From 80248bfaefd813c3ec10850f7a86f2e2ee51715f Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Tue, 3 Sep 2024 12:42:15 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 49143808 -> 49156096 bytes docs/index.html | 166 ++++++++++++++++++------------------- 3 files changed, 93 insertions(+), 83 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 97c153349d0..46f8dbe0f2b 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -164,3 +164,13 @@ cc9c0dc2c9996b7e5a416a7f21ddc2e1 32c5b6b2393dee7dfd409c172a7ea7a8 90d2f49bde0977a81c28ec340282b0bc 25ef9fc26ed31e33e0fb7fc58bcced03 +77ea58e2de4ed902d61432037fa18fb8 +35ac9738005f92c54db9addd741aa1c8 +be3e1e033b83f0ee498f3642ef5e430f +8042569f6e641780b595c30078be8ef5 +183381cfb4f87410f8030bd0261e9522 +1269d3e201fe0112afdac37ee8af1d66 +6c167e14655b97ef2098990cb4c18678 +981c5f288f152c79e587a08460fc137c +31edb251c4ff2a372056aaf1b05141ee +3acdaca1f42eb793939643d0199b45bf diff --git a/data/cves.db b/data/cves.db index 60ad1b19256c5ad197b25eccfd91924743e85640..284d74ca9de45f5c09dc509882dd438347aa1cde 100644 GIT binary patch delta 7455 zcmeI$33L=y)(3F95|Xe)5)w!tEX5{^NvP`Tl|>Q=n-B;P7D33Z?ye>+Njh|QfQU$< zTnH)>R4BxyP+V{aH&BEG5D`V7QCZwTSwum_Wt@RQ=lgdf$e_+S^PTVW%*>gS^GkPX zdG+4A@7?z*RrTxAs#dN~tIcS*r9p%2PnL-NOk1jn$;2cu#W2M(HDrooif2k-YQ)r- zsR>h4rbMPIn3^#qF(orKXG&p8Wop6Hk|~WTov9U5Yo-jQHcV}q+A+0f5}7(Mb!6(q z)S0OZ)0IqJnYuA`XX?Rp6;mct7E?A;PbP^;W->D=Oco|9la0yF4PzS4l+QGRX(Uqt(+%QTg#n90XQZX)#kR(-NjTneJk`n`tT2GA5mAInzB%E12$Ox{v98rU#e|rj<+& zGCjn!is@mdN0=UEdW>l`)8kA}Fg?li6w}j8&oDj9w1#Od({oJEGrhp{BGXGu>zLLv zz0C9q(*~wjnKm+QVya`RXWGoPg=s6(YfRgiUT50Q^aj%orZ<`1V%o{{Hq$Pq-AsF! z!c2Ra-eG!|={=@>O#7J*FdbxipXmdp51Bq<`k3hu(_yAhm_B7X!gQ4B7}Ig4&zMdy zea`d+(@CaNOkXm6#q>4PX{K+OzGeE3>3gO>G5x^wXQsa}onbo5^jD^HOg}RH#Pqj? zWLiWf5FiF(p&`UUJS0FPXberDDI~%b&-U`!3K74fD?K_Z|DPk;cDmyIgkte zVF2X8Ko|srVF(O`YhV}*hkO_TBcT9B!Dtu*g)kPz!FZSe*TO`Y1lPf2m;yx*>39Hv76f)IiVm;p0k7F5CwFdJ@!IdBuqg(|3qo8cCi z2MqIJ0o1@kxD{@L+hGyh0gIs)mcX5G7u*d?VHxPK9PWV?a4*~k_rn8Vz)E-!9)eZy zFgyZ}!eg)+9)~C3Nq7pLhG*beSOaU}Id~pkfEVE2Cu_*cmsC8oA4IwgtuWA?1nuMhQ06(ybJHaKG+Wj;2^vYAHaw35qu1X;4pjw zpTZG13di6$dRZ6pb*BwI2aET;98gnli)g-3{#*8BK@y| z3*6uV4ZJWFioplh!!#&?QYZsIl*4ogKoCMu0W)AG%z{d|0cOLEFb8gexljewa5LNj z^MGMKEPxtV2)Dv*a62r5J76)?!V?t;5vDJ%mWmcu=;0`7(T;C^@j3|I*d!b7kM z9)?HYQFshi!