Updated by Github Bot

Aabyss-Team · Jan 22, 2025 · 6bfdf21 · 6bfdf21
1 parent 41729c3
commit 6bfdf21
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 11 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -164,3 +164,18 @@ e608fb105a7049859fdc380d250ab6c9
 ce5167d828adc7feda1d0c961259962f
 fcf728e6d8af8f99559c3bb28ffcaa5d
 17091922f64d0269b20662069668c36a
+5377840c1d9d35161cd599ad60b035e0
+1fa961c290ff72c47d5987799af5c9c4
+7473492f1881f023dae127b1931a3c22
+fa77fbe498139600fb99c2cffb1e1576
+9a325dd9e1bce26581ce0671f320bea7
+6291ecfaab627fed17fd314d46c89bab
+716b1d50f92b6da9df19a83a3a6ba46e
+aa919a5279c03c7008862cd25ed9e79a
+e3fe01ec0909de44840bb4a92634b99f
+d0c1658e997d8e8f64cac42fe0dc7a91
+8b5e417aea20f4541988b9a6a57d6c08
+52f99bdbe5583054caa1de0d30675e2e
+ec8d8b3511544a57820bb108f79cf4c3
+570aff174a7df5bff0d1e7a8b39bf681
+088e95910267255cf91dc0595769a5b3
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2025-01-21 21:25:29 -->
+<!-- RELEASE TIME : 2025-01-22 03:31:25 -->
 <html lang="zh-cn">
 
  <head>
@@ -367,79 +367,79 @@ <h2><a href="https://www.aabyss.cn" target="_blank">渊龙Sec安全团队</a> |
       <tr>
        <td>041117659363a3a7f8cc73c363c3dc0c</td>
        <td>CVE-2025-24337</td>
-       <td>2025-01-20 14:15:27 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 14:15:27</td>
        <td>WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-24337">详情</a></td>
       </tr>
 
       <tr>
        <td>9f813f3f046f9dcd3a893f2aa24fea2c</td>
        <td>CVE-2025-21655</td>
-       <td>2025-01-20 14:15:27 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 14:15:27</td>
        <td>In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-21655">详情</a></td>
       </tr>
 
       <tr>
        <td>884c68164dc181cae44b67d30e9ed9db</td>
        <td>CVE-2024-13176</td>
-       <td>2025-01-20 14:15:26 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 14:15:26</td>
        <td>Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13176">详情</a></td>
       </tr>
 
       <tr>
        <td>1a8fc5b6ad4053fc025224dc2e070c95</td>
        <td>CVE-2023-52923</td>
-       <td>2025-01-20 10:48:13 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 10:48:13</td>
        <td>In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52923">详情</a></td>
       </tr>
 
       <tr>
        <td>1f4000f198b297d781340dc3dfdbc6a6</td>
        <td>CVE-2025-0590</td>
-       <td>2025-01-20 07:17:10 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 07:17:10</td>
        <td>Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0590">详情</a></td>
       </tr>
 
       <tr>
        <td>c4df16c25f8484681234c90fb51aa38d</td>
        <td>CVE-2025-0586</td>
-       <td>2025-01-20 03:15:09 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 03:15:09</td>
        <td>The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0586">详情</a></td>
       </tr>
 
       <tr>
        <td>57c64641138b9e0a14974ba0ceaae4b3</td>
        <td>CVE-2025-0585</td>
-       <td>2025-01-20 03:15:09 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 03:15:09</td>
        <td>The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0585">详情</a></td>
       </tr>
 
       <tr>
        <td>d54818cca93ccf4c67cf428ff157990f</td>
        <td>CVE-2025-0584</td>
-       <td>2025-01-20 03:15:09 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 03:15:09</td>
        <td>The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0584">详情</a></td>
       </tr>
 
       <tr>
        <td>5cd84b3f052ac13a6fe560b0047fc444</td>
        <td>CVE-2025-0582</td>
-       <td>2025-01-20 03:15:08 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 03:15:08</td>
        <td>A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0582">详情</a></td>
       </tr>
 
       <tr>
        <td>6cf94fbff9b3a77ea94e58b699285f0e</td>
        <td>CVE-2025-0581</td>
-       <td>2025-01-20 03:15:08 <img src="imgs/new.gif" /></td>
+       <td>2025-01-20 03:15:08</td>
        <td>A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0581">详情</a></td>
       </tr>