├── .github
└── workflows
│ └── main.yml
├── .gitignore
├── README.md
├── html
├── example.html
├── nothing.html
└── template.html
├── images
├── CVE-Daily-Push_v0.1.0.png
├── CVE-Daily-Push_v0.2.0.png
├── github_token.png
├── mail.png
└── use-1.png
└── scripts
├── get_cves.py
├── requirements.txt
├── run.py
├── sendmail.py
├── test.py
└── write_htmls.py
/.github/workflows/main.yml:
--------------------------------------------------------------------------------
1 | name: CVE Daily Push
2 |
3 | on:
4 | repository_dispatch:
5 | types: [Test_Dispatch]
6 | schedule:
7 | - cron: '0 0 * * *' # UTC时间比北京时间慢8小时,此处表示每天北京时间早上8点运行
8 |
9 | jobs:
10 | run-python:
11 | runs-on: ubuntu-20.04
12 | steps:
13 | - name: Checkout repository
14 | uses: actions/checkout@v2
15 |
16 | - name: Set up Python
17 | uses: actions/setup-python@v2
18 | with:
19 | python-version: '3.10.11' # 选择您想要使用的 Python 版本
20 |
21 | - name: Install dependencies
22 | run: |
23 | python -m pip install --upgrade pip
24 | pip install -r scripts/requirements.txt
25 |
26 | - name: Run Python script
27 | run: python scripts/run.py '${{secrets.MAIL_CONFIG}}' "${{secrets.NIST_API_KEY}}" # 替换成您的 Python 脚本文件名
28 | # run: python scripts/test.py '${{vars.TEST_VAR}}' # 替换成您的 Python 脚本文件名
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ### Example user template template
2 | ### Example user template
3 |
4 | config/
5 | config
6 | test/
7 | test
8 | # IntelliJ project files
9 | .idea
10 | *.iml
11 | out
12 | gen
13 | ### Python template
14 | # Byte-compiled / optimized / DLL files
15 | __pycache__/
16 | *.py[cod]
17 | *$py.class
18 |
19 | # C extensions
20 | *.so
21 |
22 | # Distribution / packaging
23 | .Python
24 | build/
25 | develop-eggs/
26 | dist/
27 | downloads/
28 | eggs/
29 | .eggs/
30 | lib/
31 | lib64/
32 | parts/
33 | sdist/
34 | var/
35 | wheels/
36 | share/python-wheels/
37 | *.egg-info/
38 | .installed.cfg
39 | *.egg
40 | MANIFEST
41 |
42 | # PyInstaller
43 | # Usually these files are written by a python script from a template
44 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
45 | *.manifest
46 | *.spec
47 |
48 | # Installer logs
49 | pip-log.txt
50 | pip-delete-this-directory.txt
51 |
52 | # Unit test / coverage reports
53 | htmlcov/
54 | .tox/
55 | .nox/
56 | .coverage
57 | .coverage.*
58 | .cache
59 | nosetests.xml
60 | coverage.xml
61 | *.cover
62 | *.py,cover
63 | .hypothesis/
64 | .pytest_cache/
65 | cover/
66 |
67 | # Translations
68 | *.mo
69 | *.pot
70 |
71 | # Django stuff:
72 | *.log
73 | local_settings.py
74 | db.sqlite3
75 | db.sqlite3-journal
76 |
77 | # Flask stuff:
78 | instance/
79 | .webassets-cache
80 |
81 | # Scrapy stuff:
82 | .scrapy
83 |
84 | # Sphinx documentation
85 | docs/_build/
86 |
87 | # PyBuilder
88 | .pybuilder/
89 | target/
90 |
91 | # Jupyter Notebook
92 | .ipynb_checkpoints
93 |
94 | # IPython
95 | profile_default/
96 | ipython_config.py
97 |
98 | # pyenv
99 | # For a library or package, you might want to ignore these files since the code is
100 | # intended to run in multiple environments; otherwise, check them in:
101 | # .python-version
102 |
103 | # pipenv
104 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
105 | # However, in case of collaboration, if having platform-specific dependencies or dependencies
106 | # having no cross-platform support, pipenv may install dependencies that don't work, or not
107 | # install all needed dependencies.
108 | #Pipfile.lock
109 |
110 | # poetry
111 | # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
112 | # This is especially recommended for binary packages to ensure reproducibility, and is more
113 | # commonly ignored for libraries.
114 | # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
115 | #poetry.lock
116 |
117 | # pdm
118 | # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
119 | #pdm.lock
120 | # pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
121 | # in version control.
