Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Dec 20, 2024
1 parent ea6d721 commit 91e9e6b
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -158,3 +158,13 @@ a171fb73bfdc33c86ae3a19612719ee4
6c93d59c8fe4b93d71a5315b26b6eab2
43e6502c5abfce4e5f77de13ac605dc7
3d34d3cb1b0f5f7a4893a019ea08a3f1
bdfbd17f2382028f4e33b61a86766504
cbb4b3eca5b2e6dfd87baafe5169ef53
203c7ea78f5b448dabd95feb3f218ab6
39fb852f2a13d05cdd353a2c2df826d4
d4fcd342a3c4221b15af4063cbe735b3
f8e90f619a017b9c36ee9f7b7500acd2
8ff4aef0b81de6a002b2b8c4bf689608
da91c00f5d2a99f894f6bf3d0dab8df1
03f6f28e0195eb4df4cdb5c8f257c2c4
2a219fd745f871769350db0d47bc4fbe
Binary file modified data/cves.db
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-12-20 09:24:33 -->
<!-- RELEASE TIME : 2024-12-20 21:22:32 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>bdfbd17f2382028f4e33b61a86766504</td>
<td>CVE-2024-12677</td>
<td>2024-12-20 17:15:07 <img src="imgs/new.gif" /></td>
<td>Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12677">详情</a></td>
</tr>

<tr>
<td>cbb4b3eca5b2e6dfd87baafe5169ef53</td>
<td>CVE-2024-56337</td>
<td>2024-12-20 16:15:24 <img src="imgs/new.gif" /></td>
<td>Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56337">详情</a></td>
</tr>

<tr>
<td>203c7ea78f5b448dabd95feb3f218ab6</td>
<td>CVE-2024-55471</td>
<td>2024-12-20 16:15:24 <img src="imgs/new.gif" /></td>
<td>Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55471">详情</a></td>
</tr>

<tr>
<td>39fb852f2a13d05cdd353a2c2df826d4</td>
<td>CVE-2024-55470</td>
<td>2024-12-20 16:15:23 <img src="imgs/new.gif" /></td>
<td>Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55470">详情</a></td>
</tr>

<tr>
<td>d4fcd342a3c4221b15af4063cbe735b3</td>
<td>CVE-2024-55186</td>
<td>2024-12-20 16:15:23 <img src="imgs/new.gif" /></td>
<td>An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55186">详情</a></td>
</tr>

<tr>
<td>f8e90f619a017b9c36ee9f7b7500acd2</td>
<td>CVE-2024-12840</td>
<td>2024-12-20 16:15:23 <img src="imgs/new.gif" /></td>
<td>A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12840">详情</a></td>
</tr>

<tr>
<td>8ff4aef0b81de6a002b2b8c4bf689608</td>
<td>CVE-2024-10385</td>
<td>2024-12-20 16:15:21 <img src="imgs/new.gif" /></td>
<td>Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10385">详情</a></td>
</tr>

<tr>
<td>da91c00f5d2a99f894f6bf3d0dab8df1</td>
<td>CVE-2024-56356</td>
<td>2024-12-20 15:15:09 <img src="imgs/new.gif" /></td>
<td>In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56356">详情</a></td>
</tr>

<tr>
<td>03f6f28e0195eb4df4cdb5c8f257c2c4</td>
<td>CVE-2024-56355</td>
<td>2024-12-20 15:15:09 <img src="imgs/new.gif" /></td>
<td>In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56355">详情</a></td>
</tr>

<tr>
<td>2a219fd745f871769350db0d47bc4fbe</td>
<td>CVE-2024-56354</td>
<td>2024-12-20 15:15:09 <img src="imgs/new.gif" /></td>
<td>In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56354">详情</a></td>
</tr>

<tr>
<td>1fc440261e27306b1a7f59bcbc5673a3</td>
<td>CVE-2024-52897</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50570">详情</a></td>
</tr>

<tr>
<td>3246b89d17ebce389ad043c2a5c46a02</td>
<td>CVE-2024-53144</td>
<td>2024-12-17 16:15:25</td>
<td>In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53144">详情</a></td>
</tr>

<tr>
<td>0110a638f9542db0151b15913612ab7b</td>
<td>CVE-2024-12671</td>
<td>2024-12-17 16:15:25</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12671">详情</a></td>
</tr>

<tr>
<td>0ab2d39bdfff0e23d4d8d88f0f6277fe</td>
<td>CVE-2024-12670</td>
<td>2024-12-17 16:15:25</td>
<td>A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12670">详情</a></td>
</tr>

<tr>
<td>145033e556d1e530ea6a0b253f2d5076</td>
<td>CVE-2024-12669</td>
<td>2024-12-17 16:15:25</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12669">详情</a></td>
</tr>

<tr>
<td>7cde8f0f4cc3ce2107f1b9d29acc3798</td>
<td>CVE-2024-12200</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12200">详情</a></td>
</tr>

<tr>
<td>4a5aca1b061dafb45b2596285c7b52b6</td>
<td>CVE-2024-12199</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12199">详情</a></td>
</tr>

<tr>
<td>3b6e859f26639254ed32fb8e64162bbe</td>
<td>CVE-2024-12198</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12198">详情</a></td>
</tr>

<tr>
<td>76de3ac3512dd89b9892cb5fbd135978</td>
<td>CVE-2024-12197</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12197">详情</a></td>
</tr>

<tr>
<td>b6d1b5a24856c4e6171b742be38c0516</td>
<td>CVE-2024-12194</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12194">详情</a></td>
</tr>

<tr>
<td>b7621d7f4b2ce07c211af869a2a8dc89</td>
<td>CVE-2024-12193</td>
<td>2024-12-17 16:15:24</td>
<td>A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12193">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 91e9e6b

Please sign in to comment.