diff --git a/2004/CVE-2004-2687.md b/2004/CVE-2004-2687.md index 5db921360..ec5e66ca1 100644 --- a/2004/CVE-2004-2687.md +++ b/2004/CVE-2004-2687.md @@ -13,6 +13,7 @@ distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict acc No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/4n0nym0u5dk/distccd_rce_CVE-2004-2687 - https://github.com/ARPSyndicate/cvemon - https://github.com/CVEDB/PoC-List diff --git a/2005/CVE-2005-0525.md b/2005/CVE-2005-0525.md new file mode 100644 index 000000000..9e710af81 --- /dev/null +++ b/2005/CVE-2005-0525.md @@ -0,0 +1,17 @@ +### [CVE-2005-0525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0525) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. + +### POC + +#### Reference +- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0104.md b/2007/CVE-2007-0104.md index 67a339451..d276cd1be 100644 --- a/2007/CVE-2007-0104.md +++ b/2007/CVE-2007-0104.md @@ -10,7 +10,7 @@ The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) k ### POC #### Reference -No PoCs from references. +- http://www.ubuntu.com/usn/usn-410-1 #### Github - https://github.com/0xCyberY/CVE-T4PDF diff --git a/2016/CVE-2016-7044.md b/2016/CVE-2016-7044.md index a6af3ba9a..d9305fa64 100644 --- a/2016/CVE-2016-7044.md +++ b/2016/CVE-2016-7044.md @@ -10,6 +10,7 @@ The unformat_24bit_color function in the format parsing code in Irssi before 0.8 ### POC #### Reference +- http://www.ubuntu.com/usn/USN-3086-1 - https://irssi.org/security/irssi_sa_2016.txt #### Github diff --git a/2016/CVE-2016-7045.md b/2016/CVE-2016-7045.md index b88ff3407..802a302f6 100644 --- a/2016/CVE-2016-7045.md +++ b/2016/CVE-2016-7045.md @@ -10,6 +10,7 @@ The format_send_to_gui function in the format parsing code in Irssi before 0.8.2 ### POC #### Reference +- http://www.ubuntu.com/usn/USN-3086-1 - https://irssi.org/security/irssi_sa_2016.txt #### Github diff --git a/2017/CVE-2017-7264.md b/2017/CVE-2017-7264.md index 827a4c24b..3130b4218 100644 --- a/2017/CVE-2017-7264.md +++ b/2017/CVE-2017-7264.md @@ -11,6 +11,7 @@ Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap. #### Reference - https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ +- https://bugs.ghostscript.com/show_bug.cgi?id=697515 #### Github - https://github.com/mrash/afl-cve diff --git a/2020/CVE-2020-10666.md b/2020/CVE-2020-10666.md index fb6d226a5..72e1d0ad2 100644 --- a/2020/CVE-2020-10666.md +++ b/2020/CVE-2020-10666.md @@ -10,6 +10,7 @@ The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, ### POC #### Reference +- https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities #### Github diff --git a/2020/CVE-2020-35842.md b/2020/CVE-2020-35842.md new file mode 100644 index 000000000..0ce85ad58 --- /dev/null +++ b/2020/CVE-2020-35842.md @@ -0,0 +1,17 @@ +### [CVE-2020-35842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35842) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. + +### POC + +#### Reference +- https://kb.netgear.com/000062713/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0015 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-9496.md b/2020/CVE-2020-9496.md index 54d924daa..15aa56393 100644 --- a/2020/CVE-2020-9496.md +++ b/2020/CVE-2020-9496.md @@ -56,6 +56,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list - https://github.com/s4dbrd/CVE-2020-9496 +- https://github.com/securelayer7/CVE-Analysis - https://github.com/sobinge/nuclei-templates - https://github.com/soosmile/POC - https://github.com/tanjiti/sec_profile diff --git a/2021/CVE-2021-3493.md b/2021/CVE-2021-3493.md index 2eec88d39..2ce131474 100644 --- a/2021/CVE-2021-3493.md +++ b/2021/CVE-2021-3493.md @@ -45,6 +45,7 @@ The overlayfs implementation in the linux kernel did not properly validate with - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Metarget/metarget - https://github.com/Miraitowa70/POC-Notes +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/N1NJ10/eJPT_Prep - https://github.com/NaInSec/CVE-PoC-in-GitHub diff --git a/2022/CVE-2022-3399.md b/2022/CVE-2022-3399.md new file mode 100644 index 000000000..19155e3dd --- /dev/null +++ b/2022/CVE-2022-3399.md @@ -0,0 +1,17 @@ +### [CVE-2022-3399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3399) +![](https://img.shields.io/static/v1?label=Product&message=Cookie%20Notice%20%26%20Compliance%20for%20GDPR%20%2F%20CCPA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.17.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2022/CVE-2022-3669.md b/2022/CVE-2022-3669.md index 8ac757e77..262a667f0 100644 --- a/2022/CVE-2022-3669.md +++ b/2022/CVE-2022-3669.md @@ -12,6 +12,7 @@ A vulnerability was found in Axiomatic Bento4 and classified as problematic. Thi #### Reference - https://github.com/axiomatic-systems/Bento4/files/9675042/Bug_2_POC.zip - https://github.com/axiomatic-systems/Bento4/issues/776 +- https://vuldb.com/?id.212009 #### Github No PoCs found on GitHub currently. diff --git a/2022/CVE-2022-3770.md b/2022/CVE-2022-3770.md new file mode 100644 index 000000000..99deb1e6e --- /dev/null +++ b/2022/CVE-2022-3770.md @@ -0,0 +1,17 @@ +### [CVE-2022-3770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3770) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266%20Incorrect%20Privilege%20Assignment%20-%3E%20CWE-284%20Improper%20Access%20Controls%20-%3E%20CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. + +### POC + +#### Reference +- https://vuldb.com/?id.212500 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-3815.md b/2022/CVE-2022-3815.md index 2f2345438..e7ad3dd62 100644 --- a/2022/CVE-2022-3815.md +++ b/2022/CVE-2022-3815.md @@ -12,6 +12,7 @@ A vulnerability, which was classified as problematic, has been found in Axiomati #### Reference - https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip - https://github.com/axiomatic-systems/Bento4/issues/792 +- https://vuldb.com/?id.212681 #### Github No PoCs found on GitHub currently. diff --git a/2022/CVE-2022-3869.md b/2022/CVE-2022-3869.md index b08ba74ad..8d91b2f57 100644 --- a/2022/CVE-2022-3869.md +++ b/2022/CVE-2022-3869.md @@ -13,5 +13,5 @@ Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. - https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-21768.md b/2023/CVE-2023-21768.md index a65eda6aa..817313dce 100644 --- a/2023/CVE-2023-21768.md +++ b/2023/CVE-2023-21768.md @@ -40,6 +40,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili - https://github.com/Malwareman007/CVE-2023-21768 - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Rosayxy/Recreate-cve-2023-21768 +- https://github.com/SafeBreach-Labs/WindowsDowndate - https://github.com/SamuelTulach/nullmap - https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking diff --git a/2023/CVE-2023-22518.md b/2023/CVE-2023-22518.md index 9fb2bebc6..4d7d3ee76 100644 --- a/2023/CVE-2023-22518.md +++ b/2023/CVE-2023-22518.md @@ -33,6 +33,7 @@ All versions of Confluence Data Center and Server are affected by this unexploit - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sanjai-AK47/CVE-2023-22518 +- https://github.com/securelayer7/CVE-Analysis - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/tanjiti/sec_profile - https://github.com/thecybertix/One-Liner-Collections diff --git a/2023/CVE-2023-26360.md b/2023/CVE-2023-26360.md index d4b828ff6..2916cfd5b 100644 --- a/2023/CVE-2023-26360.md +++ b/2023/CVE-2023-26360.md @@ -22,5 +22,6 @@ Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and ea - https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit - https://github.com/karimhabush/cyberowl - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/CVE-Analysis - https://github.com/yosef0x01/CVE-2023-26360 diff --git a/2023/CVE-2023-38831.md b/2023/CVE-2023-38831.md index 07c8df1f8..1ffe64271 100644 --- a/2023/CVE-2023-38831.md +++ b/2023/CVE-2023-38831.md @@ -89,6 +89,7 @@ RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user - https://github.com/ruycr4ft/CVE-2023-38831 - https://github.com/s4m98/winrar-cve-2023-38831-poc-gen - https://github.com/sadnansakin/Winrar_0-day_RCE_Exploitation +- https://github.com/securelayer7/CVE-Analysis - https://github.com/sh770/CVE-2023-38831 - https://github.com/solomon12354/VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC - https://github.com/takinrom/nto2024-user4-report diff --git a/2023/CVE-2023-39125.md b/2023/CVE-2023-39125.md index f2f991a6f..693af51d6 100644 --- a/2023/CVE-2023-39125.md +++ b/2023/CVE-2023-39125.md @@ -13,5 +13,5 @@ NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp - https://github.com/LMP88959/NTSC-CRT/issues/32 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-39143.md b/2023/CVE-2023-39143.md index 9e197e65d..98a254f00 100644 --- a/2023/CVE-2023-39143.md +++ b/2023/CVE-2023-39143.md @@ -17,4 +17,5 @@ PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabl - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nvn1729/advisories +- https://github.com/securelayer7/CVE-Analysis diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md index 3fb0f604c..cae1216fa 100644 --- a/2023/CVE-2023-39848.md +++ b/2023/CVE-2023-39848.md @@ -20,6 +20,7 @@ No PoCs from references. - https://github.com/BrunoiMesquita/DAMN-VULNERABLE-PHP-WEB-APPLICATION - https://github.com/Bulnick/SCode - https://github.com/CapiDeveloper/DVWA +- https://github.com/CyReXxD/dvwatest - https://github.com/Cybersecurity-Materials/dvwa - https://github.com/Cybersecurity-test-team/digininja - https://github.com/DHFrisk/Tarea6-DVWA diff --git a/2023/CVE-2023-41884.md b/2023/CVE-2023-41884.md new file mode 100644 index 000000000..ccb574be1 --- /dev/null +++ b/2023/CVE-2023-41884.md @@ -0,0 +1,17 @@ +### [CVE-2023-41884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884) +![](https://img.shields.io/static/v1?label=Product&message=zoneminder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.36.34%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. + +### POC + +#### Reference +- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-42929.md b/2023/CVE-2023-42929.md new file mode 100644 index 000000000..0660884b6 --- /dev/null +++ b/2023/CVE-2023-42929.md @@ -0,0 +1,17 @@ +### [CVE-2023-42929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42929) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20protected%20user%20data&color=brighgreen) + +### Description + +The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/beerisgood/macOS_Hardening + diff --git a/2023/CVE-2023-49070.md b/2023/CVE-2023-49070.md index c0161f76d..40f430b69 100644 --- a/2023/CVE-2023-49070.md +++ b/2023/CVE-2023-49070.md @@ -36,6 +36,7 @@ Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained - https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass - https://github.com/mintoolkit/mint - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/CVE-Analysis - https://github.com/slimtoolkit/slim - https://github.com/tanjiti/sec_profile - https://github.com/tw0point/BadBizness-CVE-2023-51467 diff --git a/2023/CVE-2023-50094.md b/2023/CVE-2023-50094.md index a3a6b0860..aad6d7de7 100644 --- a/2023/CVE-2023-50094.md +++ b/2023/CVE-2023-50094.md @@ -10,6 +10,7 @@ reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid ses ### POC #### Reference +- https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4 - https://www.mattz.io/posts/cve-2023-50094/ #### Github diff --git a/2023/CVE-2023-50569.md b/2023/CVE-2023-50569.md index cc72c8fdd..ec5b08dfe 100644 --- a/2023/CVE-2023-50569.md +++ b/2023/CVE-2023-50569.md @@ -1,11 +1,11 @@ ### [CVE-2023-50569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50569) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. +** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. ### POC diff --git a/2023/CVE-2023-51467.md b/2023/CVE-2023-51467.md index 4680a3759..8500ab210 100644 --- a/2023/CVE-2023-51467.md +++ b/2023/CVE-2023-51467.md @@ -43,6 +43,7 @@ No PoCs from references. - https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass - https://github.com/murayr/Bizness - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/CVE-Analysis - https://github.com/tanjiti/sec_profile - https://github.com/tw0point/BadBizness-CVE-2023-51467 - https://github.com/txuswashere/OSCP diff --git a/2023/CVE-2023-5277.md b/2023/CVE-2023-5277.md new file mode 100644 index 000000000..522010ea6 --- /dev/null +++ b/2023/CVE-2023-5277.md @@ -0,0 +1,17 @@ +### [CVE-2023-5277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5277) +![](https://img.shields.io/static/v1?label=Product&message=Engineers%20Online%20Portal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.240905 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5863.md b/2023/CVE-2023-5863.md index 67d48f512..d8e5fe3d0 100644 --- a/2023/CVE-2023-5863.md +++ b/2023/CVE-2023-5863.md @@ -13,5 +13,5 @@ Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq pr - https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-7049.md b/2023/CVE-2023-7049.md new file mode 100644 index 000000000..0ae3310c0 --- /dev/null +++ b/2023/CVE-2023-7049.md @@ -0,0 +1,17 @@ +### [CVE-2023-7049](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7049) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Field%20For%20WP%20Job%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-0343.md b/2024/CVE-2024-0343.md index aaf3d603f..fb985ebe3 100644 --- a/2024/CVE-2024-0343.md +++ b/2024/CVE-2024-0343.md @@ -10,7 +10,7 @@ A vulnerability classified as problematic was found in CodeAstro Simple House Re ### POC #### Reference -No PoCs from references. +- https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21302.md b/2024/CVE-2024-21302.md index 46de991f8..6c8679a17 100644 --- a/2024/CVE-2024-21302.md +++ b/2024/CVE-2024-21302.md @@ -30,7 +30,7 @@ ### Description -Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response CenterMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended Actions:Microsoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.For Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related... +Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this... ### POC diff --git a/2024/CVE-2024-2175.md b/2024/CVE-2024-2175.md new file mode 100644 index 000000000..d83192058 --- /dev/null +++ b/2024/CVE-2024-2175.md @@ -0,0 +1,19 @@ +### [CVE-2024-2175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2175) +![](https://img.shields.io/static/v1?label=Product&message=Accessories%20and%20Display%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Display%20Control%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.3.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.29082.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-23705.md b/2024/CVE-2024-23705.md index 3c39546c4..fdd57cf88 100644 --- a/2024/CVE-2024-23705.md +++ b/2024/CVE-2024-23705.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/uthrasri/frameworks_base_CVE-2024-23705 diff --git a/2024/CVE-2024-23897.md b/2024/CVE-2024-23897.md index 02d964d2e..c01b59d47 100644 --- a/2024/CVE-2024-23897.md +++ b/2024/CVE-2024-23897.md @@ -75,6 +75,7 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of - https://github.com/quentin33980/ToolBox-qgt - https://github.com/raheel0x01/CVE-2024-23897 - https://github.com/sampsonv/github-trending +- https://github.com/securelayer7/CVE-Analysis - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/stevenvegar/Jenkins_scripts - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-25065.md b/2024/CVE-2024-25065.md index 2582dec90..e3e370d92 100644 --- a/2024/CVE-2024-25065.md +++ b/2024/CVE-2024-25065.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Threekiii/CVE +- https://github.com/securelayer7/CVE-Analysis - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-27348.md b/2024/CVE-2024-27348.md index d4bcb35cb..edd9b23d6 100644 --- a/2024/CVE-2024-27348.md +++ b/2024/CVE-2024-27348.md @@ -15,10 +15,12 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Zeyad-Azima/CVE-2024-27348 +- https://github.com/apiverve/news-API - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE - https://github.com/kljunowsky/CVE-2024-27348 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/CVE-Analysis - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-31798.md b/2024/CVE-2024-31798.md new file mode 100644 index 000000000..d8bcb4969 --- /dev/null +++ b/2024/CVE-2024-31798.md @@ -0,0 +1,17 @@ +### [CVE-2024-31798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31798) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices + +### POC + +#### Reference +- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31799.md b/2024/CVE-2024-31799.md new file mode 100644 index 000000000..820e3604c --- /dev/null +++ b/2024/CVE-2024-31799.md @@ -0,0 +1,17 @@ +### [CVE-2024-31799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31799) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. + +### POC + +#### Reference +- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31800.md b/2024/CVE-2024-31800.md new file mode 100644 index 000000000..9051439d9 --- /dev/null +++ b/2024/CVE-2024-31800.md @@ -0,0 +1,17 @@ +### [CVE-2024-31800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31800) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. + +### POC + +#### Reference +- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31982.md b/2024/CVE-2024-31982.md index e671fccc6..22f8df5d0 100644 --- a/2024/CVE-2024-31982.md +++ b/2024/CVE-2024-31982.md @@ -10,7 +10,7 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a ### POC #### Reference -No PoCs from references. +- https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982 #### Github - https://github.com/Ostorlab/KEV diff --git a/2024/CVE-2024-34737.md b/2024/CVE-2024-34737.md new file mode 100644 index 000000000..f18181f21 --- /dev/null +++ b/2024/CVE-2024-34737.md @@ -0,0 +1,17 @@ +### [CVE-2024-34737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34737) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +- https://android.googlesource.com/platform/frameworks/base/+/8b473b3f79642f42eeeffbfe572df6c6cbe9d79e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34833.md b/2024/CVE-2024-34833.md index 6c8b77cbf..ad430b697 100644 --- a/2024/CVE-2024-34833.md +++ b/2024/CVE-2024-34833.md @@ -14,5 +14,6 @@ Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. User - https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html #### Github +- https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-35775.md b/2024/CVE-2024-35775.md new file mode 100644 index 000000000..c45d1ba8a --- /dev/null +++ b/2024/CVE-2024-35775.md @@ -0,0 +1,18 @@ +### [CVE-2024-35775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35775) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20by%20Soliloquy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-36401.md b/2024/CVE-2024-36401.md index 8e6bda3f9..208ebf7c2 100644 --- a/2024/CVE-2024-36401.md +++ b/2024/CVE-2024-36401.md @@ -17,6 +17,7 @@ GeoServer is an open source server that allows users to share and edit geospatia #### Github - https://github.com/Co5mos/nuclei-tps - https://github.com/Mr-xn/CVE-2024-36401 +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE diff --git a/2024/CVE-2024-36877.md b/2024/CVE-2024-36877.md index d8575f08e..048cec56e 100644 --- a/2024/CVE-2024-36877.md +++ b/2024/CVE-2024-36877.md @@ -5,7 +5,7 @@ ### Description -Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. +Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700. ### POC diff --git a/2024/CVE-2024-37090.md b/2024/CVE-2024-37090.md new file mode 100644 index 000000000..13a37e39a --- /dev/null +++ b/2024/CVE-2024-37090.md @@ -0,0 +1,18 @@ +### [CVE-2024-37090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37090) +![](https://img.shields.io/static/v1?label=Product&message=Consulting%20Elementor%20Widgets&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Masterstudy%20Elementor%20Widgets&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-37091.md b/2024/CVE-2024-37091.md new file mode 100644 index 000000000..afef24551 --- /dev/null +++ b/2024/CVE-2024-37091.md @@ -0,0 +1,17 @@ +### [CVE-2024-37091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37091) +![](https://img.shields.io/static/v1?label=Product&message=Consulting%20Elementor%20Widgets&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-37513.md b/2024/CVE-2024-37513.md new file mode 100644 index 000000000..07f91e7d9 --- /dev/null +++ b/2024/CVE-2024-37513.md @@ -0,0 +1,17 @@ +### [CVE-2024-37513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37513) +![](https://img.shields.io/static/v1?label=Product&message=WPCafe&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-37924.md b/2024/CVE-2024-37924.md new file mode 100644 index 000000000..1b2500bcf --- /dev/null +++ b/2024/CVE-2024-37924.md @@ -0,0 +1,17 @@ +### [CVE-2024-37924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37924) +![](https://img.shields.io/static/v1?label=Product&message=WP2Speed%20Faster&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37952.md b/2024/CVE-2024-37952.md new file mode 100644 index 000000000..d27398d7a --- /dev/null +++ b/2024/CVE-2024-37952.md @@ -0,0 +1,17 @@ +### [CVE-2024-37952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37952) +![](https://img.shields.io/static/v1?label=Product&message=BookYourTravel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38063.md b/2024/CVE-2024-38063.md index 4f07d2e4f..22c6c6a26 100644 --- a/2024/CVE-2024-38063.md +++ b/2024/CVE-2024-38063.md @@ -54,5 +54,6 @@ No PoCs from references. #### Github - https://github.com/being1943/my_rss_reader - https://github.com/kherrick/hacker-news +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/zhaoolee/garss diff --git a/2024/CVE-2024-38112.md b/2024/CVE-2024-38112.md index aba483639..11f356e8b 100644 --- a/2024/CVE-2024-38112.md +++ b/2024/CVE-2024-38112.md @@ -43,5 +43,6 @@ Windows MSHTML Platform Spoofing Vulnerability No PoCs from references. #### Github +- https://github.com/apiverve/news-API - https://github.com/thepcn3rd/goAdventures diff --git a/2024/CVE-2024-38123.md b/2024/CVE-2024-38123.md new file mode 100644 index 000000000..36f8fd08c --- /dev/null +++ b/2024/CVE-2024-38123.md @@ -0,0 +1,17 @@ +### [CVE-2024-38123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38123) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +Windows Bluetooth Driver Information Disclosure Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38125.md b/2024/CVE-2024-38125.md new file mode 100644 index 000000000..38a2d0123 --- /dev/null +++ b/2024/CVE-2024-38125.md @@ -0,0 +1,56 @@ +### [CVE-2024-38125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38125) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-197%3A%20Numeric%20Truncation%20Error&color=brighgreen) + +### Description + +Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38126.md b/2024/CVE-2024-38126.md new file mode 100644 index 000000000..79def427d --- /dev/null +++ b/2024/CVE-2024-38126.md @@ -0,0 +1,45 @@ +### [CVE-2024-38126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38126) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +Windows Network Address Translation (NAT) Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38127.md b/2024/CVE-2024-38127.md new file mode 100644 index 000000000..b3f18e9bd --- /dev/null +++ b/2024/CVE-2024-38127.md @@ -0,0 +1,52 @@ +### [CVE-2024-38127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38127) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-126%3A%20Buffer%20Over-read&color=brighgreen) + +### Description + +Windows Hyper-V Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38128.md b/2024/CVE-2024-38128.md new file mode 100644 index 000000000..3a783cca7 --- /dev/null +++ b/2024/CVE-2024-38128.md @@ -0,0 +1,39 @@ +### [CVE-2024-38128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38128) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38130.md b/2024/CVE-2024-38130.md new file mode 100644 index 000000000..eef4b2a93 --- /dev/null +++ b/2024/CVE-2024-38130.md @@ -0,0 +1,56 @@ +### [CVE-2024-38130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38130) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38131.md b/2024/CVE-2024-38131.md new file mode 100644 index 000000000..c5d32cdaa --- /dev/null +++ b/2024/CVE-2024-38131.md @@ -0,0 +1,58 @@ +### [CVE-2024-38131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38131) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20client%20for%20Windows%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.2.0.0%3C%201.2.5560.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-591%3A%20Sensitive%20Data%20Storage%20in%20Improperly%20Locked%20Memory&color=brighgreen) + +### Description + +Clipboard Virtual Channel Extension Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38132.md b/2024/CVE-2024-38132.md new file mode 100644 index 000000000..9b2ee5d9f --- /dev/null +++ b/2024/CVE-2024-38132.md @@ -0,0 +1,45 @@ +### [CVE-2024-38132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38132) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +Windows Network Address Translation (NAT) Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38133.md b/2024/CVE-2024-38133.md new file mode 100644 index 000000000..436f0238d --- /dev/null +++ b/2024/CVE-2024-38133.md @@ -0,0 +1,36 @@ +### [CVE-2024-38133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38133) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-138%3A%20Improper%20Neutralization%20of%20Special%20Elements&color=brighgreen) + +### Description + +Windows Kernel Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38136.md b/2024/CVE-2024-38136.md new file mode 100644 index 000000000..223339338 --- /dev/null +++ b/2024/CVE-2024-38136.md @@ -0,0 +1,36 @@ +### [CVE-2024-38136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38136) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38137.md b/2024/CVE-2024-38137.md new file mode 100644 index 000000000..430c62add --- /dev/null +++ b/2024/CVE-2024-38137.md @@ -0,0 +1,33 @@ +### [CVE-2024-38137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38137) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-591%3A%20Sensitive%20Data%20Storage%20in%20Improperly%20Locked%20Memory&color=brighgreen) + +### Description + +Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38143.md b/2024/CVE-2024-38143.md new file mode 100644 index 000000000..530854e07 --- /dev/null +++ b/2024/CVE-2024-38143.md @@ -0,0 +1,42 @@ +### [CVE-2024-38143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38143) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-38189.md b/2024/CVE-2024-38189.md new file mode 100644 index 000000000..39207182a --- /dev/null +++ b/2024/CVE-2024-38189.md @@ -0,0 +1,22 @@ +### [CVE-2024-38189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38189) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20365%20Apps%20for%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%20LTSC%202021&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Project%202016&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0.0%3C%2016.0.5461.1001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.1%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=19.0.0%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Microsoft Project Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38202.md b/2024/CVE-2024-38202.md index 81feef433..18ab6d62b 100644 --- a/2024/CVE-2024-38202.md +++ b/2024/CVE-2024-38202.md @@ -18,7 +18,7 @@ ### Description -SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAudit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations.Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft LearnImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only.Access Control overview | Microsoft LearnDiscretionary Access Control Lists (DACL)Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn +SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update... ### POC diff --git a/2024/CVE-2024-38288.md b/2024/CVE-2024-38288.md index d8dbeabef..373caf1c8 100644 --- a/2024/CVE-2024-38288.md +++ b/2024/CVE-2024-38288.md @@ -13,5 +13,5 @@ A command-injection issue in the Certificate Signing Request (CSR) functionality - https://github.com/google/security-research/security/advisories/GHSA-gx6g-8mvx-3q5c #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-38514.md b/2024/CVE-2024-38514.md index 07f53111d..b72eb6588 100644 --- a/2024/CVE-2024-38514.md +++ b/2024/CVE-2024-38514.md @@ -13,5 +13,5 @@ NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request F - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-38787.md b/2024/CVE-2024-38787.md index 3646d4cae..b93ed64c6 100644 --- a/2024/CVE-2024-38787.md +++ b/2024/CVE-2024-38787.md @@ -13,5 +13,6 @@ Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Code No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-39708.md b/2024/CVE-2024-39708.md new file mode 100644 index 000000000..b63165e9d --- /dev/null +++ b/2024/CVE-2024-39708.md @@ -0,0 +1,17 @@ +### [CVE-2024-39708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39708) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. + +### POC + +#### Reference +- https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40336.md b/2024/CVE-2024-40336.md new file mode 100644 index 000000000..0e413b58d --- /dev/null +++ b/2024/CVE-2024-40336.md @@ -0,0 +1,17 @@ +### [CVE-2024-40336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40336) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/73/readme.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41264.md b/2024/CVE-2024-41264.md new file mode 100644 index 000000000..2782503c9 --- /dev/null +++ b/2024/CVE-2024-41264.md @@ -0,0 +1,17 @@ +### [CVE-2024-41264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41264) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42299.md b/2024/CVE-2024-42299.md new file mode 100644 index 000000000..a72cb5a35 --- /dev/null +++ b/2024/CVE-2024-42299.md @@ -0,0 +1,17 @@ +### [CVE-2024-42299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42299) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=b46acd6a6a62%3C%20b90ceffdc975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:fs/ntfs3: Update log->page_{mask,bits} if log->page_size changedIf an NTFS file system is mounted to another system with differentPAGE_SIZE from the original system, log->page_size will change inlog_replay(), but log->page_{mask,bits} don't change correspondingly.This will cause a panic because "u32 bytes = log->page_size - page_off"will get a negative value in the later read_log_page(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42300.md b/2024/CVE-2024-42300.md new file mode 100644 index 000000000..9f8936f22 --- /dev/null +++ b/2024/CVE-2024-42300.md @@ -0,0 +1,17 @@ +### [CVE-2024-42300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42300) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=f36f3010f676%3C%2049b22e06a947%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:erofs: fix race in z_erofs_get_gbuf()In z_erofs_get_gbuf(), the current task may be migrated to anotherCPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`.Therefore, z_erofs_put_gbuf() will trigger the following issuewhich was found by stress test:<2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58!..