{hJ-JPA+1)9?&D3u|C4JO|Ii3-BVm1nXcuybQ0v26z=V!X~JLde{tG zU@N=^+u(KB4sXB?coW`&o$xm7g59tO!mtyd=6g-8|kF*@ZyB{gxw7yo7cLgwI_uHL0_p(imPjmw75}NCmqf? z8{DHuqRE=1C@zQMl{C%bba)k;#jJU)nnf{8rw#~hVy#w(O|PDl zm!jA2ygtoHYJIcNOkcCq8{ar6`pU#mu_opkn~S!YQuUSZ?2jEbrn0oW*k4vDPAD8B zj@MjbVL6;5` zQ;piOy-mqR&gcoIPDakUMM7d)xf)PQwGi&W;{*PRsm0=u!omVWeQ%b~)~H?PGQ}C? zCGkRIUGvp8GfIbjU`kKTHcMtpmgLNm6j7FX$<|)de?q&AbNkCooh_CuOC(V9?Hsm7 z1KdyHeyUDd ze=9~t_3V5>j1Gu)7Y77FUKUi{p-4bW{hkVh-0wBQEiz55^gT7cSfhN-XF}pX9oc8P z9~T;#G^1*VM@akqfG#^!(Zu?Dqwrs|F}lA^{e>XfZ}oB5f*^KX7*rMpi|lqywK_Dj zN3&=ir)2inWQ$^!6uVcI9bRM9(Xf!w+o9MkV@pE5e07=@5C>EQR54iMbL0EZK?{o3 zYlX~#J#th5_R#@?Xh~n_`29kC4Z0@nVV`z3}~tcC3Wjr zUQ#jDR~GD9SRBx_{6V9m$Fs{Tjp|*qO)ZU;Kink58EbaT5#sb!WqIjyJpq4tQOIB9 zs_>O~B0aB(^+ie`x8i?uRQy;z3m3yLLv)YTKoOam%L2Gq>xJu}pjipUU*{_&40 zg#yaeU=Rg_{LzaGDnm$SqJ|Q>bvH~?+L~GzYqs_fVvVAjFNCH>>d{)EwJz@M0B%(e}ChrKSF|l1edHjOKd889p>3?~M>4?zyRyJuWOK_lyCz#~R;$Zt*Su!Q>2NwFx69&|u}CK$S=%bXl4UpB zCDLVy|7Lo-=Mew zc_Xvszbg*6^dD$7)Mn#Nsoj3QX!yWiT@=|cj2$yr96q#gpor#;J=3D;IP4E1WezRK zHtW@shKq(cFb{Jwze&K<)Ro#K7O0`(NWv`e&(s110e?tyhcYjWf}kj8%bECP&b*Mykp#>1uwzw!BWL&~ z;R@sHkA5`8={Y}fL;cGmoUT`GI-F(Hwtre^WfU}DBqZctnh7OaB#^S@4|%eFFwYZN zm!oav6b?J0os^->%fRBRC=S`}by>U)Y^Wr!LsBG{N5b^eoK|DWTib*To8oZD^0@ry zv=~$o-QjkVmF!ufOT*%-iTG~oeo4RJt4GVyO?4yE_0!8n#~XVV)nGS!|B0VWDaM#S z`>@OYX8Pn-#<>CeOzFnZkt>AG`pPY%JC6UkaJ9S~%f1@fd0pCRKW})ge?U#*&ey~k z_1z)CY>u|SM&__Rn#Ou73wjqhB#YT%_7?!lFRC}x)n*XJ6xJWGs52<6WYWe zqZp&MPZq>FvE2!whsmTEYTFZn1)o*zPY46MDCH7X=<~b(fW=uZ{YHCj|F8%Y^*V~O zB`J8=`S+#e4VrX}f4?qix;Aloi0penmwkRwI^>P&LRJR#GN64#m9=mm{l zjnmI{f3mrrlQFrOA!eyUntu9}KiT+jeJ>%!*uC|b5SJKzKa$MRWNH1kYlZEB5l4jB zo)%^P01o$w#EtV6&M#7A&Eqm#Ww*uaHLHr97Dp9hNy~J> zX{>oI0kdvHR=vs??~e6N${~H9H($*=ly%oto8QS0#tV zCVAbmVuTNF5;7WE%#sZ+jd#ox`a}kH)6|Zh$}+Xo=PnAm1HST5wtK3tqoHE7cm1Vb z{+~vB^Iwm4ee?H~*mj?Y$L5@3`U%N;PS9v#95`5O>Y^`uaa@v7aBzhw-Y}nCY8qxN hx~7AWlyv#-;6JH#iN>0FtMNaRq+9k0u`vkU{{V1hH2eSn delta 2801 zcmWmGW0w{R6o%n?(`4JWZQFJ|*|zyq6DLo$?TM3Z+r~K^8+RYB{R8f`_FjAJ%CMwk zj~_@Hk}^tIga~<_&Q4c0V%RuY5v_m~$%<@6v7%bhtRO486~l^Y#j;{sajdvjJS)DH zz)EN(vJzWKtfW>lE4h`zN@=CCQd?