024-12-13 14:15:22</td>
<td>Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48008">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 5882f4d

Please sign in to comment.