<4>[772156.435007]<4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2<4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017<4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)<4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs]<4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs]..<6>[772156.445958] stress (3127): drop_caches: 1<4>[772156.446120] Call trace:<4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs]<4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs]<4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs]<4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs]<4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs].. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42301.md b/2024/CVE-2024-42301.md new file mode 100644 index 000000000..929eefcf5 --- /dev/null +++ b/2024/CVE-2024-42301.md @@ -0,0 +1,17 @@ +### [CVE-2024-42301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%207f4da759092a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:dev/parport: fix the array out-of-bounds riskFixed array out-of-bounds issues caused by sprintfby replacing it with snprintf for safer data copying,ensuring the destination buffer is not overflowed.Below is the stack trace I encountered during the actual issue:[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport][ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYunPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42302.md b/2024/CVE-2024-42302.md new file mode 100644 index 000000000..4fa06008b --- /dev/null +++ b/2024/CVE-2024-42302.md @@ -0,0 +1,17 @@ +### [CVE-2024-42302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=189f856e76f5%3C%20f63df70b439b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:PCI/DPC: Fix use-after-free on concurrent DPC and hot-removalKeith reports a use-after-free when a DPC event occurs concurrently tohot-removal of the same portion of the hierarchy:The dpc_handler() awaits readiness of the secondary bus below theDownstream Port where the DPC event occurred. To do so, it polls theconfig space of the first child device on the secondary bus. If thatchild device is concurrently removed, accesses to its struct pci_devcause the kernel to oops.That's because pci_bridge_wait_for_secondary_bus() neglects to hold areference on the child device. Before v6.3, the function was onlycalled on resume from system sleep or on runtime resume. Holding areference wasn't necessary back then because the pciehp IRQ threadcould never run concurrently. (On resume from system sleep, IRQs arenot enabled until after the resume_noirq phase. And runtime resume isalways awaited before a PCI device is removed.)However starting with v6.3, pci_bridge_wait_for_secondary_bus() is alsocalled on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readinessof secondary bus after reset"), which introduced that, failed toappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold areference on the child device because dpc_handler() and pciehp mayindeed run concurrently. The commit was backported to v5.10+ stablekernels, so that's the oldest one affected.Add the missing reference acquisition.Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler() + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42303.md b/2024/CVE-2024-42303.md new file mode 100644 index 000000000..bf7dd8577 --- /dev/null +++ b/2024/CVE-2024-42303.md @@ -0,0 +1,17 @@ +### [CVE-2024-42303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42303) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4e5bd3fdbeb3%3C%20358bc85269d6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()devm_regmap_init_mmio() can fail, add a check and bail out in case oferror. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42304.md b/2024/CVE-2024-42304.md new file mode 100644 index 000000000..17f20baa4 --- /dev/null +++ b/2024/CVE-2024-42304.md @@ -0,0 +1,17 @@ +### [CVE-2024-42304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4e19d6b65fb4%3C%20b609753cbbd3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ext4: make sure the first directory block is not a holeThe syzbot constructs a directory that has no dirblock but is non-inline,i.e. the first directory block is a hole. And no errors are reported whencreating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported.After that, we get a directory block without '.' and '..' but with a validdentry. This may cause some code that relies on dot or dotdot (such asmake_indexed_dir()) to crash.Therefore when ext4_read_dirblock() finds that the first directory blockis a hole report that the filesystem is corrupted and return an error toavoid loading corrupted data from disk causing something bad. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42305.md b/2024/CVE-2024-42305.md new file mode 100644 index 000000000..a18b82267 --- /dev/null +++ b/2024/CVE-2024-42305.md @@ -0,0 +1,17 @@ +### [CVE-2024-42305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=ac27a0ec112a%3C%20abb411ac9918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ext4: check dot and dotdot of dx_root before making dir indexedSyzbot reports a issue as follows:============================================BUG: unable to handle page fault for address: ffffed11022e24fePGD 23ffee067 P4D 23ffee067 PUD 0Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTICPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0Call Trace: make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [inline] ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214[...]============================================The immediate cause of this problem is that there is only one valid dentryfor the block to be split during do_split, so split==0 results in out ofbounds accesses to the map triggering the issue. do_split unsigned split dx_make_map count = 1 split = count/2 = 0; continued = hash2 == map[split - 1].hash; ---> map[4294967295]The maximum length of a filename is 255 and the minimum block size is 1024,so it is always guaranteed that the number of entries is greater than orequal to 2 when do_split() is called.But syzbot's crafted image has no dot and dotdot in dir, and the dentrydistribution in dirblock is as follows: bus dentry1 hole dentry2 free|xx--|xx-------------|...............|xx-------------|...............|0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024So when renaming dentry1 increases its name_len length by 1, neither holenor free is sufficient to hold the new dentry, and make_indexed_dir() iscalled.In make_indexed_dir() it is assumed that the first two entries of thedirblock must be dot and dotdot, so bus and dentry1 are left in dx_rootbecause they are treated as dot and dotdot, and only dentry2 is movedto the new leaf block. That's why count is equal to 1.Therefore add the ext4_check_dx_root() helper function to add more sanitychecks to dot and dotdot before starting the conversion to avoid the aboveissue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42306.md b/2024/CVE-2024-42306.md new file mode 100644 index 000000000..49e2c1f18 --- /dev/null +++ b/2024/CVE-2024-42306.md @@ -0,0 +1,17 @@ +### [CVE-2024-42306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6ac8f2c8362a%3C%20271cab2ca006%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:udf: Avoid using corrupted block bitmap bufferWhen the filesystem block bitmap is corrupted, we detect the corruptionwhile loading the bitmap and fail the allocation with error. However thenext allocation from the same bitmap will notice the bitmap buffer isalready loaded and tries to allocate from the bitmap with mixed results(depending on the exact nature of the bitmap corruption). Fix theproblem by using BH_verified bit to indicate whether the bitmap is validor not. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42307.md b/2024/CVE-2024-42307.md new file mode 100644 index 000000000..4fb167d38 --- /dev/null +++ b/2024/CVE-2024-42307.md @@ -0,0 +1,17 @@ +### [CVE-2024-42307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42307) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8c99dfb49bdc%3C%206018971710fd%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:cifs: fix potential null pointer use in destroy_workqueue in init_cifs error pathDan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895)The patch which introduced the serverclose workqueue used the wrongoredering in error paths in init_cifs() for freeing it on errors. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42308.md b/2024/CVE-2024-42308.md new file mode 100644 index 000000000..3c3b1ecae --- /dev/null +++ b/2024/CVE-2024-42308.md @@ -0,0 +1,17 @@ +### [CVE-2024-42308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42308) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f068494430d1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check for NULL pointer[why & how]Need to make sure plane_state is initializedbefore accessing its members.(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42309.md b/2024/CVE-2024-42309.md new file mode 100644 index 000000000..61030aeb5 --- /dev/null +++ b/2024/CVE-2024-42309.md @@ -0,0 +1,17 @@ +### [CVE-2024-42309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42309) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=89c78134cc54%3C%20f70ffeca5464%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modesIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() isassigned to mode, which will lead to a possible NULL pointer dereferenceon failure of drm_mode_duplicate(). Add a check to avoid npd. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42310.md b/2024/CVE-2024-42310.md new file mode 100644 index 000000000..8c62bc745 --- /dev/null +++ b/2024/CVE-2024-42310.md @@ -0,0 +1,17 @@ +### [CVE-2024-42310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42310) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6a227d5fd6c4%3C%20e74eb5e80894%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modesIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()is assigned to mode, which will lead to a NULL pointer dereference onfailure of drm_mode_duplicate(). Add a check to avoid npd. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42311.md b/2024/CVE-2024-42311.md new file mode 100644 index 000000000..a9a4f81f1 --- /dev/null +++ b/2024/CVE-2024-42311.md @@ -0,0 +1,17 @@ +### [CVE-2024-42311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42311) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2058d83fc16050%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()Syzbot reports uninitialized value access issue as below:loop0: detected capacity change from 0 to 64=====================================================BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk_component fs/namei.c:2001 [inline] link_path_walk+0x817/0x1480 fs/namei.c:2332 path_lookupat+0xd9/0x6f0 fs/namei.c:2485 filename_lookup+0x22e/0x740 fs/namei.c:2515 user_path_at_empty+0x8b/0x390 fs/namei.c:2924 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3689 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x66b/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]BUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 hfs_ext_read_extent fs/hfs/extent.c:196 [inline] hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39 filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 do_read_cache_page mm/filemap.c:3595 [inline] read_cache_page+0xfb/0x2f0 mm/filemap.c:3604 read_mapping_page include/linux/pagemap.h:755 [inline] hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406 mount_bdev+0x628/0x920 fs/super.c:1359 hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 vfs_get_tree+0xdc/0x5d0 fs/super.c:1489 do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 path_mount+0xf98/0x26a0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2190 [inline] allocate_slab mm/slub.c:2354 [inline] new_slab+0x2d7/0x1400 mm/slub.c:2407 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 __slab_alloc mm/slub.c:3625 [inline] __slab_alloc_node mm/slub.c:3678 [inline] slab_alloc_node mm/slub.c:3850 [inline] kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3018 [inline] hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165 alloc_inode+0x83/0x440 fs/inode.c:260 new_inode_pseudo fs/inode.c:1005 [inline] new_inode+0x38/0x4f0 fs/inode.c:1031 hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186 hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 vfs_mkdir+0x49a/0x700 fs/namei.c:4126 do_mkdirat+0x529/0x810 fs/namei.c:4149 __do_sys_mkdirat fs/namei.c:4164 [inline] __se_sys_mkdirat fs/namei.c:4162 [inline] __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bIt missed to initialize .tz_secondswest, .cached_start and .cached_blocksfields in struct hfs_inode_info after hfs_alloc_inode(), fix it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42312.md b/2024/CVE-2024-42312.md new file mode 100644 index 000000000..3ad8f7161 --- /dev/null +++ b/2024/CVE-2024-42312.md @@ -0,0 +1,17 @@ +### [CVE-2024-42312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42312) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5ec27ec735ba%3C%201deae34db9f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:sysctl: always initialize i_uid/i_gidAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()can safely skip setting them.Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values ofi_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid whenset_ownership() was not implemented. It also missed adjustingnet_ctl_set_ownership() to use the same default values in case thecomputation of a better value failed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42313.md b/2024/CVE-2024-42313.md new file mode 100644 index 000000000..3629ed9d7 --- /dev/null +++ b/2024/CVE-2024-42313.md @@ -0,0 +1,17 @@ +### [CVE-2024-42313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42313) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=af2c3834c8ca%3C%20da55685247f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:media: venus: fix use after free in vdec_closeThere appears to be a possible use after free with vdec_close().The firmware will add buffer release work to the work queue throughHFI callbacks as a normal part of decoding. Randomly closing thedecoder device from userspace during normal decoding can incura read after free for inst.Fix it by cancelling the work in vdec_close. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42314.md b/2024/CVE-2024-42314.md new file mode 100644 index 000000000..6d91b754a --- /dev/null +++ b/2024/CVE-2024-42314.md @@ -0,0 +1,17 @@ +### [CVE-2024-42314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42314) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6a4049102055%3C%20c205565e0f2f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:btrfs: fix extent map use-after-free when adding pages to compressed bioAt add_ra_bio_pages() we are accessing the extent map to calculate'add_size' after we dropped our reference on the extent map, resultingin a use-after-free. Fix this by computing 'add_size' before dropping ourextent map reference. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42315.md b/2024/CVE-2024-42315.md new file mode 100644 index 000000000..c0a03df66 --- /dev/null +++ b/2024/CVE-2024-42315.md @@ -0,0 +1,17 @@ +### [CVE-2024-42315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42315) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=a3ff29a95fde%3C%20a7ac198f8dba%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:exfat: fix potential deadlock on __exfat_get_dentry_setWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-arrayis allocated in __exfat_get_entry_set. The problem is that the bh-array isallocated with GFP_KERNEL. It does not make sense. In the following cases,a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock)To fix this, let's allocate bh-array with GFP_NOFS. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42316.md b/2024/CVE-2024-42316.md new file mode 100644 index 000000000..3e04b573d --- /dev/null +++ b/2024/CVE-2024-42316.md @@ -0,0 +1,17 @@ +### [CVE-2024-42316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42316) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=359a5e1416ca%3C%208de7bf77f210%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mm/mglru: fix div-by-zero in vmpressure_calc_level()evict_folios() uses a second pass to reclaim folios that have gone throughpage writeback and become clean before it finishes the first pass, sincefolio_rotate_reclaimable() cannot handle those folios due to theisolation.The second pass tries to avoid potential double counting by deductingscan_control->nr_scanned. However, this can result in underflow ofnr_scanned, under a condition where shrink_folio_list() does not incrementnr_scanned, i.e., when folio_trylock() fails.The underflow can cause the divisor, i.e., scale=scanned+reclaimed invmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2bSince scan_control->nr_scanned has no established semantics, the potentialdouble counting has minimal risks. Therefore, fix the problem by notdeducting scan_control->nr_scanned in evict_folios(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42317.md b/2024/CVE-2024-42317.md new file mode 100644 index 000000000..46293fbae --- /dev/null +++ b/2024/CVE-2024-42317.md @@ -0,0 +1,17 @@ +### [CVE-2024-42317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42317) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6b24ca4a1a8d%3C%20e60f62f75c99%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mm/huge_memory: avoid PMD-size page cache if neededxarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However,it's possible to have 512MB page cache in the huge memory's collapsingpath on ARM64 system whose base page size is 64KB. 512MB page cache isbreaking the limitation and a warning is raised when the xarray entry issplit as shown in the following example.[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSizeKernelPageSize: 64 kB[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c :int main(int argc, char **argv){ const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize);out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret;}[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test[root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42318.md b/2024/CVE-2024-42318.md new file mode 100644 index 000000000..8b468a7fc --- /dev/null +++ b/2024/CVE-2024-42318.md @@ -0,0 +1,17 @@ +### [CVE-2024-42318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=385975dca53e%3C%200d74fd54db0b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:landlock: Don't lose track of restrictions on cred_transferWhen a process' cred struct is replaced, this _almost_ always invokesthe cred_prepare LSM hook; but in one special case (whenKEYCTL_SESSION_TO_PARENT updates the parent's credentials), thecred_transfer LSM hook is used instead. Landlock only implements thecred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causesall information on Landlock restrictions to be lost.This basically means that a process with the ability to use the fork()and keyctl() syscalls can get rid of all Landlock restrictions onitself.Fix it by adding a cred_transfer hook that does the same thing as theexisting cred_prepare hook. (Implemented by having hook_cred_prepare()call hook_cred_transfer() so that the two functions are less likely toaccidentally diverge in the future.) