diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 718137580dd..bf9ff7366e4 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -158,3 +158,13 @@ a171fb73bfdc33c86ae3a19612719ee4 6c93d59c8fe4b93d71a5315b26b6eab2 43e6502c5abfce4e5f77de13ac605dc7 3d34d3cb1b0f5f7a4893a019ea08a3f1 +bdfbd17f2382028f4e33b61a86766504 +cbb4b3eca5b2e6dfd87baafe5169ef53 +203c7ea78f5b448dabd95feb3f218ab6 +39fb852f2a13d05cdd353a2c2df826d4 +d4fcd342a3c4221b15af4063cbe735b3 +f8e90f619a017b9c36ee9f7b7500acd2 +8ff4aef0b81de6a002b2b8c4bf689608 +da91c00f5d2a99f894f6bf3d0dab8df1 +03f6f28e0195eb4df4cdb5c8f257c2c4 +2a219fd745f871769350db0d47bc4fbe diff --git a/data/cves.db b/data/cves.db index bb11a7ee54e..573a2047819 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 11f0817aa33..0369ca6cf50 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + bdfbd17f2382028f4e33b61a86766504 + CVE-2024-12677 + 2024-12-20 17:15:07 + Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. + 详情 + + + + cbb4b3eca5b2e6dfd87baafe5169ef53 + CVE-2024-56337 + 2024-12-20 16:15:24 + Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. + 详情 + + + + 203c7ea78f5b448dabd95feb3f218ab6 + CVE-2024-55471 + 2024-12-20 16:15:24 + Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter. + 详情 + + + + 39fb852f2a13d05cdd353a2c2df826d4 + CVE-2024-55470 + 2024-12-20 16:15:23 + Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication. + 详情 + + + + d4fcd342a3c4221b15af4063cbe735b3 + CVE-2024-55186 + 2024-12-20 16:15:23 + An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. + 详情 + + + + f8e90f619a017b9c36ee9f7b7500acd2 + CVE-2024-12840 + 2024-12-20 16:15:23 + A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. + 详情 + + + + 8ff4aef0b81de6a002b2b8c4bf689608 + CVE-2024-10385 + 2024-12-20 16:15:21 + Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin. + 详情 + + + + da91c00f5d2a99f894f6bf3d0dab8df1 + CVE-2024-56356 + 2024-12-20 15:15:09 + In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack + 详情 + + + + 03f6f28e0195eb4df4cdb5c8f257c2c4 + CVE-2024-56355 + 2024-12-20 15:15:09 + In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS + 详情 + + + + 2a219fd745f871769350db0d47bc4fbe + CVE-2024-56354 + 2024-12-20 15:15:09 + In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission + 详情 + + 1fc440261e27306b1a7f59bcbc5673a3 CVE-2024-52897 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 3246b89d17ebce389ad043c2a5c46a02 - CVE-2024-53144 - 2024-12-17 16:15:25 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 - 详情 - - - - 0110a638f9542db0151b15913612ab7b - CVE-2024-12671 - 2024-12-17 16:15:25 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - - - - 0ab2d39bdfff0e23d4d8d88f0f6277fe - CVE-2024-12670 - 2024-12-17 16:15:25 - A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. - 详情 - - - - 145033e556d1e530ea6a0b253f2d5076 - CVE-2024-12669 - 2024-12-17 16:15:25 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. - 详情 - - - - 7cde8f0f4cc3ce2107f1b9d29acc3798 - CVE-2024-12200 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - - - - 4a5aca1b061dafb45b2596285c7b52b6 - CVE-2024-12199 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - - - - 3b6e859f26639254ed32fb8e64162bbe - CVE-2024-12198 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - - - - 76de3ac3512dd89b9892cb5fbd135978 - CVE-2024-12197 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - - - - b6d1b5a24856c4e6171b742be38c0516 - CVE-2024-12194 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. - 详情 - - - - b7621d7f4b2ce07c211af869a2a8dc89 - CVE-2024-12193 - 2024-12-17 16:15:24 - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. - 详情 - -