diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index ec8ee9265a7..21feff817ab 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -112,3 +112,13 @@ d30a6a0a871c08efe722fa0218fa92fe 2e70d46367c2fe2fd630bfe42ed30405 f1290c5f5300021600825d693b2501cb 7450e61446c158e6a5881d1fb9cab4e6 +7f913b82a9b467fdb93896a4e62811a1 +196eaebd9324489dbe9dfd9732d47714 +6ecc1d40ea51e77806cad8a22dee377b +55ae0fafd1fe575167a6c2f916098840 +a2bdb9c8ab4904e6a27e2a1967884f3b +64c2c9aa002b51e83ea404fce0f389d1 +eb7c6200ba263f22100c4816f1faf697 +cb28458ea029ad39f81a40e6dca08ec5 +fcaeab97fabd17b452ed7e628198d326 +1ac70b177b71e31b7e8851604c75ba38 diff --git a/data/cves.db b/data/cves.db index b3480daaa91..37fd92e7a4a 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 5116d552ce5..e567e5a885b 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 7f913b82a9b467fdb93896a4e62811a1 + CVE-2024-52270 + 2024-12-05 11:15:06 + User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04. + 详情 + + + + 196eaebd9324489dbe9dfd9732d47714 + CVE-2024-52564 + 2024-12-05 10:31:40 + Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. + 详情 + + + + 6ecc1d40ea51e77806cad8a22dee377b + CVE-2024-47133 + 2024-12-05 10:31:40 + UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. + 详情 + + + + 55ae0fafd1fe575167a6c2f916098840 + CVE-2024-45841 + 2024-12-05 10:31:40 + Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. + 详情 + + + + a2bdb9c8ab4904e6a27e2a1967884f3b + CVE-2024-11779 + 2024-12-05 10:31:39 + The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 64c2c9aa002b51e83ea404fce0f389d1 + CVE-2024-11420 + 2024-12-05 10:31:39 + The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + eb7c6200ba263f22100c4816f1faf697 + CVE-2024-11341 + 2024-12-05 10:31:39 + The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + 详情 + + + + cb28458ea029ad39f81a40e6dca08ec5 + CVE-2024-11324 + 2024-12-05 10:31:39 + The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + 详情 + + + + fcaeab97fabd17b452ed7e628198d326 + CVE-2024-10848 + 2024-12-05 10:31:39 + The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 1ac70b177b71e31b7e8851604c75ba38 + CVE-2024-10777 + 2024-12-05 10:31:38 + The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. + 详情 + + b803b349c35d632b3cf6a7dba45ceba0 CVE-2024-52277 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 9eef9e4c58ecb068948eedfd18f8b78e - CVE-2024-43053 - 2024-12-02 11:15:09 - Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. - 详情 - - - - 5d2fd953cf563cc88c8eb541f69d5c21 - CVE-2024-43052 - 2024-12-02 11:15:09 - Memory corruption while processing API calls to NPU with invalid input. - 详情 - - - - 4a3c6c69747353b7a2ed58e027918e77 - CVE-2024-43050 - 2024-12-02 11:15:09 - Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. - 详情 - - - - 7b23dc8ca4111c4d46777f9773150cf2 - CVE-2024-43049 - 2024-12-02 11:15:09 - Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. - 详情 - - - - 671f6d434e1a923bd4561520534095a7 - CVE-2024-43048 - 2024-12-02 11:15:08 - Memory corruption when invalid input is passed to invoke GPU Headroom API call. - 详情 - - - - a1e78aae0651da44c30a1c0f51992e0b - CVE-2024-33063 - 2024-12-02 11:15:08 - Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. - 详情 - - - - 3ddfd47183b9acce752bfdd61c3e799a - CVE-2024-33056 - 2024-12-02 11:15:08 - Memory corruption when allocating and accessing an entry in an SMEM partition continuously. - 详情 - - - - f9b92434cf1c7361c700ba14eaddb396 - CVE-2024-33053 - 2024-12-02 11:15:08 - Memory corruption when multiple threads try to unregister the CVP buffer at the same time. - 详情 - - - - 97634203bad4b5af5e5af844a10ce76b - CVE-2024-33044 - 2024-12-02 11:15:08 - Memory corruption while Configuring the SMR/S2CR register in Bypass mode. - 详情 - - - - 730ac473f60e953c00b3ef0bf4501f3c - CVE-2024-33040 - 2024-12-02 11:15:08 - Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. - 详情 - -