122 | # https://pdm.fming.dev/#use-with-ide
123 | .pdm.toml
124 |
125 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
126 | __pypackages__/
127 |
128 | # Celery stuff
129 | celerybeat-schedule
130 | celerybeat.pid
131 |
132 | # SageMath parsed files
133 | *.sage.py
134 |
135 | # Environments
136 | .env
137 | .venv
138 | env/
139 | venv/
140 | ENV/
141 | env.bak/
142 | venv.bak/
143 |
144 | # Spyder project settings
145 | .spyderproject
146 | .spyproject
147 |
148 | # Rope project settings
149 | .ropeproject
150 |
151 | # mkdocs documentation
152 | /site
153 |
154 | # mypy
155 | .mypy_cache/
156 | .dmypy.json
157 | dmypy.json
158 |
159 | # Pyre type checker
160 | .pyre/
161 |
162 | # pytype static type analyzer
163 | .pytype/
164 |
165 | # Cython debug symbols
166 | cython_debug/
167 |
168 | # PyCharm
169 | # JetBrains specific template is maintained in a separate JetBrains.gitignore that can
170 | # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
171 | # and can be added to the global gitignore or merged into this file. For a more nuclear
172 | # option (not recommended) you can uncomment the following to ignore the entire idea folder.
173 | #.idea/
174 |
175 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CVE-Daily-Push
2 | 你只要有个qq邮箱、有个Github账号,就可以实现的零(经济)成本CVE每日推送
3 |
4 | - [项目简介](#0x00-项目简介)
5 | - [准备](#0x01-准备)
6 | - [使用](#0x02-使用)
7 | - [TODO](#0x03-TODO)
8 |
9 |
10 |
11 | ## 更新记录
12 |
13 | | Time | Action | Description |
14 | | ---------- | ------ | ------------------------------------------------------------ |
15 | | 2024.03.07 | feat | 修改了接口请求重试的逻辑,之前的重试没有生效;优化了一点ui |
16 | | 2024.02.22 | feat | 增加了异常捕获和空值检查 |
17 | | 2024.02.17 | feat | Merge pr from yaojieno1:smtp现在支持非ssl的server了 |
18 | | 2024.02.17 | fix | 修复了cvssMetricV2下的bug |
19 | | 2024.01.14 | feat | 新增概览,优化了ui |
20 | | 2024.01.11 | fix | 修复没有详情导致的bug |
21 | | 2024.01.11 | feat | 新增对cvss评分规则的判断
增加请求最大重试次数 |
22 | | 2024.01.08 | feat | 新增对没有任何更新的判断 |
23 | | 2024.01.08 | fix | 修复api次数限制导致的bug
修复传参json格式字符串导致的bug
修复mail.yml的空格导致取值的bug |
24 |
25 |
26 |
27 | ## 0x00 项目简介
28 |
29 | 实现:
30 |
31 | - Python
32 | - Github Actions
33 |
34 | 一句话概括
35 |
36 | - 通过Github Actions设置定时任务,每天自动运行一次python脚本爬取CVE新增、更新及其CVSS评分、详情等信息,并通过你自己的QQ邮箱发送邮件到任意你想发送到邮箱
37 |
38 | 为什么这么设计?
39 |
40 | - 没钱订阅服务...没钱买vps...
41 | - 看了下很多项目都是放在自己的vps上(简单的功能白嫖Github的不香吗),通过企微、钉钉、飞书等bot推送,还得搞个对应的账号贼麻烦,不如用现成的(总不至于没qq吧...)
42 | - 没有第一时间获得新增CVE的需求(如果在某个CVE一出现就推送,刚好撞上在开会、手头在忙、或者大半夜...很容易忽略,后面也会忘记翻出来看)
43 | - 工作后基本都会看邮箱,所以本项目定位就是在每天早上发一封邮件,概括昨日新增和更新的CVE信息(其实大多数扫一眼就够了)
44 |
45 |
46 |
47 | 邮件效果图:
48 |
49 | 
50 |
51 | ## 0x01 准备
52 |
53 | 首先你需要三个东西(均免费获取):
54 |
55 | - QQ邮箱授权码
56 | - NIST API KEY
57 | - Github API Token(非必须,仅测试需要)
58 |
59 | **QQ邮箱授权码:**
60 |
61 | 用于使用QQ邮箱的SMTP、IMAP等邮件服务
62 |
63 | 在qq邮箱=>设置=>账号处获得
64 |
65 | 
66 |
67 | 最后记得勾选上”SMTP发信后保存到服务器“,这样你通过代码发送的邮件才可以在“已发送”中查看,不然查不到你发了什么
68 |
69 | **NIST API KEY:**
70 |
71 | 用于请求NIST的API,方便获取漏洞详情,有API KEY的话,每30秒能发起50个请求,否则只能发起5个请求
72 |
73 | https://nvd.nist.gov/developers/request-an-api-key
74 |
75 | 信息随便填,提交后在邮件中查看就行了
76 |
77 | **Github API Token:**
78 |
79 | 用于手动触发workflows,不然可能不知道他管不管用,仅测试时需要
80 |
81 | 步骤:
82 |
83 | 1. 点头像 => Settings => Developer settings => Personal access tokens => Fine-grained tokens 或直接打开https://github.com/settings/tokens?type=beta ,Generate new token
84 |
85 | 2. Token name随便填,Expiration是到期时间,Repository access选Only select repositories,然后选择你workflow的那个仓库
86 |
87 | 3. 根据[官方文档](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-a-repository-dispatch-event),Permissions只需要以下两个
88 |
89 | > 官方文档描述:
90 | >
91 | > - GitHub Apps with both `metadata:read` and `contents:read&write` permissions.