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42319.md b/2024/CVE-2024-42319.md new file mode 100644 index 000000000..cbe7f4b96 --- /dev/null +++ b/2024/CVE-2024-42319.md @@ -0,0 +1,17 @@ +### [CVE-2024-42319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42319) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=623a6143a845%3C%2011fa625b45fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()When mtk-cmdq unbinds, a WARN_ON message with conditionpm_runtime_get_sync() < 0 occurs.According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ...The root cause can be deduced to be calling pm_runtime_get_sync() aftercalling pm_runtime_disable() as observed below:1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe() to bind the cmdq device to the mbox_controller, so devm_mbox_controller_unregister() will automatically unregister the device bound to the mailbox controller when the device-managed resource is removed. That means devm_mbox_controller_unregister() and cmdq_mbox_shoutdown() will be called after cmdq_remove().2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after devm_mbox_controller_register(), so that devm_pm_runtime_disable() will be called after cmdq_remove(), but before devm_mbox_controller_unregister().To fix this problem, cmdq_probe() needs to movedevm_mbox_controller_register() after devm_pm_runtime_enable() to makedevm_pm_runtime_disable() be called afterdevm_mbox_controller_unregister(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42320.md b/2024/CVE-2024-42320.md new file mode 100644 index 000000000..7eea08638 --- /dev/null +++ b/2024/CVE-2024-42320.md @@ -0,0 +1,17 @@ +### [CVE-2024-42320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42320) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=a91ff09d39f9%3C%20cc8b7284d507%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:s390/dasd: fix error checks in dasd_copy_pair_store()dasd_add_busid() can return an error via ERR_PTR() if an allocationfails. However, two callsites in dasd_copy_pair_store() do not checkthe result, potentially resulting in a NULL pointer dereference. Fixthis by checking the result with IS_ERR() and returning the error upthe stack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42321.md b/2024/CVE-2024-42321.md new file mode 100644 index 000000000..3e3fadb70 --- /dev/null +++ b/2024/CVE-2024-42321.md @@ -0,0 +1,17 @@ +### [CVE-2024-42321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42321) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9b52e3f267a6%3C%20eb03d9826aa6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net: flow_dissector: use DEBUG_NET_WARN_ON_ONCEThe following splat is easy to reproduce upstream as well as in -stablekernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")but this complementary fix has been also suggested by Willem de Bruijnand it can be easily backported to -stable kernel which consists inusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splatgiven __skb_get_hash() is used by the nftables tracing infrastructure toto identify packets in traces.[69133.561393] ------------[ cut here ]------------[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/[...][69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ffff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28[69133.562020] FS: 00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000[69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0[69133.562040] Call Trace:[69133.562044] [69133.562049] ? __warn+0x9f/0x1a0[ 1211.841384] ? __skb_flow_dissect+0x107e/0x2860[...][ 1211.841496] ? bpf_flow_dissect+0x160/0x160[ 1211.841753] __skb_get_hash+0x97/0x280[ 1211.841765] ? __skb_get_hash_symmetric+0x230/0x230[ 1211.841776] ? mod_find+0xbf/0xe0[ 1211.841786] ? get_stack_info_noinstr+0x12/0xe0[ 1211.841798] ? bpf_ksym_find+0x56/0xe0[ 1211.841807] ? __rcu_read_unlock+0x2a/0x70[ 1211.841819] nft_trace_init+0x1b9/0x1c0 [nf_tables][ 1211.841895] ? nft_trace_notify+0x830/0x830 [nf_tables][ 1211.841964] ? get_stack_info+0x2b/0x80[ 1211.841975] ? nft_do_chain_arp+0x80/0x80 [nf_tables][ 1211.842044] nft_do_chain+0x79c/0x850 [nf_tables] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42322.md b/2024/CVE-2024-42322.md new file mode 100644 index 000000000..924f7072d --- /dev/null +++ b/2024/CVE-2024-42322.md @@ -0,0 +1,17 @@ +### [CVE-2024-42322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=39b972231536%3C%203dd428039e06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ipvs: properly dereference pe in ip_vs_add_serviceUse pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42462.md b/2024/CVE-2024-42462.md new file mode 100644 index 000000000..1829438d0 --- /dev/null +++ b/2024/CVE-2024-42462.md @@ -0,0 +1,17 @@ +### [CVE-2024-42462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42462) +![](https://img.shields.io/static/v1?label=Product&message=upKeeper%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.1.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42463.md b/2024/CVE-2024-42463.md new file mode 100644 index 000000000..35bd855a5 --- /dev/null +++ b/2024/CVE-2024-42463.md @@ -0,0 +1,17 @@ +### [CVE-2024-42463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42463) +![](https://img.shields.io/static/v1?label=Product&message=upKeeper%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.1.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42464.md b/2024/CVE-2024-42464.md new file mode 100644 index 000000000..2cd4f7805 --- /dev/null +++ b/2024/CVE-2024-42464.md @@ -0,0 +1,17 @@ +### [CVE-2024-42464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42464) +![](https://img.shields.io/static/v1?label=Product&message=upKeeper%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.1.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42465.md b/2024/CVE-2024-42465.md new file mode 100644 index 000000000..e88f83eab --- /dev/null +++ b/2024/CVE-2024-42465.md @@ -0,0 +1,17 @@ +### [CVE-2024-42465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42465) +![](https://img.shields.io/static/v1?label=Product&message=upKeeper%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.1.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-307%20Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts&color=brighgreen) + +### Description + +Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42466.md b/2024/CVE-2024-42466.md new file mode 100644 index 000000000..ddafc647f --- /dev/null +++ b/2024/CVE-2024-42466.md @@ -0,0 +1,17 @@ +### [CVE-2024-42466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42466) +![](https://img.shields.io/static/v1?label=Product&message=upKeeper%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.1.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-307%20Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts&color=brighgreen) + +### Description + +Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42486.md b/2024/CVE-2024-42486.md new file mode 100644 index 000000000..256edccf0 --- /dev/null +++ b/2024/CVE-2024-42486.md @@ -0,0 +1,17 @@ +### [CVE-2024-42486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42486) +![](https://img.shields.io/static/v1?label=Product&message=cilium&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%201.16.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42676.md b/2024/CVE-2024-42676.md new file mode 100644 index 000000000..fef99bfdb --- /dev/null +++ b/2024/CVE-2024-42676.md @@ -0,0 +1,17 @@ +### [CVE-2024-42676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42676) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42677.md b/2024/CVE-2024-42677.md new file mode 100644 index 000000000..31793f5bf --- /dev/null +++ b/2024/CVE-2024-42677.md @@ -0,0 +1,17 @@ +### [CVE-2024-42677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42677) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42678.md b/2024/CVE-2024-42678.md new file mode 100644 index 000000000..bc74e4ed7 --- /dev/null +++ b/2024/CVE-2024-42678.md @@ -0,0 +1,17 @@ +### [CVE-2024-42678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42678) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42679.md b/2024/CVE-2024-42679.md new file mode 100644 index 000000000..44508e8b5 --- /dev/null +++ b/2024/CVE-2024-42679.md @@ -0,0 +1,17 @@ +### [CVE-2024-42679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42679) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42680.md b/2024/CVE-2024-42680.md new file mode 100644 index 000000000..2fb25c90d --- /dev/null +++ b/2024/CVE-2024-42680.md @@ -0,0 +1,17 @@ +### [CVE-2024-42680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42680) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42758.md b/2024/CVE-2024-42758.md new file mode 100644 index 000000000..ebfd0a365 --- /dev/null +++ b/2024/CVE-2024-42758.md @@ -0,0 +1,17 @@ +### [CVE-2024-42758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42758) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-42843.md b/2024/CVE-2024-42843.md new file mode 100644 index 000000000..acd83e1ad --- /dev/null +++ b/2024/CVE-2024-42843.md @@ -0,0 +1,17 @@ +### [CVE-2024-42843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42843) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. + +### POC + +#### Reference +- https://github.com/ganzhi-qcy/cve/issues/6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42849.md b/2024/CVE-2024-42849.md new file mode 100644 index 000000000..d74e32827 --- /dev/null +++ b/2024/CVE-2024-42849.md @@ -0,0 +1,17 @@ +### [CVE-2024-42849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42849) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. + +### POC + +#### Reference +- https://github.com/njmbb8/CVE-2024-42849/tree/main + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-42850.md b/2024/CVE-2024-42850.md new file mode 100644 index 000000000..cb90214c4 --- /dev/null +++ b/2024/CVE-2024-42850.md @@ -0,0 +1,17 @@ +### [CVE-2024-42850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42850) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-42940.md b/2024/CVE-2024-42940.md new file mode 100644 index 000000000..191c6333a --- /dev/null +++ b/2024/CVE-2024-42940.md @@ -0,0 +1,17 @@ +### [CVE-2024-42940](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42940) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromP2pListFilter.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42941.md b/2024/CVE-2024-42941.md new file mode 100644 index 000000000..bb6d3828e --- /dev/null +++ b/2024/CVE-2024-42941.md @@ -0,0 +1,17 @@ +### [CVE-2024-42941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42941) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_pptpPPW.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42942.md b/2024/CVE-2024-42942.md new file mode 100644 index 000000000..eaaea98e7 --- /dev/null +++ b/2024/CVE-2024-42942.md @@ -0,0 +1,17 @@ +### [CVE-2024-42942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42942) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/frmL7ImForm.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42943.md b/2024/CVE-2024-42943.md new file mode 100644 index 000000000..b907559f4 --- /dev/null +++ b/2024/CVE-2024-42943.md @@ -0,0 +1,17 @@ +### [CVE-2024-42943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42943) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_PPPOEPassword.