Commit from GitHub Actions (Update List)

khulnasoft-lab · Feb 17, 2025 · 535a78c · 535a78c
1 parent d394f0d
commit 535a78c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 30 deletions.
diff --git a/data/data.csv b/data/data.csv
@@ -6214,7 +6214,7 @@ CVE-2024-1212,10.0,0.93714,"Unauthenticated remote attackers can access the syst
 
 ",2024-02-21 18:15:50.417,CISA/Metasploit/Nuclei
 CVE-2024-12209,9.8,0.02909,"The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",2024-12-08 06:15:04.823,Nuclei
-CVE-2024-12356,9.8,0.01304,A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.,2024-12-17 05:15:06.413,CISA
+CVE-2024-12356,9.8,0.01304,A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.,2024-12-17 05:15:06.413,CISA/Metasploit
 CVE-2024-12686,6.6,0.0618,A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.,2024-12-18 21:15:08.020,CISA
 CVE-2024-12849,7.5,0.00525,"The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",2025-01-07 06:15:17.607,Nuclei
 CVE-2024-1380,5.3,0.00082,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.",2024-03-13 16:15:20.903,Nuclei
@@ -6853,6 +6853,7 @@ CVE-2025-0411,7.0,0.00402,"7-Zip Mark-of-the-Web Bypass Vulnerability. This vuln
 
 The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.",2025-01-25 05:15:09.533,CISA
 CVE-2025-0994,8.8,0.05395,Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.,2025-02-06 16:15:41.493,CISA
+CVE-2025-1094,8.1,0.00043,"Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.  Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal.  Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL.  Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.",2025-02-13 13:15:09.130,Metasploit
 CVE-2025-21333,7.8,0.00051,Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,2025-01-14 18:15:58.530,CISA
 CVE-2025-21334,7.8,0.00098,Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,2025-01-14 18:15:58.770,CISA
 CVE-2025-21335,7.8,0.00098,Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,2025-01-14 18:15:58.960,CISA

diff --git a/secpatch.ipynb b/secpatch.ipynb
@@ -5,10 +5,10 @@
    "execution_count": 1,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:41.184634Z",
-     "iopub.status.busy": "2025-02-17T12:37:41.184465Z",
-     "iopub.status.idle": "2025-02-17T12:37:43.653228Z",
-     "shell.execute_reply": "2025-02-17T12:37:43.652721Z"
+     "iopub.execute_input": "2025-02-17T18:24:28.846443Z",
+     "iopub.status.busy": "2025-02-17T18:24:28.846270Z",
+     "iopub.status.idle": "2025-02-17T18:24:29.653469Z",
+     "shell.execute_reply": "2025-02-17T18:24:29.652799Z"
     }
    },
    "outputs": [],
@@ -33,10 +33,10 @@
    "execution_count": 2,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:43.655796Z",
-     "iopub.status.busy": "2025-02-17T12:37:43.655208Z",
-     "iopub.status.idle": "2025-02-17T12:37:43.667434Z",
-     "shell.execute_reply": "2025-02-17T12:37:43.666851Z"
+     "iopub.execute_input": "2025-02-17T18:24:29.655852Z",
+     "iopub.status.busy": "2025-02-17T18:24:29.655618Z",
+     "iopub.status.idle": "2025-02-17T18:24:29.666506Z",
+     "shell.execute_reply": "2025-02-17T18:24:29.666057Z"
     }
    },
    "outputs": [],
@@ -57,10 +57,10 @@
    "execution_count": 3,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:43.669362Z",
-     "iopub.status.busy": "2025-02-17T12:37:43.669023Z",
-     "iopub.status.idle": "2025-02-17T12:37:43.684489Z",
-     "shell.execute_reply": "2025-02-17T12:37:43.684062Z"
+     "iopub.execute_input": "2025-02-17T18:24:29.668356Z",
+     "iopub.status.busy": "2025-02-17T18:24:29.667971Z",
+     "iopub.status.idle": "2025-02-17T18:24:29.681473Z",
+     "shell.execute_reply": "2025-02-17T18:24:29.680931Z"
     }
    },
    "outputs": [],
@@ -76,18 +76,18 @@
    "execution_count": 4,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:43.686482Z",
-     "iopub.status.busy": "2025-02-17T12:37:43.686058Z",
-     "iopub.status.idle": "2025-02-17T12:37:43.806726Z",
-     "shell.execute_reply": "2025-02-17T12:37:43.806093Z"
+     "iopub.execute_input": "2025-02-17T18:24:29.683569Z",
+     "iopub.status.busy": "2025-02-17T18:24:29.683127Z",
+     "iopub.status.idle": "2025-02-17T18:24:29.799633Z",
+     "shell.execute_reply": "2025-02-17T18:24:29.799046Z"
     }
    },
    "outputs": [
     {
      "name": "stderr",
      "output_type": "stream",
      "text": [
-      "/tmp/ipykernel_4267/298683809.py:5: SettingWithCopyWarning: \n",
+      "/tmp/ipykernel_4240/298683809.py:5: SettingWithCopyWarning: \n",
       "A value is trying to be set on a copy of a slice from a DataFrame.\n",
       "Try using .loc[row_indexer,col_indexer] = value instead\n",
       "\n",
@@ -110,10 +110,10 @@
    "execution_count": 5,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:43.840302Z",
-     "iopub.status.busy": "2025-02-17T12:37:43.839859Z",
-     "iopub.status.idle": "2025-02-17T12:37:43.928016Z",
-     "shell.execute_reply": "2025-02-17T12:37:43.927366Z"
+     "iopub.execute_input": "2025-02-17T18:24:29.832433Z",
+     "iopub.status.busy": "2025-02-17T18:24:29.832023Z",
+     "iopub.status.idle": "2025-02-17T18:24:29.913026Z",
+     "shell.execute_reply": "2025-02-17T18:24:29.912409Z"
     }
    },
    "outputs": [],
@@ -127,10 +127,10 @@
    "execution_count": 6,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:37:43.930354Z",
-     "iopub.status.busy": "2025-02-17T12:37:43.929995Z",
-     "iopub.status.idle": "2025-02-17T12:38:07.803233Z",
-     "shell.execute_reply": "2025-02-17T12:38:07.802623Z"
+     "iopub.execute_input": "2025-02-17T18:24:29.915308Z",
+     "iopub.status.busy": "2025-02-17T18:24:29.914972Z",
+     "iopub.status.idle": "2025-02-17T18:24:54.285549Z",
+     "shell.execute_reply": "2025-02-17T18:24:54.284878Z"
     }
    },
    "outputs": [],
@@ -225,10 +225,10 @@
    "execution_count": 7,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-17T12:38:07.805266Z",
-     "iopub.status.busy": "2025-02-17T12:38:07.805049Z",
-     "iopub.status.idle": "2025-02-17T12:38:08.021852Z",
-     "shell.execute_reply": "2025-02-17T12:38:08.021194Z"
+     "iopub.execute_input": "2025-02-17T18:24:54.287993Z",
+     "iopub.status.busy": "2025-02-17T18:24:54.287487Z",
+     "iopub.status.idle": "2025-02-17T18:24:54.489986Z",
+     "shell.execute_reply": "2025-02-17T18:24:54.489326Z"
     }
    },
    "outputs": [],