Updated by Github Bot

EXP-Tools · Jan 28, 2025 · 7f7e0af · 7f7e0af
1 parent 7ca4f17
commit 7f7e0af
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 88 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -119,3 +119,13 @@ ccd227fb37073d72abf26615d5e6b7b7
 7a22bd141a385c65d03784f256714df4
 889358fdb71a619f8ed4bbbb7e638f51
 9b0eaa529de70405c616b33e6e19f738
+e70775c5400c56ec2696912397deb270
+a358cd97f5f6610fcd47d502b7f79351
+75cd186877a73df391994b10fcf71849
+d0d78ffc6e073d6af7b2165b4c0f8645
+dffe4fa2b7709d60703890ca848c48c0
+045fb6a08e18d9e4a46b5f6d1c3649ba
+3bfab115ee475890e74e0a462a6ee00f
+0c6411dabc3e7799ca7b24bd9408650d
+6f07134437130cd8f100b038a1811ee6
+1cf21763e7f8f94e271cffc855277062
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2025-01-27 03:26:24 -->
+<!-- RELEASE TIME : 2025-01-28 06:31:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>e70775c5400c56ec2696912397deb270</td>
+       <td>CVE-2024-53881</td>
+       <td>2025-01-28 04:15:10 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53881">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a358cd97f5f6610fcd47d502b7f79351</td>
+       <td>CVE-2024-53869</td>
+       <td>2025-01-28 04:15:10 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53869">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>75cd186877a73df391994b10fcf71849</td>
+       <td>CVE-2024-0150</td>
+       <td>2025-01-28 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0150">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d0d78ffc6e073d6af7b2165b4c0f8645</td>
+       <td>CVE-2024-0149</td>
+       <td>2025-01-28 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0149">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dffe4fa2b7709d60703890ca848c48c0</td>
+       <td>CVE-2024-0147</td>
+       <td>2025-01-28 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0147">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>045fb6a08e18d9e4a46b5f6d1c3649ba</td>
+       <td>CVE-2024-0146</td>
+       <td>2025-01-28 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0146">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3bfab115ee475890e74e0a462a6ee00f</td>
+       <td>CVE-2024-0140</td>
+       <td>2025-01-28 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0140">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0c6411dabc3e7799ca7b24bd9408650d</td>
+       <td>CVE-2024-0137</td>
+       <td>2025-01-28 03:15:07 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0137">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6f07134437130cd8f100b038a1811ee6</td>
+       <td>CVE-2024-0136</td>
+       <td>2025-01-28 03:15:07 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0136">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>1cf21763e7f8f94e271cffc855277062</td>
+       <td>CVE-2024-0135</td>
+       <td>2025-01-28 03:15:07 <img src="imgs/new.gif" /></td>
+       <td>NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0135">详情</a></td>
+      </tr>
+
       <tr>
        <td>3ea15887f79aa89dee457c0044404ade</td>
        <td>CVE-2023-46187</td>
@@ -310,55 +390,55 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>ccd227fb37073d72abf26615d5e6b7b7</td>
        <td>CVE-2025-0720</td>
-       <td>2025-01-26 23:15:21 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 23:15:21</td>
        <td>A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0720">详情</a></td>
       </tr>
 
       <tr>
        <td>43f8fb2e388cde14b6a7294733586e5a</td>
        <td>CVE-2017-20196</td>
-       <td>2025-01-26 18:15:27 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 18:15:27</td>
        <td>A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2017-20196">详情</a></td>
       </tr>
 
       <tr>
        <td>9cf345068f875f44ed68fe3f66bcd5cd</td>
        <td>CVE-2023-50946</td>
-       <td>2025-01-26 16:15:30 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 16:15:30</td>
        <td>IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50946">详情</a></td>
       </tr>
 
       <tr>
        <td>117b9f40dd4302c356ddeb53a3ed0a44</td>
        <td>CVE-2023-50945</td>
-       <td>2025-01-26 16:15:30 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 16:15:30</td>
        <td>IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50945">详情</a></td>
       </tr>
 
       <tr>
        <td>7a22bd141a385c65d03784f256714df4</td>
        <td>CVE-2023-38009</td>
-       <td>2025-01-26 16:15:30 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 16:15:30</td>
        <td>IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-38009">详情</a></td>
       </tr>
 
       <tr>
        <td>889358fdb71a619f8ed4bbbb7e638f51</td>
        <td>CVE-2024-31906</td>
-       <td>2025-01-26 15:15:22 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 15:15:22</td>
        <td>IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31906">详情</a></td>
       </tr>
 
       <tr>
        <td>9b0eaa529de70405c616b33e6e19f738</td>
        <td>CVE-2024-13505</td>
-       <td>2025-01-26 12:15:28 <img src="imgs/new.gif" /></td>
+       <td>2025-01-26 12:15:28</td>
        <td>The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13505">详情</a></td>
       </tr>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35113">详情</a></td>
       </tr>
 
-      <tr>
-       <td>e6fd6f21e816100de917a7e8f09bccb1</td>
-       <td>CVE-2024-50698</td>
-       <td>2025-01-24 23:15:09</td>
-       <td>SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50698">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1cff5b2038a407211c35568ad30c1ec4</td>
-       <td>CVE-2024-50697</td>
-       <td>2025-01-24 23:15:09</td>
-       <td>In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50697">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b12f9a601de96873b859b352b774397e</td>
-       <td>CVE-2024-50695</td>
-       <td>2025-01-24 23:15:09</td>
-       <td>SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50695">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7eecf262e71a556e70e77ed76e30bf00</td>
-       <td>CVE-2024-50694</td>
-       <td>2025-01-24 23:15:09</td>
-       <td>In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50694">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6545dc607b609c503c48a1dd5e1c46f2</td>
-       <td>CVE-2024-50692</td>
-       <td>2025-01-24 23:15:08</td>
-       <td>SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50692">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6df72ed68865ea5b033372120f06f7ad</td>
-       <td>CVE-2024-50690</td>
-       <td>2025-01-24 23:15:08</td>
-       <td>SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50690">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0160086e99899f5b204b3c0fbac71524</td>
-       <td>CVE-2025-21262</td>
-       <td>2025-01-24 22:15:38</td>
-       <td>Microsoft Edge (Chromium-based) Spoofing Vulnerability</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-21262">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2b5376e94ad730c3b706ce199fa1a9d1</td>
-       <td>CVE-2023-37001</td>
-       <td>2025-01-24 21:38:58</td>
-       <td>An ASN.1 parsing vulnerability was found in the srsRAN 4G EPC, where bounds constraints on certain integer types were not enforced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37001">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c7d9f1df9d91e5ee41d5ab3b917c1250</td>
-       <td>CVE-2023-37041</td>
-       <td>2025-01-24 21:38:39</td>
-       <td>A malformed S1Setup Request S1AP packet will cause Nucleus to crash due to memory corruption. The memory corruption happens during ASN.1 parsing and is manifest once structures are freed.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37041">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>55a8339e9facdc2c651d44f682f0feba</td>
-       <td>CVE-2023-37042</td>
-       <td>2025-01-24 21:38:23</td>
-       <td>An off-by-one error in initializing memory pools leads to memory corruption when certain memory is allocated in the SD-Core Nucleus MME.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37042">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>