92 |
93 | 
94 |
95 | 然后Generate token就可以了
96 |
97 |
98 |
99 | ## 0x02 使用
100 |
101 | 1. fork本项目
102 |
103 | 2. 在仓库 => Settings => Security => Secret and variables => Actions,或者fork后打开`https://github.com/{your_name}/CVE-Daily-Push/settings/secrets/actions`,设置`Repository secrets`=>`New repository secret`
104 |
105 | 3. 新建`MAIL_CONFIG`如下:
106 |
107 | ```json
108 | {
109 | "smtp": {
110 | "domain": "smtp.qq.com",
111 | "port": 465,
112 | "ssl": 1
113 | },
114 | "sender": {
115 | "mail": "xxx@qq.com",
116 | "authCode": "xxxxx"
117 | },
118 | "receivers": [
119 | "Alice@163.com",
120 | "Bob@qq.com"
121 | ]
122 | }
123 | ```
124 |
125 | sender表示发件的邮箱,authCode为qq邮箱获得的授权码,receivers为收件人列表,在smtp中的ssl字段表示smtp server是否使用了ssl,1为是0为否
126 |
127 | 注意需要把json格式压缩为一行,不然会导致命令行识别出错
128 |
129 | 4. 新建`NIST_API_KEY`为你前面获取的nist api key
130 |
131 | 
132 |
133 | 其他的什么都不用做,他会在每天早上8点多给你发一封邮件
134 |
135 | 若需要测试功能是否能在actions正常跑通,可以运行以下代码:
136 |
137 | ```python
138 | import requests
139 | import json
140 |
141 | header = {
142 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
143 | "Accept": "application/vnd.github+json",
144 | "Authorization": "Bearer github_pat_xxxx",
145 | "X-GitHub-Api-Version": "2022-11-28"
146 | }
147 | body = {
148 | "event_type": "Test_Dispatch"
149 | }
150 |
151 | url_ = "https://api.github.com/repos/vvmdx/CVE-Daily-Push/dispatches"
152 | json_body = json.dumps(body)
153 |
154 | resp = requests.post(url_, headers=header, data=json_body, verify=False)
155 |
156 | print(resp.status_code)
157 |
158 | ```
159 |
160 | `event_type`是workflow文件中`repository_dispatch`指定的值,可以自己改
161 |
162 | 请求头的`Authorization`是前面提到的Github Api Token,然后url改成自己的,就可以测试了
163 |
164 | 返回204即代表触发成功(但不一定运行成功)
165 |
166 |
167 |
168 | ## 0x03 TODO
169 |
170 | - 加入翻译模块
171 | - 加入筛选功能(CVSS评分)
172 | - 简易NER抽取受影响组件/框架/系统等
173 | - 多爬几个cert或者漏洞详情网站
174 | - ...
175 |
--------------------------------------------------------------------------------
/html/example.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | CVE Daily Push
6 |
7 |
8 |
9 | CVE每日推送 (2023-12-18)
10 | 概览
11 | 昨日共新增CVE 20个,其中
12 | CRITICAL共5个,
13 | HIGH共5个,
14 | MEDIUM共5个,
15 | LOW共3个,还有2个暂无评分
16 |
25 | 昨日新增概览
26 |
120 | 昨日更新概览
121 |
122 |
123 |
124 | | CVE ID |
125 | CVSS |
126 | Severity |
127 | Changes in |
128 |
129 |
130 |
131 | | CVE-2023-23583 |
132 | 7.8 |
133 | HIGH |
134 | references |
135 |
136 |
137 |
138 | | CVE-2023-45853 |
139 | 9.8 |
140 | CRITICAL |
141 | description; references |
142 |
143 |
144 |
145 | | CVE-2023-46246 |
146 | 5.5 |
147 | MEDIUM |
148 | references |
149 |
150 |
151 |
152 | | CVE-2023-48706 |
153 | 4.7 |
154 | MEDIUM |
155 | references |
156 |
157 |
158 |
159 |
160 | 昨日新增CVE详情
161 |
162 | CVE-2023-50784
163 | CVSS V3:7.5
164 | 漏洞等级:HIGH
165 | 漏洞描述:A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
166 | 参考资料:
167 |
168 | - https://forums.unrealircd.org/viewtopic.php?t=9340
169 |
170 | - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/
171 |
172 | - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/
173 |
174 | - https://www.unrealircd.org/index/news
175 |
176 |
177 | CVE-2023-50965
178 | CVSS V3:9.8
179 | 漏洞等级:CRITICAL
180 | 漏洞描述:In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.
