Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Jun 29, 2024
1 parent 0f455c8 commit 5e9e252
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 35 deletions.
10 changes: 10 additions & 0 deletions cache/RedQueen.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,3 +116,13 @@ d9a966b10f4798e6973d214f203c3013
56b423772d84f25a19c827588916efdd
06da9c100efb33a0d40bdf9f5db947ab
e29952fab7ad4b1c947ddd1a732bcc40
cba2bcb3899a7a4a012bfd8beae0bbe6
29c06f26f48ecd3077cc9b23f0848b4f
db71e30ebe64b98e20256d7a514e3bd0
1fe5a69f159362dfde3f2de01eae9128
ceb6da33846ccb0f4b8e82cf531d624a
928c9b3819da02ae98f3e8a79c80fbe4
a6b7b824d6123cfa75914e031e944238
576604d187c4d7f1a835adf37528a2ff
79c6e795def8f0b4a409a4de0221bac1
6f586e43ae39588f3e20eb6f5add06b4
Binary file modified data/cves.db
View file
Binary file not shown.
70 changes: 35 additions & 35 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-06-28 18:26:58 -->
<!-- RELEASE TIME : 2024-06-29 01:23:22 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -286,223 +286,223 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>890b825dc35427ce84a7fddf5dfac118</td>
<td>CVE-2024-6071</td>
<td>2024-06-27 23:15:50 <img src="imgs/new.gif" /></td>
<td>2024-06-27 23:15:50</td>
<td>PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6071">详情</a></td>
</tr>

<tr>
<td>8b37e15063ac7d2b199d6d9b92839942</td>
<td>CVE-2016-20022</td>
<td>2024-06-27 23:15:50 <img src="imgs/new.gif" /></td>
<td>2024-06-27 23:15:50</td>
<td>In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2016-20022">详情</a></td>
</tr>

<tr>
<td>55a8fee18fa0de29b9725891e8b0a72b</td>
<td>CVE-2024-4395</td>
<td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
<td>2024-06-27 22:15:10</td>
<td>The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4395">详情</a></td>
</tr>

<tr>
<td>ec2763e814e5506406af94052703912b</td>
<td>CVE-2024-39705</td>
<td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
<td>2024-06-27 22:15:10</td>
<td>NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39705">详情</a></td>
</tr>

<tr>
<td>ca3537a7b08fa041ed58e5c76443c06b</td>
<td>CVE-2024-36059</td>
<td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
<td>2024-06-27 22:15:10</td>
<td>Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36059">详情</a></td>
</tr>

<tr>
<td>fc08fa4778d462db16b7d8656603d54d</td>
<td>CVE-2023-52892</td>
<td>2024-06-27 22:15:10 <img src="imgs/new.gif" /></td>
<td>2024-06-27 22:15:10</td>
<td>In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52892">详情</a></td>
</tr>

<tr>
<td>2922f9667bac457d49f423c41be93e11</td>
<td>CVE-2024-5642</td>
<td>2024-06-27 21:15:16 <img src="imgs/new.gif" /></td>
<td>2024-06-27 21:15:16</td>
<td>CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5642">详情</a></td>
</tr>

<tr>
<td>dafb147056acdb7907846e3877546cbd</td>
<td>CVE-2024-39209</td>
<td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 21:15:15</td>
<td>luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39209">详情</a></td>
</tr>

<tr>
<td>82c07e3d80afdf4d1216562365a53309</td>
<td>CVE-2024-39134</td>
<td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 21:15:15</td>
<td>A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39134">详情</a></td>
</tr>

<tr>
<td>5f890c739b8718dd54674ed014876ee1</td>
<td>CVE-2024-39132</td>
<td>2024-06-27 21:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 21:15:15</td>
<td>A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39132">详情</a></td>
</tr>

<tr>
<td>e4577f8d7c4d4648ec18dfdb49019814</td>
<td>CVE-2024-6374</td>
<td>2024-06-27 14:15:17 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:17</td>
<td>A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269807.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6374">详情</a></td>
</tr>

<tr>
<td>864faf359211c3e2cff22b2e4fa592f6</td>
<td>CVE-2024-39158</td>
<td>2024-06-27 14:15:16 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:16</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39158">详情</a></td>
</tr>

<tr>
<td>f7cd31be716429709333cbf98645b11d</td>
<td>CVE-2024-39157</td>
<td>2024-06-27 14:15:16 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:16</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39157">详情</a></td>
</tr>

<tr>
<td>a325556ff3f3e3b8af5ff2681c70dedb</td>
<td>CVE-2024-39156</td>
<td>2024-06-27 14:15:16 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:16</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39156">详情</a></td>
</tr>

<tr>
<td>de051cde67987654b660cba5ce3073c6</td>
<td>CVE-2024-39155</td>
<td>2024-06-27 14:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:15</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39155">详情</a></td>
</tr>

<tr>
<td>4874458875c0a65e5fcd00bc97a3f073</td>
<td>CVE-2024-39154</td>
<td>2024-06-27 14:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:15</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39154">详情</a></td>
</tr>

