Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Sep 3, 2024
1 parent 1dc754d commit 80248bf
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 83 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,3 +164,13 @@ cc9c0dc2c9996b7e5a416a7f21ddc2e1
32c5b6b2393dee7dfd409c172a7ea7a8
90d2f49bde0977a81c28ec340282b0bc
25ef9fc26ed31e33e0fb7fc58bcced03
77ea58e2de4ed902d61432037fa18fb8
35ac9738005f92c54db9addd741aa1c8
be3e1e033b83f0ee498f3642ef5e430f
8042569f6e641780b595c30078be8ef5
183381cfb4f87410f8030bd0261e9522
1269d3e201fe0112afdac37ee8af1d66
6c167e14655b97ef2098990cb4c18678
981c5f288f152c79e587a08460fc137c
31edb251c4ff2a372056aaf1b05141ee
3acdaca1f42eb793939643d0199b45bf
Binary file modified data/cves.db
View file
Binary file not shown.
166 changes: 83 additions & 83 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-09-02 12:43:01 -->
<!-- RELEASE TIME : 2024-09-03 12:42:13 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>77ea58e2de4ed902d61432037fa18fb8</td>
<td>CVE-2024-8374</td>
<td>2024-09-03 10:15:06 <img src="imgs/new.gif" /></td>
<td>UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8374">详情</a></td>
</tr>

<tr>
<td>35ac9738005f92c54db9addd741aa1c8</td>
<td>CVE-2024-45587</td>
<td>2024-09-03 10:15:06 <img src="imgs/new.gif" /></td>
<td>This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45587">详情</a></td>
</tr>

<tr>
<td>be3e1e033b83f0ee498f3642ef5e430f</td>
<td>CVE-2024-45586</td>
<td>2024-09-03 10:15:06 <img src="imgs/new.gif" /></td>
<td>This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45586">详情</a></td>
</tr>

<tr>
<td>8042569f6e641780b595c30078be8ef5</td>
<td>CVE-2024-3655</td>
<td>2024-09-03 10:15:06 <img src="imgs/new.gif" /></td>
<td>Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3655">详情</a></td>
</tr>

<tr>
<td>183381cfb4f87410f8030bd0261e9522</td>
<td>CVE-2024-38811</td>
<td>2024-09-03 10:15:05 <img src="imgs/new.gif" /></td>
<td>VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38811">详情</a></td>
</tr>

<tr>
<td>1269d3e201fe0112afdac37ee8af1d66</td>
<td>CVE-2024-37136</td>
<td>2024-09-03 06:15:14 <img src="imgs/new.gif" /></td>
<td>Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37136">详情</a></td>
</tr>

<tr>
<td>6c167e14655b97ef2098990cb4c18678</td>
<td>CVE-2024-7261</td>
<td>2024-09-03 03:15:03 <img src="imgs/new.gif" /></td>
<td>The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7261">详情</a></td>
</tr>

<tr>
<td>981c5f288f152c79e587a08460fc137c</td>
<td>CVE-2024-42061</td>
<td>2024-09-03 03:15:03 <img src="imgs/new.gif" /></td>
<td>A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-42061">详情</a></td>
</tr>

<tr>
<td>31edb251c4ff2a372056aaf1b05141ee</td>
<td>CVE-2024-7203</td>
<td>2024-09-03 02:15:05 <img src="imgs/new.gif" /></td>
<td>A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7203">详情</a></td>
</tr>

<tr>
<td>3acdaca1f42eb793939643d0199b45bf</td>
<td>CVE-2024-6343</td>
<td>2024-09-03 02:15:05 <img src="imgs/new.gif" /></td>
<td>A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6343">详情</a></td>
</tr>

<tr>
<td>e7f53adefe4999f333c7e15140f10b6f</td>
<td>CVE-2024-7692</td>
Expand Down Expand Up @@ -366,15 +446,15 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>241827295878b1c3de31f448e48cbb51</td>
<td>CVE-2024-8368</td>
<td>2024-09-01 05:15:12 <img src="imgs/new.gif" /></td>
<td>2024-09-01 05:15:12</td>
<td>A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8368">详情</a></td>
</tr>

<tr>
<td>84e745187733f3bd8abf34c2c0b7677c</td>
<td>CVE-2024-8367</td>
<td>2024-09-01 04:15:14 <img src="imgs/new.gif" /></td>
<td>2024-09-01 04:15:14</td>
<td>A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8367">详情</a></td>
</tr>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0109">详情</a></td>
</tr>

<tr>
<td>67293214b13c744b8aea3ea7bb76883d</td>
<td>CVE-2024-39578</td>
<td>2024-08-31 08:15:04</td>
<td>Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39578">详情</a></td>
</tr>

<tr>
<td>cdac42321a7f56988ffa6201a85fbb43</td>
<td>CVE-2024-39579</td>
<td>2024-08-31 07:40:02</td>
<td>Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39579">详情</a></td>
</tr>

<tr>
<td>17cf034b968469228d75f9fffc30f763</td>
<td>CVE-2024-44945</td>
<td>2024-08-31 07:15:03</td>
<td>In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-44945">详情</a></td>
</tr>

<tr>
<td>45eb29987065f98330bee8ff8bdbd5a9</td>
<td>CVE-2024-5212</td>
<td>2024-08-31 05:15:13</td>
<td>The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5212">详情</a></td>
</tr>

<tr>
<td>f5e5d7dedc1c480d0a5cbe8acf499d00</td>
<td>CVE-2024-3886</td>
<td>2024-08-31 05:15:13</td>
<td>The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3886">详情</a></td>
</tr>

<tr>
<td>34f5482549a42876b9fedcfa987cba0b</td>
<td>CVE-2024-7435</td>
<td>2024-08-31 03:15:03</td>
<td>The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7435">详情</a></td>
</tr>

<tr>
<td>6acfd3c74443bd6d4e983c30634a4888</td>
<td>CVE-2024-39747</td>
<td>2024-08-31 02:15:12</td>
<td>IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39747">详情</a></td>
</tr>

<tr>
<td>0b82be83e468d3e773897d090dc60f82</td>
<td>CVE-2024-8006</td>
<td>2024-08-31 00:15:05</td>
<td>Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8006">详情</a></td>
</tr>

<tr>
<td>17c7a71a0aed276473db7b5f11f93aa4</td>
<td>CVE-2024-45304</td>
<td>2024-08-31 00:15:05</td>
<td>Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45304">详情</a></td>
</tr>

<tr>
<td>81fe93b4137b891022161b05eb24fca6</td>
<td>CVE-2023-7256</td>
<td>2024-08-31 00:15:05</td>
<td>In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-7256">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 80248bf

Please sign in to comment.