181 | 参考资料:
182 |
183 | - https://github.com/starnight/MicroHttpServer/issues/5
184 |
185 | - https://github.com/starnight/MicroHttpServer/tree/43985708ef5fe7677392c54e229bd22e136c2665
186 |
187 |
188 | CVE-2023-6559
189 | CVSS V3:9.8
190 | 漏洞等级:CRITICAL
191 | 漏洞描述:The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
192 | 参考资料:
193 |
194 | - https://plugins.trac.wordpress.org/changeset/3007879/mw-wp-form
195 |
196 | - https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve
197 |
198 |
199 | CVE-2023-6851
200 | CVSS V3:9.8
201 | 漏洞等级:CRITICAL
202 | 漏洞描述:A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.
203 | 参考资料:
204 |
205 | - https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6
206 |
207 | - https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01
208 |
209 | - https://note.zhaoj.in/share/D44UjzoFXYfi
210 |
211 | - https://vuldb.com/?ctiid.248219
212 |
213 | - https://vuldb.com/?id.248219
214 |
215 |
216 | CVE-2023-6852
217 | CVSS V3:9.8
218 | 漏洞等级:CRITICAL
219 | 漏洞描述:A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.
220 | 参考资料:
221 |
222 | - https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6
223 |
224 | - https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01
225 |
226 | - https://note.zhaoj.in/share/P6lQNyqQn3zY
227 |
228 | - https://vuldb.com/?ctiid.248220
229 |
230 | - https://vuldb.com/?id.248220
231 |
232 |
233 | CVE-2023-6853
234 | CVSS V3:9.8
235 | 漏洞等级:CRITICAL
236 | 漏洞描述:A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.
237 | 参考资料:
238 |
239 | - https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6
240 |
241 | - https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01
242 |
243 | - https://note.zhaoj.in/share/oaYHbDTnPiU3
244 |
245 | - https://vuldb.com/?ctiid.248221
246 |
247 | - https://vuldb.com/?id.248221
248 |
249 |
250 | CVE-2023-6885
251 | CVSS V3:9.8
252 | 漏洞等级:CRITICAL
253 | 漏洞描述:A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
254 | 参考资料:
255 |
256 | - https://github.com/Martinzb/cve/blob/main/sql.md
257 |
258 | - https://vuldb.com/?ctiid.248245
259 |
260 | - https://vuldb.com/?id.248245
261 |
262 |
263 | CVE-2023-6886
264 | CVSS V3:9.8
265 | 漏洞等级:CRITICAL
266 | 漏洞描述:A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.
267 | 参考资料:
268 |
269 | - https://github.com/xnx3/wangmarket/issues/8
270 |
271 | - https://vuldb.com/?ctiid.248246
272 |
273 | - https://vuldb.com/?id.248246
274 |
275 |
276 | CVE-2023-6887
277 | CVSS V3:9.8
278 | 漏洞等级:CRITICAL
279 | 漏洞描述:A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.
280 | 参考资料:
281 |
282 | - https://github.com/daydust/vuln/blob/main/ForestBlog/Arbitrary_File_Upload_Vulnerability.md
283 |
284 | - https://vuldb.com/?ctiid.248247
285 |
286 | - https://vuldb.com/?id.248247
287 |
288 |
289 | CVE-2023-6888
290 | CVSS V3:9.8
291 | 漏洞等级:CRITICAL
292 | 漏洞描述:A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
293 | 参考资料:
294 |
295 | - http://www.huiyao.love/2023/12/08/rtspserver-stackoverflow-vulnerability/
296 |
297 | - https://github.com/hu1y40/PoC/blob/main/rtspserver_stackoverflow_poc.py
298 |
299 | - https://vuldb.com/?ctiid.248248
300 |
301 | - https://vuldb.com/?id.248248
302 |
303 |
304 | CVE-2023-6891
305 | CVSS V3:7.8
306 | 漏洞等级:HIGH
307 | 漏洞描述:A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.