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42944.md b/2024/CVE-2024-42944.md new file mode 100644 index 000000000..bb45c2905 --- /dev/null +++ b/2024/CVE-2024-42944.md @@ -0,0 +1,17 @@ +### [CVE-2024-42944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42944) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromNatlimit.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42945.md b/2024/CVE-2024-42945.md new file mode 100644 index 000000000..97f0191a7 --- /dev/null +++ b/2024/CVE-2024-42945.md @@ -0,0 +1,17 @@ +### [CVE-2024-42945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42945) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAddressNat_page.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42946.md b/2024/CVE-2024-42946.md new file mode 100644 index 000000000..b702e916f --- /dev/null +++ b/2024/CVE-2024-42946.md @@ -0,0 +1,17 @@ +### [CVE-2024-42946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42946) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromVirtualSer.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42947.md b/2024/CVE-2024-42947.md new file mode 100644 index 000000000..08c73246f --- /dev/null +++ b/2024/CVE-2024-42947.md @@ -0,0 +1,17 @@ +### [CVE-2024-42947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42947) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/telnet.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42948.md b/2024/CVE-2024-42948.md new file mode 100644 index 000000000..1e2042bb6 --- /dev/null +++ b/2024/CVE-2024-42948.md @@ -0,0 +1,17 @@ +### [CVE-2024-42948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42948) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromPptpUserSetting.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42949.md b/2024/CVE-2024-42949.md new file mode 100644 index 000000000..ea1e0aaac --- /dev/null +++ b/2024/CVE-2024-42949.md @@ -0,0 +1,17 @@ +### [CVE-2024-42949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42949) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_qos.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42950.md b/2024/CVE-2024-42950.md new file mode 100644 index 000000000..cb5dff161 --- /dev/null +++ b/2024/CVE-2024-42950.md @@ -0,0 +1,17 @@ +### [CVE-2024-42950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42950) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_Go.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42951.md b/2024/CVE-2024-42951.md new file mode 100644 index 000000000..0d041d019 --- /dev/null +++ b/2024/CVE-2024-42951.md @@ -0,0 +1,17 @@ +### [CVE-2024-42951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42951) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_mit_pptpusrpw.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42952.md b/2024/CVE-2024-42952.md new file mode 100644 index 000000000..8b1012065 --- /dev/null +++ b/2024/CVE-2024-42952.md @@ -0,0 +1,17 @@ +### [CVE-2024-42952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42952) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_page.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42953.md b/2024/CVE-2024-42953.md new file mode 100644 index 000000000..33d131c2a --- /dev/null +++ b/2024/CVE-2024-42953.md @@ -0,0 +1,17 @@ +### [CVE-2024-42953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42953) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_PPW.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42954.md b/2024/CVE-2024-42954.md new file mode 100644 index 000000000..d7a660081 --- /dev/null +++ b/2024/CVE-2024-42954.md @@ -0,0 +1,17 @@ +### [CVE-2024-42954](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42954) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromwebExcptypemanFilter.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42955.md b/2024/CVE-2024-42955.md new file mode 100644 index 000000000..477af6b87 --- /dev/null +++ b/2024/CVE-2024-42955.md @@ -0,0 +1,17 @@ +### [CVE-2024-42955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42955) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_page.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42966.md b/2024/CVE-2024-42966.md new file mode 100644 index 000000000..0b3319c32 --- /dev/null +++ b/2024/CVE-2024-42966.md @@ -0,0 +1,17 @@ +### [CVE-2024-42966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42966) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/N350R/ExportSettings.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42967.md b/2024/CVE-2024-42967.md new file mode 100644 index 000000000..26769f19b --- /dev/null +++ b/2024/CVE-2024-42967.md @@ -0,0 +1,17 @@ +### [CVE-2024-42967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42967) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42968.md b/2024/CVE-2024-42968.md new file mode 100644 index 000000000..728c0b393 --- /dev/null +++ b/2024/CVE-2024-42968.md @@ -0,0 +1,17 @@ +### [CVE-2024-42968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42968) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter_Go.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42969.md b/2024/CVE-2024-42969.md new file mode 100644 index 000000000..e5bb39bcf --- /dev/null +++ b/2024/CVE-2024-42969.md @@ -0,0 +1,17 @@ +### [CVE-2024-42969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42969) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter%20_page.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42973.md b/2024/CVE-2024-42973.md new file mode 100644 index 000000000..687425014 --- /dev/null +++ b/2024/CVE-2024-42973.md @@ -0,0 +1,17 @@ +### [CVE-2024-42973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42973) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSetIpBind.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42974.md b/2024/CVE-2024-42974.md new file mode 100644 index 000000000..0daa3278c --- /dev/null +++ b/2024/CVE-2024-42974.md @@ -0,0 +1,17 @@ +### [CVE-2024-42974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42974) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromwebExcptypemanFilter.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42976.md b/2024/CVE-2024-42976.md new file mode 100644 index 000000000..c6d6b6703 --- /dev/null +++ b/2024/CVE-2024-42976.md @@ -0,0 +1,17 @@ +### [CVE-2024-42976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42976) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeClientFilter_page.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42977.md b/2024/CVE-2024-42977.md new file mode 100644 index 000000000..378c3be31 --- /dev/null +++ b/2024/CVE-2024-42977.md @@ -0,0 +1,17 @@ +### [CVE-2024-42977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42977) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromqossetting_qos.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42978.md b/2024/CVE-2024-42978.md new file mode 100644 index 000000000..2fd38fb2e --- /dev/null +++ b/2024/CVE-2024-42978.md @@ -0,0 +1,17 @@ +### [CVE-2024-42978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42978) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/telnet.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42979.md b/2024/CVE-2024-42979.md new file mode 100644 index 000000000..d2efaaba4 --- /dev/null +++ b/2024/CVE-2024-42979.md @@ -0,0 +1,17 @@ +### [CVE-2024-42979](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42979) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ProtForm.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42980.md b/2024/CVE-2024-42980.md new file mode 100644 index 000000000..f268a8c1f --- /dev/null +++ b/2024/CVE-2024-42980.md @@ -0,0 +1,17 @@ +### [CVE-2024-42980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42980) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ImForm.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42981.md b/2024/CVE-2024-42981.md new file mode 100644 index 000000000..e6ecbc4a2 --- /dev/null +++ b/2024/CVE-2024-42981.md @@ -0,0 +1,17 @@ +### [CVE-2024-42981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42981) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserSetting.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42982.md b/2024/CVE-2024-42982.md new file mode 100644 index 000000000..8e68af10b --- /dev/null +++ b/2024/CVE-2024-42982.md @@ -0,0 +1,17 @@ +### [CVE-2024-42982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42982) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromVirtualSer.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42983.md b/2024/CVE-2024-42983.md new file mode 100644 index 000000000..d541aae65 --- /dev/null +++ b/2024/CVE-2024-42983.md @@ -0,0 +1,17 @@ +### [CVE-2024-42983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42983) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_pptpPPW.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42984.md b/2024/CVE-2024-42984.md new file mode 100644 index 000000000..ac17319e3 --- /dev/null +++ b/2024/CVE-2024-42984.md @@ -0,0 +1,17 @@ +### [CVE-2024-42984](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42984) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromP2pListFilter.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42985.md b/2024/CVE-2024-42985.md new file mode 100644 index 000000000..ba899076e --- /dev/null +++ b/2024/CVE-2024-42985.md @@ -0,0 +1,17 @@ +### [CVE-2024-42985](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42985) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromNatlimit.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42986.md b/2024/CVE-2024-42986.md new file mode 100644 index 000000000..e95a3eee0 --- /dev/null +++ b/2024/CVE-2024-42986.md @@ -0,0 +1,17 @@ +### [CVE-2024-42986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42986) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_PPPOEPassword.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42987.md b/2024/CVE-2024-42987.md new file mode 100644 index 000000000..7cb0fbf57 --- /dev/null +++ b/2024/CVE-2024-42987.md @@ -0,0 +1,17 @@ +### [CVE-2024-42987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42987) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. + +### POC + +#### Reference +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserAdd.