diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index f8e437f393f..5fb7eaf05e0 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -119,3 +119,13 @@ ccd227fb37073d72abf26615d5e6b7b7 7a22bd141a385c65d03784f256714df4 889358fdb71a619f8ed4bbbb7e638f51 9b0eaa529de70405c616b33e6e19f738 +e70775c5400c56ec2696912397deb270 +a358cd97f5f6610fcd47d502b7f79351 +75cd186877a73df391994b10fcf71849 +d0d78ffc6e073d6af7b2165b4c0f8645 +dffe4fa2b7709d60703890ca848c48c0 +045fb6a08e18d9e4a46b5f6d1c3649ba +3bfab115ee475890e74e0a462a6ee00f +0c6411dabc3e7799ca7b24bd9408650d +6f07134437130cd8f100b038a1811ee6 +1cf21763e7f8f94e271cffc855277062 diff --git a/data/cves.db b/data/cves.db index 2c9ea259d2c..e1cdfacc3d4 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index ce22483e768..68b838f4a85 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + e70775c5400c56ec2696912397deb270 + CVE-2024-53881 + 2025-01-28 04:15:10 + NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. + 详情 + + + + a358cd97f5f6610fcd47d502b7f79351 + CVE-2024-53869 + 2025-01-28 04:15:10 + NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. + 详情 + + + + 75cd186877a73df391994b10fcf71849 + CVE-2024-0150 + 2025-01-28 04:15:09 + NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. + 详情 + + + + d0d78ffc6e073d6af7b2165b4c0f8645 + CVE-2024-0149 + 2025-01-28 04:15:09 + NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. + 详情 + + + + dffe4fa2b7709d60703890ca848c48c0 + CVE-2024-0147 + 2025-01-28 04:15:09 + NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. + 详情 + + + + 045fb6a08e18d9e4a46b5f6d1c3649ba + CVE-2024-0146 + 2025-01-28 04:15:09 + NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. + 详情 + + + + 3bfab115ee475890e74e0a462a6ee00f + CVE-2024-0140 + 2025-01-28 04:15:08 + NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. + 详情 + + + + 0c6411dabc3e7799ca7b24bd9408650d + CVE-2024-0137 + 2025-01-28 03:15:07 + NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. + 详情 + + + + 6f07134437130cd8f100b038a1811ee6 + CVE-2024-0136 + 2025-01-28 03:15:07 + NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. + 详情 + + + + 1cf21763e7f8f94e271cffc855277062 + CVE-2024-0135 + 2025-01-28 03:15:07 + NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. + 详情 + + 3ea15887f79aa89dee457c0044404ade CVE-2023-46187 @@ -310,7 +390,7 @@

眈眈探求 | + 2025-01-26 23:15:21 A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -318,7 +398,7 @@

眈眈探求 | + 2025-01-26 18:15:27 A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -326,7 +406,7 @@

眈眈探求 | + 2025-01-26 16:15:30 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. 详情 @@ -334,7 +414,7 @@

眈眈探求 | + 2025-01-26 16:15:30 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. 详情 @@ -342,7 +422,7 @@

眈眈探求 | + 2025-01-26 16:15:30 IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. 详情 @@ -350,7 +430,7 @@

眈眈探求 | + 2025-01-26 15:15:22 IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2025-01-26 12:15:28 The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - e6fd6f21e816100de917a7e8f09bccb1 - CVE-2024-50698 - 2025-01-24 23:15:09 - SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. - 详情 - - - - 1cff5b2038a407211c35568ad30c1ec4 - CVE-2024-50697 - 2025-01-24 23:15:09 - In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. - 详情 - - - - b12f9a601de96873b859b352b774397e - CVE-2024-50695 - 2025-01-24 23:15:09 - SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. - 详情 - - - - 7eecf262e71a556e70e77ed76e30bf00 - CVE-2024-50694 - 2025-01-24 23:15:09 - In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. - 详情 - - - - 6545dc607b609c503c48a1dd5e1c46f2 - CVE-2024-50692 - 2025-01-24 23:15:08 - SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. - 详情 - - - - 6df72ed68865ea5b033372120f06f7ad - CVE-2024-50690 - 2025-01-24 23:15:08 - SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates. - 详情 - - - - 0160086e99899f5b204b3c0fbac71524 - CVE-2025-21262 - 2025-01-24 22:15:38 - Microsoft Edge (Chromium-based) Spoofing Vulnerability - 详情 - - - - 2b5376e94ad730c3b706ce199fa1a9d1 - CVE-2023-37001 - 2025-01-24 21:38:58 - An ASN.1 parsing vulnerability was found in the srsRAN 4G EPC, where bounds constraints on certain integer types were not enforced. - 详情 - - - - c7d9f1df9d91e5ee41d5ab3b917c1250 - CVE-2023-37041 - 2025-01-24 21:38:39 - A malformed S1Setup Request S1AP packet will cause Nucleus to crash due to memory corruption. The memory corruption happens during ASN.1 parsing and is manifest once structures are freed. - 详情 - - - - 55a8339e9facdc2c651d44f682f0feba - CVE-2023-37042 - 2025-01-24 21:38:23 - An off-by-one error in initializing memory pools leads to memory corruption when certain memory is allocated in the SD-Core Nucleus MME. - 详情 - -