308 | 参考资料:
309 |
310 | - https://peazip.github.io/changelog.html
311 |
312 | - https://vuldb.com/?ctiid.248251
313 |
314 | - https://vuldb.com/?id.248251
315 |
316 |
317 | CVE-2023-6893
318 | CVSS V3:7.5
319 | 漏洞等级:HIGH
320 | 漏洞描述:A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
321 | 参考资料:
322 |
323 | - https://github.com/willchen0011/cve/blob/main/download.md
324 |
325 | - https://vuldb.com/?ctiid.248252
326 |
327 | - https://vuldb.com/?id.248252
328 |
329 |
330 | CVE-2023-6894
331 | CVSS V3:6.5
332 | 漏洞等级:MEDIUM
333 | 漏洞描述:A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.
334 | 参考资料:
335 |
336 | - https://github.com/willchen0011/cve/blob/main/unaccess.md
337 |
338 | - https://vuldb.com/?ctiid.248253
339 |
340 | - https://vuldb.com/?id.248253
341 |
342 |
343 | CVE-2023-6895
344 | CVSS V3:6.3
345 | 漏洞等级:MEDIUM
346 | 漏洞描述:A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
347 | 参考资料:
348 |
349 | - https://github.com/willchen0011/cve/blob/main/rce.md
350 |
351 | - https://vuldb.com/?ctiid.248254
352 |
353 | - https://vuldb.com/?id.248254
354 |
355 |
356 |
357 | 昨日更新CVE详情
358 |
359 | CVE-2023-23583
360 | CVSS V3:7.8
361 | 漏洞等级:HIGH
362 | 更新的地方:references
363 | 漏洞描述:Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
364 | 参考资料:
365 |
366 | - http://www.openwall.com/lists/oss-security/2023/11/14/4
367 |
368 | - http://www.openwall.com/lists/oss-security/2023/11/14/5
369 |
370 | - http://www.openwall.com/lists/oss-security/2023/11/14/6
371 |
372 | - http://www.openwall.com/lists/oss-security/2023/11/14/7
373 |
374 | - http://www.openwall.com/lists/oss-security/2023/11/14/8
375 |
376 | - http://www.openwall.com/lists/oss-security/2023/11/14/9
377 |
378 | - https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html
379 |
380 | - https://security.netapp.com/advisory/ntap-20231116-0015/
381 |
382 | - https://www.debian.org/security/2023/dsa-5563
383 |
384 | - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
385 |
386 |
387 | CVE-2023-45853
388 | CVSS V3:9.8
389 | 漏洞等级:CRITICAL
390 | 更新的地方:description; references
391 | 漏洞描述:MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
392 | 参考资料:
393 |
394 | - http://www.openwall.com/lists/oss-security/2023/10/20/9
395 |
396 | - https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
397 |
398 | - https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
399 |
400 | - https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
401 |
402 | - https://github.com/madler/zlib/pull/843
403 |
404 | - https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html
405 |
406 | - https://pypi.org/project/pyminizip/#history
407 |
408 | - https://security.netapp.com/advisory/ntap-20231130-0009/
409 |
410 | - https://www.winimage.com/zLibDll/minizip.html
411 |
412 |
413 | CVE-2023-46246
414 | CVSS V3:5.5
415 | 漏洞等级:MEDIUM
416 | 更新的地方:references
417 | 漏洞描述:Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
418 |
419 | 参考资料:
420 |
421 | - https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
422 |
423 | - https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
424 |
425 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
426 |
427 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
428 |
429 | - https://security.netapp.com/advisory/ntap-20231208-0006/
430 |
431 |
432 | CVE-2023-48706
433 | CVSS V3:4.7
434 | 漏洞等级:MEDIUM
435 | 更新的地方:references
436 | 漏洞描述:Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
437 | 参考资料:
438 |
439 | - http://www.openwall.com/lists/oss-security/2023/11/22/3
440 |
441 | - https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf
442 |
443 | - https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb
444 |
445 | - https://github.com/vim/vim/pull/13552
446 |
447 | - https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
448 |
449 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/
450 |
451 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/
452 |
453 |
454 |
455 |
456 |
457 |
--------------------------------------------------------------------------------
