Updated by Github Bot

EXP-Tools · Jun 17, 2024 · d18f169 · d18f169
1 parent 79ab13a
commit d18f169
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -157,3 +157,13 @@ a42fef46d65fe176cee367dbccaf787d
 86d64e94fbb0f829fd5df8495b6db80c
 37760a17c263186827c1871536405e07
 ff64334c57d3dcc82a0e392857242c59
+4ef1d7b9886e237f8ae624fcdf0cabc0
+8ccfecfdc0452d83f7431dd25699e9a3
+7e3f0fede10d9b124ecbe837bc18a891
+f9ec0370e10bdf51b8530c1ce17fc1ee
+a113c7b2fb346c8005fe16f2505abf78
+806735c6828271318043e9684ba1055b
+45c1c93016421d561ca184f45f29e128
+20c09afa80ee519ae58f48e9b38372d6
+d418c2381198c7e6082d53b4f4608b4e
+b05c7f76e3f99fc540d2bddb90230831
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-17 18:27:30 -->
+<!-- RELEASE TIME : 2024-06-17 21:20:29 -->
 <html lang="zh-cn">
 
  <head>
@@ -363,6 +363,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37623">详情</a></td>
       </tr>
 
+      <tr>
+       <td>4ef1d7b9886e237f8ae624fcdf0cabc0</td>
+       <td>CVE-2024-6057</td>
+       <td>2024-06-17 13:15:53 <img src="imgs/new.gif" /></td>
+       <td>Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6057">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8ccfecfdc0452d83f7431dd25699e9a3</td>
+       <td>CVE-2024-6055</td>
+       <td>2024-06-17 13:15:53 <img src="imgs/new.gif" /></td>
+       <td>Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6055">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7e3f0fede10d9b124ecbe837bc18a891</td>
+       <td>CVE-2024-5741</td>
+       <td>2024-06-17 12:15:48 <img src="imgs/new.gif" /></td>
+       <td>Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5741">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f9ec0370e10bdf51b8530c1ce17fc1ee</td>
+       <td>CVE-2024-6048</td>
+       <td>2024-06-17 08:15:49 <img src="imgs/new.gif" /></td>
+       <td>Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6048">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a113c7b2fb346c8005fe16f2505abf78</td>
+       <td>CVE-2024-36289</td>
+       <td>2024-06-17 08:15:49 <img src="imgs/new.gif" /></td>
+       <td>Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36289">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>806735c6828271318043e9684ba1055b</td>
+       <td>CVE-2024-36279</td>
+       <td>2024-06-17 08:15:48 <img src="imgs/new.gif" /></td>
+       <td>Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36279">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>45c1c93016421d561ca184f45f29e128</td>
+       <td>CVE-2024-36277</td>
+       <td>2024-06-17 08:15:48 <img src="imgs/new.gif" /></td>
+       <td>Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36277">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>20c09afa80ee519ae58f48e9b38372d6</td>
+       <td>CVE-2024-5650</td>
+       <td>2024-06-17 07:15:41 <img src="imgs/new.gif" /></td>
+       <td>DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as follows: CENTUM CS 3000 R3.08.10 to R3.09.50 CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5650">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d418c2381198c7e6082d53b4f4608b4e</td>
+       <td>CVE-2024-6047</td>
+       <td>2024-06-17 06:15:09 <img src="imgs/new.gif" /></td>
+       <td>Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6047">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b05c7f76e3f99fc540d2bddb90230831</td>
+       <td>CVE-2024-4305</td>
+       <td>2024-06-17 06:15:09 <img src="imgs/new.gif" /></td>
+       <td>The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4305">详情</a></td>
+      </tr>
+
       <tr>
        <td>2022b8875db6ba4b1d40901f13fc0aca</td>
        <td>CVE-2024-38468</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38457">详情</a></td>
       </tr>
 
-      <tr>
-       <td>b27c5c4cf1d1ceeddca212aa87a1a8ce</td>
-       <td>CVE-2024-38443</td>
-       <td>2024-06-16 13:15:53 <img src="imgs/new.gif" /></td>
-       <td>C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38443">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1257f3302d773ea5e9cf7735d0573f82</td>
-       <td>CVE-2024-38441</td>
-       <td>2024-06-16 13:15:53 <img src="imgs/new.gif" /></td>
-       <td>Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afp/directory.c.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38441">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>88a26db15b32269a71f6eb5622ef80f3</td>
-       <td>CVE-2024-38440</td>
-       <td>2024-06-16 13:15:53 <img src="imgs/new.gif" /></td>
-       <td>Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38440">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e4f3c925c38bab0e1e1d712d09d978e2</td>
-       <td>CVE-2024-38439</td>
-       <td>2024-06-16 13:15:53 <img src="imgs/new.gif" /></td>
-       <td>Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38439">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>81326ac26d80577f6e673cca59bf9dcf</td>
-       <td>CVE-2024-36397</td>
-       <td>2024-06-16 08:15:31 <img src="imgs/new.gif" /></td>
-       <td>Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36397">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8137fb9d7e9a73a667a557aeb8751910</td>
-       <td>CVE-2024-38428</td>
-       <td>2024-06-16 03:15:08 <img src="imgs/new.gif" /></td>
-       <td>url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38428">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>83192939ff2089891df86a45f80b1663</td>
-       <td>CVE-2024-38427</td>
-       <td>2024-06-16 02:15:08 <img src="imgs/new.gif" /></td>
-       <td>In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38427">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d32f5b404e52c58fc0b13f01d4a3954d</td>
-       <td>CVE-2024-38395</td>
-       <td>2024-06-16 01:15:48 <img src="imgs/new.gif" /></td>
-       <td>In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38395">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>feb04fc1bee98789ee1998e47fbb6db7</td>
-       <td>CVE-2024-38394</td>
-       <td>2024-06-16 00:15:49 <img src="imgs/new.gif" /></td>
-       <td>Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38394">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>be6cbc4f13d40166e0294211bfd12fe5</td>
-       <td>CVE-2024-6016</td>
-       <td>2024-06-15 19:15:48</td>
-       <td>A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6016">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>