Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Jun 16, 2024
1 parent 44502d3 commit 3cc9ffc
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,13 @@ e4f3c925c38bab0e1e1d712d09d978e2
d32f5b404e52c58fc0b13f01d4a3954d
feb04fc1bee98789ee1998e47fbb6db7
be6cbc4f13d40166e0294211bfd12fe5
2022b8875db6ba4b1d40901f13fc0aca
2109fb9118362c3ae1df7cf1a7050f62
98a368a0b44385920bc42f14229aea6e
c820eab806fba442528afe80e103072a
bd89fad9c1c5bc6087adec157e4eaf78
c28a6537f52ec8f2444dd279383e40ec
53434b51f9af6970dd046f063f0e3f3a
b28c9d35ce5169e5c24fd9c1c40443b7
77359cdf07122364a25186684877416d
31903eec7be53d2678fdb947cf5c363b
Binary file modified data/cves.db
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-06-16 18:27:05 -->
<!-- RELEASE TIME : 2024-06-16 21:22:21 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>2022b8875db6ba4b1d40901f13fc0aca</td>
<td>CVE-2024-38468</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38468">详情</a></td>
</tr>

<tr>
<td>2109fb9118362c3ae1df7cf1a7050f62</td>
<td>CVE-2024-38467</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38467">详情</a></td>
</tr>

<tr>
<td>98a368a0b44385920bc42f14229aea6e</td>
<td>CVE-2024-38466</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38466">详情</a></td>
</tr>

<tr>
<td>c820eab806fba442528afe80e103072a</td>
<td>CVE-2024-38465</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38465">详情</a></td>
</tr>

<tr>
<td>bd89fad9c1c5bc6087adec157e4eaf78</td>
<td>CVE-2024-38462</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38462">详情</a></td>
</tr>

<tr>
<td>c28a6537f52ec8f2444dd279383e40ec</td>
<td>CVE-2024-38461</td>
<td>2024-06-16 16:15:09 <img src="imgs/new.gif" /></td>
<td>irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38461">详情</a></td>
</tr>

<tr>
<td>53434b51f9af6970dd046f063f0e3f3a</td>
<td>CVE-2024-38460</td>
<td>2024-06-16 15:15:51 <img src="imgs/new.gif" /></td>
<td>In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38460">详情</a></td>
</tr>

<tr>
<td>b28c9d35ce5169e5c24fd9c1c40443b7</td>
<td>CVE-2024-38459</td>
<td>2024-06-16 15:15:51 <img src="imgs/new.gif" /></td>
<td>langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38459">详情</a></td>
</tr>

<tr>
<td>77359cdf07122364a25186684877416d</td>
<td>CVE-2024-38458</td>
<td>2024-06-16 15:15:51 <img src="imgs/new.gif" /></td>
<td>Xenforo before 2.2.16 allows code injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38458">详情</a></td>
</tr>

<tr>
<td>31903eec7be53d2678fdb947cf5c363b</td>
<td>CVE-2024-38457</td>
<td>2024-06-16 15:15:51 <img src="imgs/new.gif" /></td>
<td>Xenforo before 2.2.16 allows CSRF.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38457">详情</a></td>
</tr>

<tr>
<td>b27c5c4cf1d1ceeddca212aa87a1a8ce</td>
<td>CVE-2024-38443</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2695">详情</a></td>
</tr>

<tr>
<td>43c333e3eedbed06e2905ee40ccd43e5</td>
<td>CVE-2024-2024</td>
<td>2024-06-14 13:15:51</td>
<td>The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2024">详情</a></td>
</tr>

<tr>
<td>3377d3df2213fa560fc89d1603545be9</td>
<td>CVE-2024-2023</td>
<td>2024-06-14 13:15:50</td>
<td>The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2023">详情</a></td>
</tr>

<tr>
<td>27fcba9daa458f802e0ebf33b0560201</td>
<td>CVE-2024-36459</td>
<td>2024-06-14 12:15:09</td>
<td>A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36459">详情</a></td>
</tr>

<tr>
<td>a197e2156b163d3083ade8bb390628b4</td>
<td>CVE-2023-51376</td>
<td>2024-06-14 11:15:50</td>
<td>Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51376">详情</a></td>
</tr>

<tr>
<td>dc4afe693f1dcba0367635dfcda2a975</td>
<td>CVE-2024-5685</td>
<td>2024-06-14 10:15:10</td>
<td>Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5685">详情</a></td>
</tr>

<tr>
<td>3e9d89696180cd3b325cb40ab7ac2ce5</td>
<td>CVE-2024-3912</td>
<td>2024-06-14 10:15:10</td>
<td>Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3912">详情</a></td>
</tr>

<tr>
<td>a93dcb8a0cf18d818c4aa0a9e6e0a0ff</td>
<td>CVE-2024-34012</td>
<td>2024-06-14 10:15:10</td>
<td>Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34012">详情</a></td>
</tr>

<tr>
<td>11454e8ccc3789541af99de589b7a557</td>
<td>CVE-2024-2472</td>
<td>2024-06-14 10:15:09</td>
<td>The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2472">详情</a></td>
</tr>

<tr>
<td>93b30d718aee6197297c7e82548c10c8</td>
<td>CVE-2024-5996</td>
<td>2024-06-14 09:15:11</td>
<td>The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5996">详情</a></td>
</tr>

<tr>
<td>13b1586065447e11e057703aa57db529</td>
<td>CVE-2024-4863</td>
<td>2024-06-14 09:15:10</td>
<td>The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4863">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 3cc9ffc

Please sign in to comment.