<tr>
<td>e97103dd07bec60d514bf2cbce2781a7</td>
<td>CVE-2024-39153</td>
<td>2024-06-27 14:15:15 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:15</td>
<td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39153">详情</a></td>
</tr>

<tr>
<td>6708a673f548c15f7d8dbbdd613cf22a</td>
<td>CVE-2024-1153</td>
<td>2024-06-27 14:15:12 <img src="imgs/new.gif" /></td>
<td>2024-06-27 14:15:12</td>
<td>Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1153">详情</a></td>
</tr>

<tr>
<td>36d3d1c1921836f21f9bbb1187704feb</td>
<td>CVE-2024-6373</td>
<td>2024-06-27 13:16:02 <img src="imgs/new.gif" /></td>
<td>2024-06-27 13:16:02</td>
<td>A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6373">详情</a></td>
</tr>

<tr>
<td>f20d744667e2bedecc9279d6265c0fac</td>
<td>CVE-2024-6372</td>
<td>2024-06-27 13:16:02 <img src="imgs/new.gif" /></td>
<td>2024-06-27 13:16:02</td>
<td>A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269805 was assigned to this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6372">详情</a></td>
</tr>

<tr>
<td>eeea53a7b5ca82f7d34ea9bccde779d0</td>
<td>CVE-2024-6371</td>
<td>2024-06-27 13:16:01 <img src="imgs/new.gif" /></td>
<td>2024-06-27 13:16:01</td>
<td>A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269804.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6371">详情</a></td>
</tr>

<tr>
<td>01b38aa63a7c181f44adb099ab0a4c3a</td>
<td>CVE-2024-38515</td>
<td>2024-06-27 13:16:00 <img src="imgs/new.gif" /></td>
<td>2024-06-27 13:16:00</td>
<td>Rejected reason: This CVE is a duplicate of CVE-2024-38374.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38515">详情</a></td>
</tr>

<tr>
<td>37fa1ae0584dd61814df8743c4313a10</td>
<td>CVE-2024-1107</td>
<td>2024-06-27 13:15:54 <img src="imgs/new.gif" /></td>
<td>2024-06-27 13:15:54</td>
<td>Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1107">详情</a></td>
</tr>

<tr>
<td>14dfbd1d1fcdfc69d245483a420401f2</td>
<td>CVE-2024-6370</td>
<td>2024-06-27 12:15:31 <img src="imgs/new.gif" /></td>
<td>2024-06-27 12:15:31</td>
<td>A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6370">详情</a></td>
</tr>

<tr>
<td>3e2bad140d080413a4a48d32d1a95a01</td>
<td>CVE-2024-6369</td>
<td>2024-06-27 12:15:30 <img src="imgs/new.gif" /></td>
<td>2024-06-27 12:15:30</td>
<td>A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6369">详情</a></td>
</tr>

<tr>
<td>31661febd1eab5aec60f5afb7b3b9c4e</td>
<td>CVE-2024-6368</td>
<td>2024-06-27 12:15:30 <img src="imgs/new.gif" /></td>
<td>2024-06-27 12:15:30</td>
<td>A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6368">详情</a></td>
</tr>

<tr>
<td>dc431a9e2c63dd8e3a80208312c9c177</td>
<td>CVE-2024-6367</td>
<td>2024-06-27 12:15:29 <img src="imgs/new.gif" /></td>
<td>2024-06-27 12:15:29</td>
<td>A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6367">详情</a></td>
</tr>

<tr>
<td>7c81eadaaa3f0423f64263b10dbebeac</td>
<td>CVE-2024-6262</td>
<td>2024-06-27 11:15:25 <img src="imgs/new.gif" /></td>
<td>2024-06-27 11:15:25</td>
<td>The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6262">详情</a></td>
</tr>
Expand Down Expand Up @@ -2174,47 +2174,47 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>7e2e6aba7753d61a75ef34fdc6ba6286</td>
<td>CVE-2023-7164</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>WordPress BackWPup Plugin信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97541">详情</a></td>
</tr>

<tr>
<td>1e285275ba77d8c28cc3933f40ca9676</td>
<td>CVE-2024-0083</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>NVIDIA ChatRTX跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97540">详情</a></td>
</tr>

<tr>
<td>895894dda5c583a05eebb8596b211abe</td>
<td>CVE-2023-52544</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>Huawei HarmonyOS路径遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97539">详情</a></td>
</tr>

<tr>
<td>7e4e749c08596bb1fb0f4dca1c12c671</td>
<td>CVE-2024-28167</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>SAP Group Reporting Data Collection授权错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97538">详情</a></td>
</tr>

<tr>
<td>d23db2d29ec1bbb5a2b3533b2328c3fd</td>
<td>CVE-2023-52546</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>Huawei HarmonyOS路径遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97536">详情</a></td>
</tr>

<tr>
<td>96e2dff3e907b0e42a2fcb6334b6f2b4</td>
<td>CVE-2023-52551</td>
<td>2024-06-27 09:20:09 <img src="imgs/new.gif" /></td>
<td>2024-06-27 09:20:09</td>
<td>Huawei HarmonyOS缓冲区溢出漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/97535">详情</a></td>
</tr>
Expand Down

0 comments on commit 5e9e252

Please sign in to comment.