Updated by Github Bot

EXP-Tools · Jun 28, 2024 · 0f455c8 · 0f455c8
1 parent e593704
commit 0f455c8
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -106,3 +106,13 @@ eeea53a7b5ca82f7d34ea9bccde779d0
 31661febd1eab5aec60f5afb7b3b9c4e
 dc431a9e2c63dd8e3a80208312c9c177
 7c81eadaaa3f0423f64263b10dbebeac
+890b825dc35427ce84a7fddf5dfac118
+8b37e15063ac7d2b199d6d9b92839942
+55a8fee18fa0de29b9725891e8b0a72b
+ec2763e814e5506406af94052703912b
+ca3537a7b08fa041ed58e5c76443c06b
+fc08fa4778d462db16b7d8656603d54d
+2922f9667bac457d49f423c41be93e11
+dafb147056acdb7907846e3877546cbd
+82c07e3d80afdf4d1216562365a53309
+5f890c739b8718dd54674ed014876ee1
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-28 09:22:36 -->
+<!-- RELEASE TIME : 2024-06-28 18:26:58 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>890b825dc35427ce84a7fddf5dfac118</td>
+       <td>CVE-2024-6071</td>
+       <td>2024-06-27 23:15:50 <img src="imgs/new.gif" /></td>
+       <td>PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6071">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8b37e15063ac7d2b199d6d9b92839942</td>
+       <td>CVE-2016-20022</td>
+       <td>2024-06-27 23:15:50 <img src="imgs/new.gif" /></td>
+       <td>In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2016-20022">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>55a8fee18fa0de29b9725891e8b0a72b</td>
+       <td>CVE-2024-4395</td>
+       <td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
+       <td>The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4395">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ec2763e814e5506406af94052703912b</td>
+       <td>CVE-2024-39705</td>
+       <td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
+       <td>NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39705">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ca3537a7b08fa041ed58e5c76443c06b</td>
+       <td>CVE-2024-36059</td>
+       <td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
+       <td>Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36059">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fc08fa4778d462db16b7d8656603d54d</td>
+       <td>CVE-2023-52892</td>
+       <td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
+       <td>In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52892">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2922f9667bac457d49f423c41be93e11</td>
+       <td>CVE-2024-5642</td>
+       <td>2024-06-27 21:15:16 <img src="imgs/new.gif" /></td>
+       <td>CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5642">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dafb147056acdb7907846e3877546cbd</td>
+       <td>CVE-2024-39209</td>
+       <td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
+       <td>luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39209">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>82c07e3d80afdf4d1216562365a53309</td>
+       <td>CVE-2024-39134</td>
+       <td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
+       <td>A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39134">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5f890c739b8718dd54674ed014876ee1</td>
+       <td>CVE-2024-39132</td>
+       <td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
+       <td>A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39132">详情</a></td>
+      </tr>
+
       <tr>
        <td>e4577f8d7c4d4648ec18dfdb49019814</td>
        <td>CVE-2024-6374</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37252">详情</a></td>
       </tr>
 
-      <tr>
-       <td>f4c4ff5f31d8319039c250994983e98b</td>
-       <td>CVE-2024-37098</td>
-       <td>2024-06-26 11:15:51</td>
-       <td>Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37098">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c48e0b8b04e450039d4151ad675bbe0d</td>
-       <td>CVE-2024-28830</td>
-       <td>2024-06-26 08:15:09</td>
-       <td>Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28830">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0ad529341312cd3cf34cc67ea8f22cef</td>
-       <td>CVE-2024-5215</td>
-       <td>2024-06-26 07:15:11</td>
-       <td>The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5215">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d65b1a4251c63b04abf905e92c46196e</td>
-       <td>CVE-2024-5573</td>
-       <td>2024-06-26 06:15:17</td>
-       <td>The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5573">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>39c8eaa173dc47f0a2e5a46dda7d0faf</td>
-       <td>CVE-2024-5473</td>
-       <td>2024-06-26 06:15:17</td>
-       <td>The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5473">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3ccc1c5ded776c0041d8c39013680b7e</td>
-       <td>CVE-2024-5332</td>
-       <td>2024-06-26 06:15:16</td>
-       <td>The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5332">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>da0584730f4e8e98173395c8712ac4c0</td>
-       <td>CVE-2024-5199</td>
-       <td>2024-06-26 06:15:16</td>
-       <td>The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5199">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>98fcf2a0f61c6c819086af1a2d7adaa3</td>
-       <td>CVE-2024-5169</td>
-       <td>2024-06-26 06:15:16</td>
-       <td>The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5169">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>86fc95f39e377ba1940c46d814342db6</td>
-       <td>CVE-2024-5071</td>
-       <td>2024-06-26 06:15:16</td>
-       <td>The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5071">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>63450f92c7fe69d7b7c4ec86b8000f93</td>
-       <td>CVE-2024-4959</td>
-       <td>2024-06-26 06:15:16</td>
-       <td>The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4959">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>