/html/nothing.html:
--------------------------------------------------------------------------------
1 | CVE每日推送 ({date})
2 |
3 | 昨日没有任何新增和更新~
--------------------------------------------------------------------------------
/html/template.html:
--------------------------------------------------------------------------------
1 | CVE每日推送 ({date})
2 | 概览
3 | {new_cve_overview}
4 | {modified_cve_overview}
5 |
14 | 昨日新增概览
15 |
16 |
17 |
18 | | CVE ID |
19 | CVSS |
20 | Severity |
21 |
22 |
23 | {new_entries}
24 |
25 |
26 |
27 | 昨日更新概览
28 |
29 |
30 |
31 | | CVE ID |
32 | CVSS |
33 | Severity |
34 | Changes in |
35 |
36 |
37 | {modified_entries}
38 |
39 |
40 |
41 | 昨日新增CVE详情
42 | {new_cve_details}
43 |
44 | 昨日更新CVE详情
45 | {modified_cve_details}
46 |
47 |
--------------------------------------------------------------------------------
/images/CVE-Daily-Push_v0.1.0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vvmdx/CVE-Daily-Push/f33972d0f99921f233ea089896a416fce7fd25af/images/CVE-Daily-Push_v0.1.0.png
--------------------------------------------------------------------------------
/images/CVE-Daily-Push_v0.2.0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vvmdx/CVE-Daily-Push/f33972d0f99921f233ea089896a416fce7fd25af/images/CVE-Daily-Push_v0.2.0.png
--------------------------------------------------------------------------------
/images/github_token.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vvmdx/CVE-Daily-Push/f33972d0f99921f233ea089896a416fce7fd25af/images/github_token.png
--------------------------------------------------------------------------------
/images/mail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vvmdx/CVE-Daily-Push/f33972d0f99921f233ea089896a416fce7fd25af/images/mail.png
--------------------------------------------------------------------------------
/images/use-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vvmdx/CVE-Daily-Push/f33972d0f99921f233ea089896a416fce7fd25af/images/use-1.png
--------------------------------------------------------------------------------
/scripts/get_cves.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | # @Time : 2024/1/3 10:56
3 | # @Author : vvmdx
4 | # @File : get_cves.py
5 | # @Project : CVE-Daily-Push
6 | import json
7 | import re
8 | import time
9 | import urllib3
10 | import json
11 | import requests
12 | from requests.adapters import HTTPAdapter
13 | from urllib3.util.retry import Retry
14 | # from config import NIST_API_KEY
15 |
16 | NIST_API_KEY = ""
17 |
18 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
19 |
20 | header = {
21 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
22 | "Connection": "close"
23 | }
24 |
25 | """
26 | 重试间隔={backoff factor} * (2 ** ({number of total retries} - 1))
27 | 由于其是指数增长,因此重试次数太大,或者重试间隔基数太大的话,会导致代码跑不动
28 | 算了一下,total=5 backoff_factor=1的条件下,重试五次需要约1分钟,可以接受
29 | 而且实测重试5次也能做到所有请求最终都能200(重试3次偶尔还有503的)
30 | """
31 |
32 | retry = Retry(
33 | total=5,
34 | backoff_factor=1,
35 | method_whitelist=["GET"],
36 | status_forcelist=[503]
37 | )
38 |
39 |
40 | def get_cve(nist_api_key):
41 | global NIST_API_KEY
42 | NIST_API_KEY = nist_api_key
43 | cve_dict = get_cve_changes()
44 | if not cve_dict:
45 | return None
46 | """
47 | e.g.
48 | cve_dict = {
49 | 'new_entries': [
50 | {'id': 'CVE-2022-34270', 'mitre': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-34270'},
51 | {'id': 'CVE-2023-27150', 'mitre': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27150'}
52 | ],
53 | 'modified_entries': [
54 | {'id': 'CVE-2021-41617', 'mitre': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41617'},
55 | {'id': 'CVE-2023-27043', 'mitre': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-27043'}
56 | ]}
57 | """
58 | # 计数,每40个休眠30秒,不然api获取不到内容
59 | count = 40
60 | for entries in cve_dict.values():
61 | for i in range(len(entries)):
62 | count -= 1
63 | tmp_dict = get_nvd_vul_details(entries[i]["id"])
64 | if tmp_dict:
65 | entries[i].update(tmp_dict)
66 | if count < 0:
67 | count = 40
