Updated by Github Bot

EXP-Tools · Feb 15, 2024 · e4c0628 · e4c0628
1 parent 4851fde
commit e4c0628
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -188,3 +188,13 @@ a5b36580f654adcc45697c56348de1e0
 61522674efeb1056d52e655cc279622c
 a22c2163dbd162788d7bea243b3cd700
 2f3b51165c82fc11a3fafaff0cbc3732
+f4b6c8602f534398ec169444ba866ec5
+d180424eeff34a639d75c0aaa18da297
+f22efcffbfd452555557990fb7070efa
+78feefedce41c6047b3a4701dfbff676
+9349462f4abf012b08235071e9c3b64d
+bf6ad87d2a8511d99f253c17c79dcdd3
+375ecf8d8e60b8b09412c52e66ad8bb2
+e21bfe93720eca43aebe350aa7426243
+c549c1e3e23fe847b0cac550846cbdc3
+c97466358b23783d42d48f5c6667eb6b
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-15 03:25:15 -->
+<!-- RELEASE TIME : 2024-02-15 07:20:32 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>f4b6c8602f534398ec169444ba866ec5</td>
+       <td>CVE-2024-25620</td>
+       <td>2024-02-15 00:15:45 <img src="imgs/new.gif" /></td>
+       <td>Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25620">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d180424eeff34a639d75c0aaa18da297</td>
+       <td>CVE-2024-24301</td>
+       <td>2024-02-14 23:15:08 <img src="imgs/new.gif" /></td>
+       <td>Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24301">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f22efcffbfd452555557990fb7070efa</td>
+       <td>CVE-2024-24300</td>
+       <td>2024-02-14 23:15:08 <img src="imgs/new.gif" /></td>
+       <td>4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24300">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>78feefedce41c6047b3a4701dfbff676</td>
+       <td>CVE-2023-6138</td>
+       <td>2024-02-14 23:15:08 <img src="imgs/new.gif" /></td>
+       <td>A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6138">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9349462f4abf012b08235071e9c3b64d</td>
+       <td>CVE-2022-48220</td>
+       <td>2024-02-14 23:15:08 <img src="imgs/new.gif" /></td>
+       <td>Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-48220">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bf6ad87d2a8511d99f253c17c79dcdd3</td>
+       <td>CVE-2022-48219</td>
+       <td>2024-02-14 23:15:07 <img src="imgs/new.gif" /></td>
+       <td>Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-48219">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>375ecf8d8e60b8b09412c52e66ad8bb2</td>
+       <td>CVE-2024-1471</td>
+       <td>2024-02-14 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1471">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e21bfe93720eca43aebe350aa7426243</td>
+       <td>CVE-2024-1367</td>
+       <td>2024-02-14 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1367">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c549c1e3e23fe847b0cac550846cbdc3</td>
+       <td>CVE-2023-49721</td>
+       <td>2024-02-14 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49721">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c97466358b23783d42d48f5c6667eb6b</td>
+       <td>CVE-2023-48733</td>
+       <td>2024-02-14 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48733">详情</a></td>
+      </tr>
+
       <tr>
        <td>b157568ce295c7ffe141841db512006e</td>
        <td>CVE-2024-24699</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25642">详情</a></td>
       </tr>
 
-      <tr>
-       <td>6f31033eeb01582e6f7026c776e4fb77</td>
-       <td>CVE-2024-25744</td>
-       <td>2024-02-12 05:15:07</td>
-       <td>In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25744">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c7066a1278fbaaa7394cb5700fbf70e2</td>
-       <td>CVE-2024-25741</td>
-       <td>2024-02-12 03:15:32</td>
-       <td>printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25741">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7ab020082ecbf46287d59ee94c2596ba</td>
-       <td>CVE-2024-25740</td>
-       <td>2024-02-12 03:15:32</td>
-       <td>A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25740">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e4cf737008a30ca57ff4412f12dbe41b</td>
-       <td>CVE-2024-25739</td>
-       <td>2024-02-12 03:15:32</td>
-       <td>create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25739">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>060f7bf21981a500e82c1c0eefef12a8</td>
-       <td>CVE-2023-52429</td>
-       <td>2024-02-12 03:15:32</td>
-       <td>dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52429">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8fa5a716a7437bfdae163da7d9ecc0e1</td>
-       <td>CVE-2024-1433</td>
-       <td>2024-02-11 23:15:07</td>
-       <td>A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1433">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2ee0f376aaf6f42762853e62d254d63a</td>
-       <td>CVE-2024-25728</td>
-       <td>2024-02-11 22:15:08</td>
-       <td>ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25728">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6ef8c696e1d824edf671edcd48a1011b</td>
-       <td>CVE-2024-25419</td>
-       <td>2024-02-11 21:15:46</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25419">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>883e1f93e289237f7a3e603c99a7ca30</td>
-       <td>CVE-2024-25418</td>
-       <td>2024-02-11 21:15:46</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25418">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c3703210bec0c4bc80d80dcce840cec2</td>
-       <td>CVE-2024-25417</td>
-       <td>2024-02-11 21:15:46</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25417">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>