=Pv{pJRy_LbrXl1f8TUo5ERyHfUmBY$u<+5^H zd91uvJ}bXfz$$1JvI<*8tfE#itGHFdDruFnN?T>DvQ{~(yj8)fXjQT*TUD&8RyC`- zRl}-j)v{_^b*#EpJ*&Rez-nkUvKm`Wtfp2otGU&}YH78yT3cvq<)uzO}$wXoXsfti{$6YpJ!& zT5hedR$8m9)z%tot+mctZ*8zPTAQrR))s54wawaY?XY%QyR6;T9&4|)&)RPtu)?f^ z)*!J0?dTc$ho?6eW=hh4BrS-~sZN0JHTJNm))(7jO^~w5deX+i?zPG+w zKUhCnKUqIpzgWLozgfRqe^`H7e_4N9|5*Q8{{<`J3`Il$kq{YC5Eao7gy@KYn23eg zh=aI@hxkZ4JD1)*nhw`X^il~IjsDi4fhU%z+ny7`^sDrwwhx%xM zhG>MwXo99_hURF2mS~06XoI%+*1sLvqXRmk6FQ>{x}qDpqX&AT7kZ-)`l28DV*mzX z5C&rihGH0oV+2NG6h>nV#$p`CV*)0^n1sogf?!O=G)%_~%)~5&U^eDpF6LoA7GNPl zu?UN?1WU0D%drA0u?nlP25Yen>#+eFu?d^81zWKV+pz;Xu?xGg2Yay(`*8qaIEX_y zj3YRTV+hA_oWMz(!fBkrS)9XpT);(K!ev~+Rb0b$+`vuT!fo8aUEITcJitRd!ecza zQ#`|SyueGm!fU+2TfD=2e85M1!e@NJclaJ(@dJLuPxu+X;8*;H-|+|j#9#Ou|KMNz z7cp1?)*k^xLS#fiR767%q9X=kA{JsJ4&ovn;v)ePA`ucJ36dfik|PCDA{A024bmbV z(jx;hA`>zr3$h{`vLgp_A{TNa5Aq@(@}mF>q7VwB2#TT@ilYQdq7+J_49cP$%A*1* zq7o{j3aX+Ss-p&Kq84hS4(g&F>Z1V~q7fRS37VoAnxh3;q7_=B4cg*c|8{7P4(NzZ z=!`Dtif-tR9_Wc)=#4(;i+<>j0T_ru7>pqpieVUz5g3V47>zL)i*Xo_3780D5+-8` zf-x1-FdZ{66SEM4*_ea5n1}gTfQ1OfA}q!dEX6V`#|o^(Dy+sDti?L4#|CV~CTzwQ zY{fQg#}4eoF6_o0?8QFp#{q=lAP(U$j^HScAsokX0w-|_r*Q^naSrEk0T*!zmvIGG zaShjT12=ICw{Zt|aS!+L01xp9kMRUg@eI%L0x$6juki+N@ec3t0UrZL^(nA+R#4=i s*Ac!wui>#mJ_UjT;R(3LHzRMz_qAML*4xle-^S-a_}kDgffQB$2Q+0i$^ZZW diff --git a/docs/index.html b/docs/index.html index f88d14ada71..eb5d61abafe 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 77ea58e2de4ed902d61432037fa18fb8 + CVE-2024-8374 + 2024-09-03 10:15:06 + UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases. + 详情 + + + + 35ac9738005f92c54db9addd741aa1c8 + CVE-2024-45587 + 2024-09-03 10:15:06 + This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts. + 详情 + + + + be3e1e033b83f0ee498f3642ef5e430f + CVE-2024-45586 + 2024-09-03 10:15:06 + This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users. + 详情 + + + + 8042569f6e641780b595c30078be8ef5 + CVE-2024-3655 + 2024-09-03 10:15:06 + Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0. + 详情 + + + + 183381cfb4f87410f8030bd0261e9522 + CVE-2024-38811 + 2024-09-03 10:15:05 + VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. + 详情 + + + + 1269d3e201fe0112afdac37ee8af1d66 + CVE-2024-37136 + 2024-09-03 06:15:14 + Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure. + 详情 + + + + 6c167e14655b97ef2098990cb4c18678 + CVE-2024-7261 + 2024-09-03 03:15:03 + The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. + 详情 + + + + 981c5f288f152c79e587a08460fc137c + CVE-2024-42061 + 2024-09-03 03:15:03 + A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser. + 详情 + + + + 31edb251c4ff2a372056aaf1b05141ee + CVE-2024-7203 + 2024-09-03 02:15:05 + A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command. + 详情 + + + + 3acdaca1f42eb793939643d0199b45bf + CVE-2024-6343 + 2024-09-03 02:15:05 + A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. + 详情 + + e7f53adefe4999f333c7e15140f10b6f CVE-2024-7692 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-09-01 05:15:12 A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-09-01 04:15:14 A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 67293214b13c744b8aea3ea7bb76883d - CVE-2024-39578 - 2024-08-31 08:15:04 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. - 详情 - - - - cdac42321a7f56988ffa6201a85fbb43 - CVE-2024-39579 - 2024-08-31 07:40:02 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. - 详情 - - - - 17cf034b968469228d75f9fffc30f763 - CVE-2024-44945 - 2024-08-31 07:15:03 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. - 详情 - - - - 45eb29987065f98330bee8ff8bdbd5a9 - CVE-2024-5212 - 2024-08-31 05:15:13 - The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - f5e5d7dedc1c480d0a5cbe8acf499d00 - CVE-2024-3886 - 2024-08-31 05:15:13 - The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - 34f5482549a42876b9fedcfa987cba0b - CVE-2024-7435 - 2024-08-31 03:15:03 - The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. - 详情 - - - - 6acfd3c74443bd6d4e983c30634a4888 - CVE-2024-39747 - 2024-08-31 02:15:12 - IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. - 详情 - - - - 0b82be83e468d3e773897d090dc60f82 - CVE-2024-8006 - 2024-08-31 00:15:05 - Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. - 详情 - - - - 17c7a71a0aed276473db7b5f11f93aa4 - CVE-2024-45304 - 2024-08-31 00:15:05 - Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. - 详情 - - - - 81fe93b4137b891022161b05eb24fca6 - CVE-2023-7256 - 2024-08-31 00:15:05 - In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400. - 详情 - -