68 | time.sleep(60) # 很莫名奇妙的,用github actions跑的话不多延时一点,就会让api访问次数过多,然而本地没有这个问题,应该也是GitHub actions时间不准的锅
69 | cve_dict_json = json.dumps(cve_dict)
70 | print(cve_dict_json)
71 | return cve_dict
72 |
73 | def get_cve_changes():
74 | """
75 | 从url获得每天更新的cve列表(包含cve官网链接和cve编号)
76 | 潜在的异常:当天没有新增和更新(真实存在)
77 | :return: 返回字典,两个key分别表示新发布的cve和已发布但是更新了的cve编号和对应的cve官网链接
78 | """
79 | url_ = "https://cassandra.cerias.purdue.edu/CVE_changes/today.html"
80 | # url_ = "https://cassandra.cerias.purdue.edu/CVE_changes/CVE.2024.01.03.html"
81 | adapter = HTTPAdapter(max_retries=retry)
82 | session = requests.Session()
83 | session.mount("https://", adapter)
84 | resp = session.get(url_, headers=header, verify=False)
85 | if resp.status_code == 200:
86 | resp_text = resp.text
87 | # 分割不同部分的cve列表
88 | # 当前已经不存在CAN前缀的漏洞编号了,所以不爬中间那个
89 | separator = "(.*?)Modified entries:(.*?)$"
90 | matches = re.search(separator, resp_text, re.DOTALL)
91 | new_entries = matches.group(1).strip()
92 | modified_entries = matches.group(2).strip()
93 |
94 | # 存在某天既没有新增也没有更新的可能性
95 | if not new_entries and not modified_entries:
96 | return None
97 |
98 | # 匹配cve编号和对应的url,将其分别对应到具体的分类
99 | entries_list = [new_entries, modified_entries]
100 | re_cve_list = re.compile("(?<=name=)[^'>]+") # CVE id
101 | re_cve_url_list = re.compile("(?<=
11 | {cve_id} |
12 | {cvss_score} |
13 | {cvss_severity} |
14 |
15 | """
16 |
17 | modified_entries_html_template = """
18 |
19 | | {cve_id} |
20 | {cvss_score} |
21 | {cvss_severity} |
22 | {changes} |
23 |
24 | """
25 |
26 | references_template = """
27 | {reference}
28 | """
29 |
30 | new_cve_details_template = """
31 | {cve_id}
32 | CVSS V3:{cvss_score}
33 | 漏洞等级:{cvss_severity}
34 | 漏洞描述:{descriptions}
35 | 参考资料:
36 | {references}
37 | """
38 |
39 | modified_cve_details_template = """
40 | {cve_id}
41 | CVSS V3:{cvss_score}
42 | 漏洞等级:{cvss_severity}
43 | 更新的地方:{changes}
44 | 漏洞描述:{descriptions}
45 | 参考资料:
46 | {references}
47 | """
48 |
49 | new_cve_overview_template = """
50 | 昨日共新增CVE {new_cve_total}个,其中
51 | CRITICAL共{c}个,
52 | HIGH共{h}个,
53 | MEDIUM共{m}个,
54 | LOW共{l}个,还有{n}个暂无评分
55 | """
56 |
57 | modified_cve_overview_template = """
58 | 昨日共更新CVE {modified_cve_total}个,其中
59 | CRITICAL共{c}个,
60 | HIGH共{h}个,
61 | MEDIUM共{m}个,
62 | LOW共{l}个,还有{n}个暂无评分
63 | """
64 |
65 |
66 | def write_html(cve_dict):
67 | # work_dir = os.getenv("GITHUB_WORKSPACE")
68 | # print("work_dir: " + str(work_dir))
69 | html_dir = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
70 | file_path = os.path.join(html_dir, "html", "template.html")
71 | # with open("../html/template.html", "r", encoding="utf-8") as file:
72 | with open(file_path, "r", encoding="utf-8") as file:
73 | template = file.read()
74 | yesterday = datetime.date.today()
75 | new_entries, new_cve_details, new_cve_overview, modified_entries, modified_cve_details, modified_cve_overview = set_html(cve_dict)
76 |
77 | result = template.format(date=yesterday, new_cve_overview=new_cve_overview, modified_cve_overview=modified_cve_overview, new_entries=new_entries, modified_entries=modified_entries, new_cve_details=new_cve_details, modified_cve_details=modified_cve_details)
78 |
79 | print(result)
80 | return result
81 |
82 |
83 | def nothing_html():
84 | yesterday = datetime.date.today()
85 | html_dir = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
86 | file_path = os.path.join(html_dir, "html", "nothing.html")
87 | with open(file_path, "r", encoding="utf-8") as file:
88 | template = file.read()
89 | result = template.format(date=yesterday)
90 | return result
91 |
92 |
93 |
94 | def set_html(cve_dict):
95 | new_entries_dict = cve_dict["new_entries"]
96 | new_entries = ""
97 | new_cve_details = ""
98 | new_cve_total = len(new_entries_dict)
99 | low = medium = high = critical = non = 0
100 | # new_cve_serverity_dict = {"LOW": low, "MEDIUM": medium, "HIGH": high, "CRITICAL": critical, "None": non}
101 | for cve_detail in new_entries_dict:
102 | link = cve_detail["mitre"]
103 | id = cve_detail["id"]
104 | try:
