Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Oct 30, 2024
1 parent 3ab498a commit 8d52428
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 56 deletions.
15 changes: 15 additions & 0 deletions cache/Nsfocus.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,18 @@ d6658abbd16564ecc28787da9013447d
238e894cf448063264092e0bc606f943
363451852c122662b2202e47a2d88a11
9d18c1a1202465d8da8a4febcd3ea4cc
71669387c4b075652a58409547c31a4f
a171b437a2f8ab25bc8d914b98b75442
ed48e8b228585e798354e55bd55c9d45
b9500f4acc75740dc9dc59e4d407d324
216e99355029fdd49ce1767701451226
518652a714bd4883f27b4a8b79115a4f
873d725b0a9586e37c7eb1ffcb4e9bae
9d64037a67fd058e4776fa5a69d239e3
9561c36cb6c8603290999f06c5f636f0
b621a60d320d56d289b44ff22802636f
f4e542e1b1c72221bfc003491464ed6e
2276a5100caa798a772b5c8c54db3c2a
9cf52f7346715614d3c01906e6c4304e
bcb5f3f91fffaf066add7b5001fbfd44
f7c6b5f957f75dc3d1233dc65a7e3d1d
Binary file modified data/cves.db
View file
Binary file not shown.
112 changes: 56 additions & 56 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-10-29 15:26:37 -->
<!-- RELEASE TIME : 2024-10-30 03:30:45 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -446,79 +446,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>5a13893a1a6c4fdce720193dc4855a7d</td>
<td>CVE-2024-48936</td>
<td>2024-10-28 04:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 04:15:02</td>
<td>SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48936">详情</a></td>
</tr>

<tr>
<td>11ae587bc37aa40d9b21be435a6b5430</td>
<td>CVE-2024-10440</td>
<td>2024-10-28 03:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 03:15:02</td>
<td>The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10440">详情</a></td>
</tr>

<tr>
<td>96627caaec935cb9aed3c8472a323177</td>
<td>CVE-2024-10439</td>
<td>2024-10-28 03:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 03:15:02</td>
<td>The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10439">详情</a></td>
</tr>

<tr>
<td>a5f4a0c6f18a9107ee1561ae19432d7c</td>
<td>CVE-2024-23843</td>
<td>2024-10-28 02:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 02:15:02</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5.0.0 LTS through 5.0.56 LTS(Revision 125560).</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23843">详情</a></td>
</tr>

<tr>
<td>6bb7d979bb5cb3d0242348256e1633a2</td>
<td>CVE-2024-50067</td>
<td>2024-10-28 01:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 01:15:02</td>
<td>In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won't check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by following steps: 1. build kernel with CONFIG_KASAN enabled 2. save follow program as test.c ``` \#include <stdio.h> \#include <stdlib.h> \#include <string.h> // If string length large than MAX_STRING_SIZE, the fetch_store_strlen() // will return 0, cause __get_data_size() return shorter size, and // store_trace_args() will not trigger out-of-bounds access. // So make string length less than 4096. \#define STRLEN 4093 void generate_string(char *str, int n) { int i; for (i = 0; i < n; ++i) { char c = i % 26 + 'a'; str[i] = c; } str[n-1] = '\0'; } void print_string(char *str) { printf("%s\n", str); } int main() { char tmp[STRLEN]; generate_string(tmp, STRLEN); print_string(tmp); return 0; } ``` 3. compile program `gcc -o test test.c` 4. get the offset of `print_string()` ``` objdump -t test | grep -w print_string 0000000000401199 g F .text 000000000000001b print_string ``` 5. configure uprobe with offset 0x1199 ``` off=0x1199 cd /sys/kernel/debug/tracing/ echo "p /root/test:${off} arg1=+0(%di):ustring arg2=\$comm arg3=+0(%di):ustring" > uprobe_events echo 1 > events/uprobes/enable echo 1 > tracing_on ``` 6. run `test`, and kasan will report error. ================================================================== BUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0 Write of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18 Hardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x55/0x70 print_address_description.constprop.0+0x27/0x310 kasan_report+0x10f/0x120 ? strncpy_from_user+0x1d6/0x1f0 strncpy_from_user+0x1d6/0x1f0 ? rmqueue.constprop.0+0x70d/0x2ad0 process_fetch_insn+0xb26/0x1470 ? __pfx_process_fetch_insn+0x10/0x10 ? _raw_spin_lock+0x85/0xe0 ? __pfx__raw_spin_lock+0x10/0x10 ? __pte_offset_map+0x1f/0x2d0 ? unwind_next_frame+0xc5f/0x1f80 ? arch_stack_walk+0x68/0xf0 ? is_bpf_text_address+0x23/0x30 ? kernel_text_address.part.0+0xbb/0xd0 ? __kernel_text_address+0x66/0xb0 ? unwind_get_return_address+0x5e/0xa0 ? __pfx_stack_trace_consume_entry+0x10/0x10 ? arch_stack_walk+0xa2/0xf0 ? _raw_spin_lock_irqsave+0x8b/0xf0 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? depot_alloc_stack+0x4c/0x1f0 ? _raw_spin_unlock_irqrestore+0xe/0x30 ? stack_depot_save_flags+0x35d/0x4f0 ? kasan_save_stack+0x34/0x50 ? kasan_save_stack+0x24/0x50 ? mutex_lock+0x91/0xe0 ? __pfx_mutex_lock+0x10/0x10 prepare_uprobe_buffer.part.0+0x2cd/0x500 uprobe_dispatcher+0x2c3/0x6a0 ? __pfx_uprobe_dispatcher+0x10/0x10 ? __kasan_slab_alloc+0x4d/0x90 handler_chain+0xdd/0x3e0 handle_swbp+0x26e/0x3d0 ? __pfx_handle_swbp+0x10/0x10 ? uprobe_pre_sstep_notifier+0x151/0x1b0 irqentry_exit_to_user_mode+0xe2/0x1b0 asm_exc_int3+0x39/0x40 RIP: 0033:0x401199 Code: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206 RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2 RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0 RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20 R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040 R13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000 </TASK> This commit enforces the buffer's maxlen less than a page-size to avoid store_trace_args() out-of-memory access.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50067">详情</a></td>
</tr>

