Updated by Github Bot

EXP-Tools · Apr 26, 2024 · 74ccb2f · 74ccb2f
1 parent 92761a4
commit 74ccb2f
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -120,3 +120,13 @@ b8a713de6ca0698ed9a494397e785971
 e298b5890aab77b846a4ee4343b71a30
 ef2542d61fa43716271a236b1da93dc7
 cb2e14c07e543abe95671cb4d31df54d
+9e95c83848c0c8eaab3691d3162c11e5
+833d642405bd8fc62c742ed1f028d092
+ad026c74765186ac5d13d15335c1ab86
+3cce5f0e35b493fc016e1a625895198a
+e0fa8f91ec33c169e5dbb7a09106ce9e
+b85204ab61164bbbea71be1be077589c
+039b66811d5fa56e26df7ee0a647f104
+e1b455f9593bd816c307679a43d85fcd
+6f88cdb25822c2c2fff7af07253fd82a
+6d309a8480978e80d45aa41aea1e6da9
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-26 03:25:59 -->
+<!-- RELEASE TIME : 2024-04-26 05:26:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>9e95c83848c0c8eaab3691d3162c11e5</td>
+       <td>CVE-2024-33664</td>
+       <td>2024-04-26 00:15:09 <img src="imgs/new.gif" /></td>
+       <td>python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33664">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>833d642405bd8fc62c742ed1f028d092</td>
+       <td>CVE-2024-33663</td>
+       <td>2024-04-26 00:15:09 <img src="imgs/new.gif" /></td>
+       <td>python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33663">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ad026c74765186ac5d13d15335c1ab86</td>
+       <td>CVE-2024-33661</td>
+       <td>2024-04-26 00:15:08 <img src="imgs/new.gif" /></td>
+       <td>Portainer before 2.20.0 allows redirects when the target is not index.yaml.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33661">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3cce5f0e35b493fc016e1a625895198a</td>
+       <td>CVE-2024-32868</td>
+       <td>2024-04-26 00:15:08 <img src="imgs/new.gif" /></td>
+       <td>ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32868">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e0fa8f91ec33c169e5dbb7a09106ce9e</td>
+       <td>CVE-2024-32651</td>
+       <td>2024-04-26 00:15:08 <img src="imgs/new.gif" /></td>
+       <td>changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32651">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b85204ab61164bbbea71be1be077589c</td>
+       <td>CVE-2024-0916</td>
+       <td>2024-04-25 23:15:46 <img src="imgs/new.gif" /></td>
+       <td>Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0916">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>039b66811d5fa56e26df7ee0a647f104</td>
+       <td>CVE-2024-3265</td>
+       <td>2024-04-25 22:15:09 <img src="imgs/new.gif" /></td>
+       <td>The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3265">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e1b455f9593bd816c307679a43d85fcd</td>
+       <td>CVE-2024-31610</td>
+       <td>2024-04-25 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31610">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6f88cdb25822c2c2fff7af07253fd82a</td>
+       <td>CVE-2024-31609</td>
+       <td>2024-04-25 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31609">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6d309a8480978e80d45aa41aea1e6da9</td>
+       <td>CVE-2022-36029</td>
+       <td>2024-04-25 21:15:46 <img src="imgs/new.gif" /></td>
+       <td>Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-36029">详情</a></td>
+      </tr>
+
       <tr>
        <td>e9481aacbbb9dfafb69df26298c73a28</td>
        <td>CVE-2024-20313</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30886">详情</a></td>
       </tr>
 
-      <tr>
-       <td>77e33783c65fb599dd25a95235f2bee9</td>
-       <td>CVE-2024-3177</td>
-       <td>2024-04-22 23:15:51</td>
-       <td>A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3177">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>280b2b1c7479b8e43c50efa9161e532c</td>
-       <td>CVE-2024-32657</td>
-       <td>2024-04-22 23:15:50</td>
-       <td>Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32657">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>62e666b89f29ff2e4e2b22e4bf0e0a42</td>
-       <td>CVE-2024-32656</td>
-       <td>2024-04-22 23:15:50</td>
-       <td>Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32656">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>554a0ac02706303dcded2a7cd054af14</td>
-       <td>CVE-2024-32653</td>
-       <td>2024-04-22 23:15:50</td>
-       <td>jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32653">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4aa135259bd73194edced3140171ead9</td>
-       <td>CVE-2024-32480</td>
-       <td>2024-04-22 23:15:50</td>
-       <td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32480">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>298f54b7417e20b3553b685ca66b2161</td>
-       <td>CVE-2024-32479</td>
-       <td>2024-04-22 22:15:08</td>
-       <td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32479">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9eccda989b666a21ac84d2c831c4a697</td>
-       <td>CVE-2024-32461</td>
-       <td>2024-04-22 22:15:07</td>
-       <td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32461">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bee4c8ac511f12f49530a9e00ba8a753</td>
-       <td>CVE-2024-32460</td>
-       <td>2024-04-22 22:15:07</td>
-       <td>FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32460">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>01a245df26fca613f715f7ac0a80509e</td>
-       <td>CVE-2024-32459</td>
-       <td>2024-04-22 22:15:07</td>
-       <td>FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32459">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>52ee009d2daa91b59134b9d4ea4cdf3f</td>
-       <td>CVE-2024-31036</td>
-       <td>2024-04-22 22:15:07</td>
-       <td>A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31036">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>