Updated by Github Bot

EXP-Tools · Feb 8, 2024 · c8abcbc · c8abcbc
1 parent bc83e0a
commit c8abcbc
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 28 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -160,3 +160,6 @@ b034cd2cfcf5b7c5740fea73e5ff490e
 6e8a16d900ab46d516f7ef5baaf644d5
 e223f0ed6e9771513b5a084210af0d9d
 1657b0c1d0369c921b9ab17255b6283f
+d5bcaf0aa6c33e9f9d43754957364a4b
+666fb7b2eea05aa87729ef32e549079f
+c56815340bcd55e8f5a55a8f2ce59ec9
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-07 23:22:43 -->
+<!-- RELEASE TIME : 2024-02-08 03:23:51 -->
 <html lang="zh-cn">
 
  <head>
@@ -30,7 +30,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>48ff3925c0cc22862b0d6e1f52140bdc</td>
        <td></td>
-       <td>2024-02-06 07:10:07 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 07:10:07</td>
        <td>安全事件周报 2024-01-29 第5周</td>
        <td><a target="_blank" href="https://cert.360.cn/warning/detail?id=65c1db37c09f255b91b17d68">详情</a></td>
       </tr>
@@ -438,87 +438,87 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>2df45c0cb18e42e7d9695723f4bdb75a</td>
        <td>CVE-2024-24680</td>
-       <td>2024-02-06 22:16:15 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:15</td>
        <td>An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24680">详情</a></td>
       </tr>
 
       <tr>
        <td>d245b0556cc6addaa2d595933004946c</td>
        <td>CVE-2024-24577</td>
-       <td>2024-02-06 22:16:15 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:15</td>
        <td>libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24577">详情</a></td>
       </tr>
 
       <tr>
        <td>4f73cb8188ae30ceed60b94d5cd285eb</td>
        <td>CVE-2024-24575</td>
-       <td>2024-02-06 22:16:15 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:15</td>
        <td>libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24575">详情</a></td>
       </tr>
 
       <tr>
        <td>cc4640c1fd2fa6fc131b1a52229b49b5</td>
        <td>CVE-2024-24254</td>
-       <td>2024-02-06 22:16:15 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:15</td>
        <td>PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24254">详情</a></td>
       </tr>
 
       <tr>
        <td>8ac77da03e6bdcbff1f866cb76be7087</td>
        <td>CVE-2024-22520</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22520">详情</a></td>
       </tr>
 
       <tr>
        <td>0e5f699c7503f2b425bf14966023bfbf</td>
        <td>CVE-2024-22519</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22519">详情</a></td>
       </tr>
 
       <tr>
        <td>43d900364f3f2ad56099786f7826a4d8</td>
        <td>CVE-2024-1261</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1261">详情</a></td>
       </tr>
 
       <tr>
        <td>b021f0ba66cdc88f28544dcef4990bd8</td>
        <td>CVE-2024-1260</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1260">详情</a></td>
       </tr>
 
       <tr>
        <td>7842924e67633e99aea4706dcc910bcc</td>
        <td>CVE-2023-45735</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45735">详情</a></td>
       </tr>
 
       <tr>
        <td>dae7829bbe21f9d04ed12231e555d045</td>
        <td>CVE-2023-45227</td>
-       <td>2024-02-06 22:16:14 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 22:16:14</td>
        <td>An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45227">详情</a></td>
       </tr>
 
       <tr>
        <td>b1cfa5bb9577a960efad0195808d9dad</td>
        <td>CVE-2024-0690</td>
-       <td>2024-02-06 12:15:55 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 12:15:55</td>
        <td>An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0690">详情</a></td>
       </tr>
@@ -1974,119 +1974,119 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>96bca9f07db8203fc7e5899bb145a60d</td>
        <td>CVE-2023-43590</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Zoom Rooms for macOS后置链接漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90481">详情</a></td>
       </tr>
 
       <tr>
        <td>7a99051f47697fce211a46e24c4e7bd5</td>
        <td>CVE-2023-43591</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Zoom Rooms for macOS权限管理错误漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90480">详情</a></td>
       </tr>
 
       <tr>
        <td>67fc87d6fcd21513db514172d7cee528</td>
        <td>CVE-2023-46121</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>yt-dlp HTTP请求走私漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90479">详情</a></td>
       </tr>
 
       <tr>
        <td>4a74d94af2b1502bf13e12fcda264064</td>
        <td>CVE-2023-47308</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>PrestaShop Newsletter Popup PRO SQL注入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90478">详情</a></td>
       </tr>
 
       <tr>
        <td>36d0885daf8cc31ffcf3caeeaf83a5b4</td>
        <td>CVE-2023-47678</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>ASUS RT-AC87U访问控制错误漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90477">详情</a></td>
       </tr>
 
       <tr>
        <td>1393f5fd56dc6976abc94209e49b1189</td>
        <td>CVE-2023-5984</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Schneider Electric ION8650和ION8800缺少完整性检查漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90476">详情</a></td>
       </tr>
 
       <tr>
        <td>a500759f7c8c762590b01e1eb0af7a24</td>
        <td>CVE-2023-5985</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Schneider Electric ION8650和ION8800跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90475">详情</a></td>
       </tr>
 
       <tr>
        <td>9db7a87f4299b766cab0b9f2424436f1</td>
        <td>CVE-2023-5986</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Schneider Electric EcoStruxure Power Monitoring Expert开放重定向漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90474">详情</a></td>
       </tr>
 
       <tr>
        <td>1665f73375090d9002c432bb8e21de0c</td>
        <td>CVE-2023-6032</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Schneider Electric Galaxy VS和Galaxy VL路径遍历漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90473">详情</a></td>
       </tr>
 
       <tr>
        <td>3decbbb54848daf2caef8eac2d9e10f0</td>
        <td>CVE-2023-47580</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric TELLUS和TELLUS Lite任意代码执行漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90472">详情</a></td>
       </tr>
 
       <tr>
        <td>68764caa5ca92a05b9e79439be68ae6e</td>
        <td>CVE-2023-47581</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric TELLUS和TELLUS Lite越界读取漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90471">详情</a></td>
       </tr>
 
       <tr>
        <td>0685a244af021bc838b2443083bdf404</td>
        <td>CVE-2023-47582</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric TELLUS和TELLUS Lite越界读取漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90470">详情</a></td>
       </tr>
 
       <tr>
        <td>fae6849614c7e8ff05b45c63a0ee87ab</td>
        <td>CVE-2023-47583</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric TELLUS Simulator越界读取漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90469">详情</a></td>
       </tr>
 
       <tr>
        <td>9fd3d79b592e001f9e697012d4a09ca2</td>
        <td>CVE-2023-47584</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric V-Server和V-Server Lite越界写入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90468">详情</a></td>
       </tr>
 
       <tr>
        <td>df90490412a7584eaaa8d538422db2f6</td>
        <td>CVE-2023-47585</td>
-       <td>2024-02-06 05:24:32 <img src="imgs/new.gif" /></td>
+       <td>2024-02-06 05:24:32</td>
        <td>Fuji Electric V-Server和V-Server Lite越界读取漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90467">详情</a></td>
       </tr>