<tr>
<td>a36a2101fa80d6fdcd452ee7325fc99a</td>
<td>CVE-2024-10435</td>
<td>2024-10-28 01:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 01:15:02</td>
<td>A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10435">详情</a></td>
</tr>

<tr>
<td>ed44cfb0b046e9079b8967e1130ce6ff</td>
<td>CVE-2024-10434</td>
<td>2024-10-28 01:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-28 01:15:02</td>
<td>A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10434">详情</a></td>
</tr>

<tr>
<td>ce32608695c85a9fedf2a7f523db63a6</td>
<td>CVE-2024-50624</td>
<td>2024-10-28 00:15:03 <img src="imgs/new.gif" /></td>
<td>2024-10-28 00:15:03</td>
<td>ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50624">详情</a></td>
</tr>

<tr>
<td>c8cde1b1404a49f904b33bcf4db0763f</td>
<td>CVE-2024-50623</td>
<td>2024-10-28 00:15:03 <img src="imgs/new.gif" /></td>
<td>2024-10-28 00:15:03</td>
<td>In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50623">详情</a></td>
</tr>

<tr>
<td>bf0ac006759954e119f3c984e39ad4f9</td>
<td>CVE-2024-10433</td>
<td>2024-10-28 00:15:03 <img src="imgs/new.gif" /></td>
<td>2024-10-28 00:15:03</td>
<td>A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10433">详情</a></td>
</tr>
Expand Down Expand Up @@ -2148,75 +2148,75 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
</tr>

<tr>
<td>b9c2454f2ba7a259cbc7e286e7648741</td>
<td>CVE-2024-7691</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>WordPress Flaming Forms Plugin跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103679">详情</a></td>
<td>71669387c4b075652a58409547c31a4f</td>
<td>CVE-2024-3903</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>WordPress plugin Add Custom CSS and JS存储型跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103849">详情</a></td>
</tr>

<tr>
<td>eca9172b335850116c780bb129d0904a</td>
<td>CVE-2024-5053</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>WordPress Contact Form Plugin未授权Malichimp API密钥更新漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103678">详情</a></td>
<td>a171b437a2f8ab25bc8d914b98b75442</td>
<td>CVE-2024-8335</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>OpenRapid RapidCMS SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103848">详情</a></td>
</tr>

<tr>
<td>221c725f8954f8c62d704406ab6f406e</td>
<td>CVE-2024-42058</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>Zyxel ATP和USG多款产品空指针解引用漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103677">详情</a></td>
<td>ed48e8b228585e798354e55bd55c9d45</td>
<td>CVE-2024-8260</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>Open Policy Agent输入验证不当漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103847">详情</a></td>
</tr>

<tr>
<td>802e7fd04affb3b5063801d81b995297</td>
<td>CVE-2024-5148</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>GNOME Remote desktop数据元素泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103676">详情</a></td>
<td>b9500f4acc75740dc9dc59e4d407d324</td>
<td>CVE-2024-8336</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>SourceCodester Music Gallery Site SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103846">详情</a></td>
</tr>

<tr>
<td>d1d5593dc6561405819cab9e902fac5b</td>
<td>CVE-2024-28044</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>OpenHarmony整数溢出漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103675">详情</a></td>
<td>216e99355029fdd49ce1767701451226</td>
<td>CVE-2024-8337</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>SourceCodester Contact Manager with Export to VCF跨站脚本执行漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103845">详情</a></td>
</tr>

<tr>
<td>6810c049fec26809f456e928b74f3c61</td>
<td>CVE-2024-43775</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>Huachu Digital Easytest Online Test Platform SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103674">详情</a></td>
<td>518652a714bd4883f27b4a8b79115a4f</td>
<td>CVE-2024-3916</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>WordPress plugin Swift Framework存储型跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103844">详情</a></td>
</tr>

<tr>
<td>e9f5a9f3eabd8a23016e026558b05b4b</td>
<td>CVE-2024-8365</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>HashiCorp Vault Community Edition和Vault Enterprise信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103673">详情</a></td>
<td>873d725b0a9586e37c7eb1ffcb4e9bae</td>
<td>CVE-2024-8285</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>Kroylicious主机名验证不当漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103843">详情</a></td>
</tr>

<tr>
<td>cc8c1b4e5c481b517d034f709500659b</td>
<td>CVE-2024-42471</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>actions/artifact任意文件写入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103672">详情</a></td>
<td>9d64037a67fd058e4776fa5a69d239e3</td>
<td>CVE-2024-4082</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>WordPress plugin Joli FAQ SEO跨站请求伪造漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103842">详情</a></td>
</tr>

<tr>
<td>9d1c820515e429480cb35251a676af5e</td>
<td>CVE-2024-43774</td>
<td>2024-10-28 09:24:46 <img src="imgs/new.gif" /></td>
<td>Huachu Digital Easytest Online Test Platform SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103671">详情</a></td>
<td>9561c36cb6c8603290999f06c5f636f0</td>
<td>CVE-2024-3915</td>
<td>2024-10-29 03:28:34 <img src="imgs/new.gif" /></td>
<td>WordPress plugin Swift Framework未授权的信息修改漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/103841">详情</a></td>
</tr>

</tbody>
Expand Down

0 comments on commit 8d52428

Please sign in to comment.