105 | # 用于捕获异常,方便定位哪里出了问题
106 | score = cve_detail["baseScore"]
107 | severity = cve_detail["severity"]
108 | descriptions = cve_detail["descriptions"]
109 | references = cve_detail["references"]
110 | except KeyError as e:
111 | print(e)
112 | print("Exception at {}".format(id))
113 | finally:
114 | score = cve_detail["baseScore"] if "baseScore" in cve_detail else None
115 | severity = cve_detail["severity"] if "severity" in cve_detail else None
116 | descriptions = cve_detail["descriptions"] if "descriptions" in cve_detail else None
117 | references = cve_detail["references"] if "references" in cve_detail else []
118 | if severity:
119 | if severity == "MEDIUM":
120 | medium += 1
121 | severity = 'MEDIUM'
122 | elif severity == "HIGH":
123 | high += 1
124 | severity = 'HIGH'
125 | elif severity == "LOW":
126 | low += 1
127 | severity = 'LOW'
128 | else:
129 | critical += 1
130 | severity = 'CRITICAL'
131 | else:
132 | non += 1
133 | ref_list = ""
134 | for reference in references:
135 | ref_list += references_template.format(reference_hyperlink=reference, reference=reference)
136 | tmp_1 = new_entries_html_template.format(cve_hyperlink=link, cve_id=id,
137 | cvss_score=score, cvss_severity=severity)
138 | new_entries += tmp_1
139 |
140 | tmp_2 = new_cve_details_template.format(cve_id=id, cvss_score=score, cvss_severity=severity,
141 | descriptions=descriptions, references=ref_list)
142 | new_cve_details += tmp_2
143 |
144 | new_cve_overview = new_cve_overview_template.format(new_cve_total=new_cve_total, c=critical, h=high, m=medium, l=low, n=non)
145 |
146 | # 复用代码很多。。。懒得优化了
147 | modified_entries_dict = cve_dict["modified_entries"]
148 | modified_entries = ""
149 | modified_cve_details = ""
150 | modified_cve_total = len(modified_entries_dict)
151 | low = medium = high = critical = non = 0
152 | # modified_cve_serverity_dict = {"LOW": low_, "MEDIUM": medium_, "HIGH": high_, "CRITICAL": critical_, "None": non_}
153 | for cve_detail in modified_entries_dict:
154 | link = cve_detail["mitre"]
155 | id = cve_detail["id"]
156 | try:
157 | score = cve_detail["baseScore"]
158 | change = cve_detail["changes"]
159 | severity = cve_detail["severity"]
160 | descriptions = cve_detail["descriptions"]
161 | references = cve_detail["references"]
162 | except KeyError as e:
163 | print(e)
164 | print("Exception at {}".format(id))
165 | finally:
166 | score = cve_detail["baseScore"] if "baseScore" in cve_detail else None
167 | change = cve_detail["changes"] if "changes" in cve_detail else None
168 | severity = cve_detail["severity"] if "severity" in cve_detail else None
169 | descriptions = cve_detail["descriptions"] if "descriptions" in cve_detail else None
170 | references = cve_detail["references"] if "references" in cve_detail else []
171 | if severity:
172 | if severity == "MEDIUM":
173 | medium += 1
174 | severity = 'MEDIUM'
175 | elif severity == "HIGH":
176 | high += 1
177 | severity = 'HIGH'
178 | elif severity == "LOW":
179 | low += 1
180 | severity = 'LOW'
181 | else:
182 | critical += 1
183 | severity = 'CRITICAL'
184 | else:
185 | non += 1
186 | ref_list = ""
187 | for reference in references:
188 | ref_list += references_template.format(reference_hyperlink=reference, reference=reference)
189 | tmp_1 = modified_entries_html_template.format(cve_hyperlink=link, cve_id=id,
190 | cvss_score=score, cvss_severity=severity, changes=change)
191 | modified_entries += tmp_1
192 |
193 | tmp_2 = modified_cve_details_template.format(cve_id=id, cvss_score=score, cvss_severity=severity,
194 | changes=change, descriptions=descriptions, references=ref_list)
195 | modified_cve_details += tmp_2
196 |
197 | modified_cve_overview = modified_cve_overview_template.format(modified_cve_total=modified_cve_total, c=critical, h=high, m=medium, l=low, n=non)
198 |
199 | return new_entries, new_cve_details, new_cve_overview, modified_entries, modified_cve_details, modified_cve_overview
200 |
201 |
202 |
--------------------------------------------------------------------------------