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42994.md b/2024/CVE-2024-42994.md new file mode 100644 index 000000000..9c410aa80 --- /dev/null +++ b/2024/CVE-2024-42994.md @@ -0,0 +1,17 @@ +### [CVE-2024-42994](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42994) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. + +### POC + +#### Reference +- https://www.shielder.com/advisories/vtiger-mailmanager-sqli/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42995.md b/2024/CVE-2024-42995.md new file mode 100644 index 000000000..cb9dc1f1f --- /dev/null +++ b/2024/CVE-2024-42995.md @@ -0,0 +1,17 @@ +### [CVE-2024-42995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42995) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. + +### POC + +#### Reference +- https://www.shielder.com/advisories/vtiger-migration-bac/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43121.md b/2024/CVE-2024-43121.md index ddc69c7ea..2c0c82619 100644 --- a/2024/CVE-2024-43121.md +++ b/2024/CVE-2024-43121.md @@ -13,5 +13,6 @@ Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43123.md b/2024/CVE-2024-43123.md new file mode 100644 index 000000000..dbe4bef66 --- /dev/null +++ b/2024/CVE-2024-43123.md @@ -0,0 +1,17 @@ +### [CVE-2024-43123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43123) +![](https://img.shields.io/static/v1?label=Product&message=Card%20Elements%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43124.md b/2024/CVE-2024-43124.md new file mode 100644 index 000000000..5d1950931 --- /dev/null +++ b/2024/CVE-2024-43124.md @@ -0,0 +1,17 @@ +### [CVE-2024-43124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43124) +![](https://img.shields.io/static/v1?label=Product&message=Graphina&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43125.md b/2024/CVE-2024-43125.md new file mode 100644 index 000000000..73a0dbc2c --- /dev/null +++ b/2024/CVE-2024-43125.md @@ -0,0 +1,17 @@ +### [CVE-2024-43125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43125) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Table%20Builder%20%E2%80%93%20WordPress%20Table%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table Plugin: from n/a through 1.4.15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43126.md b/2024/CVE-2024-43126.md new file mode 100644 index 000000000..6b076702e --- /dev/null +++ b/2024/CVE-2024-43126.md @@ -0,0 +1,17 @@ +### [CVE-2024-43126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43126) +![](https://img.shields.io/static/v1?label=Product&message=Sender%20%E2%80%93%20Newsletter%2C%20SMS%20and%20Email%20Marketing%20Automation%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43127.md b/2024/CVE-2024-43127.md new file mode 100644 index 000000000..8df239cad --- /dev/null +++ b/2024/CVE-2024-43127.md @@ -0,0 +1,17 @@ +### [CVE-2024-43127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43127) +![](https://img.shields.io/static/v1?label=Product&message=Products%2C%20Order%20%26%20Customers%20Export%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43128.md b/2024/CVE-2024-43128.md index 0fc3c90fb..2a3dc1383 100644 --- a/2024/CVE-2024-43128.md +++ b/2024/CVE-2024-43128.md @@ -13,5 +13,6 @@ Improper Control of Generation of Code ('Code Injection') vulnerability in WC Pr No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43129.md b/2024/CVE-2024-43129.md index dbb2b1c52..bfa388dba 100644 --- a/2024/CVE-2024-43129.md +++ b/2024/CVE-2024-43129.md @@ -13,5 +13,6 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43130.md b/2024/CVE-2024-43130.md new file mode 100644 index 000000000..428e73c12 --- /dev/null +++ b/2024/CVE-2024-43130.md @@ -0,0 +1,17 @@ +### [CVE-2024-43130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43130) +![](https://img.shields.io/static/v1?label=Product&message=Football%20Pool&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43131.md b/2024/CVE-2024-43131.md index 937aeb1a2..743de8980 100644 --- a/2024/CVE-2024-43131.md +++ b/2024/CVE-2024-43131.md @@ -13,5 +13,6 @@ Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43133.md b/2024/CVE-2024-43133.md new file mode 100644 index 000000000..b9ae2f7bf --- /dev/null +++ b/2024/CVE-2024-43133.md @@ -0,0 +1,17 @@ +### [CVE-2024-43133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43133) +![](https://img.shields.io/static/v1?label=Product&message=Themify%20Shortcodes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43135.md b/2024/CVE-2024-43135.md index 7e5f8fa3e..2d02a229d 100644 --- a/2024/CVE-2024-43135.md +++ b/2024/CVE-2024-43135.md @@ -13,5 +13,6 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43137.md b/2024/CVE-2024-43137.md new file mode 100644 index 000000000..0db7720c0 --- /dev/null +++ b/2024/CVE-2024-43137.md @@ -0,0 +1,17 @@ +### [CVE-2024-43137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43137) +![](https://img.shields.io/static/v1?label=Product&message=WappPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43138.md b/2024/CVE-2024-43138.md index f04d8a053..eb552272a 100644 --- a/2024/CVE-2024-43138.md +++ b/2024/CVE-2024-43138.md @@ -13,5 +13,6 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43139.md b/2024/CVE-2024-43139.md new file mode 100644 index 000000000..07497295c --- /dev/null +++ b/2024/CVE-2024-43139.md @@ -0,0 +1,17 @@ +### [CVE-2024-43139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43139) +![](https://img.shields.io/static/v1?label=Product&message=Football%20Pool&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43140.md b/2024/CVE-2024-43140.md index 6f4b0627a..1a49e7618 100644 --- a/2024/CVE-2024-43140.md +++ b/2024/CVE-2024-43140.md @@ -13,5 +13,6 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43141.md b/2024/CVE-2024-43141.md index 811ea02a1..66d99e5f0 100644 --- a/2024/CVE-2024-43141.md +++ b/2024/CVE-2024-43141.md @@ -13,5 +13,6 @@ Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43147.md b/2024/CVE-2024-43147.md new file mode 100644 index 000000000..97fbda0fe --- /dev/null +++ b/2024/CVE-2024-43147.md @@ -0,0 +1,17 @@ +### [CVE-2024-43147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43147) +![](https://img.shields.io/static/v1?label=Product&message=Selection%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43148.md b/2024/CVE-2024-43148.md new file mode 100644 index 000000000..4478cfadd --- /dev/null +++ b/2024/CVE-2024-43148.md @@ -0,0 +1,17 @@ +### [CVE-2024-43148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43148) +![](https://img.shields.io/static/v1?label=Product&message=StreamCast&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43149.md b/2024/CVE-2024-43149.md new file mode 100644 index 000000000..56bb3f557 --- /dev/null +++ b/2024/CVE-2024-43149.md @@ -0,0 +1,17 @@ +### [CVE-2024-43149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43149) +![](https://img.shields.io/static/v1?label=Product&message=CM%20Tooltip%20Glossary&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43150.md b/2024/CVE-2024-43150.md new file mode 100644 index 000000000..2a33f6b85 --- /dev/null +++ b/2024/CVE-2024-43150.md @@ -0,0 +1,17 @@ +### [CVE-2024-43150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43150) +![](https://img.shields.io/static/v1?label=Product&message=Xpro%20Elementor%20Addons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43151.md b/2024/CVE-2024-43151.md new file mode 100644 index 000000000..7bd4d8e29 --- /dev/null +++ b/2024/CVE-2024-43151.md @@ -0,0 +1,17 @@ +### [CVE-2024-43151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43151) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Addons%20for%20Beaver%20Builder%20%E2%80%93%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43152.md b/2024/CVE-2024-43152.md new file mode 100644 index 000000000..0cb97d0ad --- /dev/null +++ b/2024/CVE-2024-43152.md @@ -0,0 +1,17 @@ +### [CVE-2024-43152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43152) +![](https://img.shields.io/static/v1?label=Product&message=3D%20FlipBook%20%E2%80%93%20PDF%20Flipbook%20Viewer%2C%20Flipbook%20Image%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43153.md b/2024/CVE-2024-43153.md index 409c1a2e5..79e8408fa 100644 --- a/2024/CVE-2024-43153.md +++ b/2024/CVE-2024-43153.md @@ -13,5 +13,6 @@ Improper Privilege Management vulnerability in WofficeIO Woffice allows Privileg No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43155.md b/2024/CVE-2024-43155.md new file mode 100644 index 000000000..d5d9754e5 --- /dev/null +++ b/2024/CVE-2024-43155.md @@ -0,0 +1,17 @@ +### [CVE-2024-43155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43155) +![](https://img.shields.io/static/v1?label=Product&message=ComboBlocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43156.md b/2024/CVE-2024-43156.md new file mode 100644 index 000000000..55066026c --- /dev/null +++ b/2024/CVE-2024-43156.md @@ -0,0 +1,17 @@ +### [CVE-2024-43156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43156) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Grid%20Master&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43160.md b/2024/CVE-2024-43160.md index f85f58cfa..6f93fb8f6 100644 --- a/2024/CVE-2024-43160.md +++ b/2024/CVE-2024-43160.md @@ -13,5 +13,6 @@ Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows C No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43161.md b/2024/CVE-2024-43161.md new file mode 100644 index 000000000..c071cce06 --- /dev/null +++ b/2024/CVE-2024-43161.md @@ -0,0 +1,17 @@ +### [CVE-2024-43161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43161) +![](https://img.shields.io/static/v1?label=Product&message=Depicter%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43163.md b/2024/CVE-2024-43163.md new file mode 100644 index 000000000..0c108a67d --- /dev/null +++ b/2024/CVE-2024-43163.md @@ -0,0 +1,17 @@ +### [CVE-2024-43163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43163) +![](https://img.shields.io/static/v1?label=Product&message=ParcelPanel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43164.md b/2024/CVE-2024-43164.md new file mode 100644 index 000000000..714951208 --- /dev/null +++ b/2024/CVE-2024-43164.md @@ -0,0 +1,17 @@ +### [CVE-2024-43164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43164) +![](https://img.shields.io/static/v1?label=Product&message=Blockspare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43165.md b/2024/CVE-2024-43165.md index 5d1ccea6e..7a9aa66bf 100644 --- a/2024/CVE-2024-43165.md +++ b/2024/CVE-2024-43165.md @@ -13,5 +13,6 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43360.md b/2024/CVE-2024-43360.md index c9c383403..c921e29cf 100644 --- a/2024/CVE-2024-43360.md +++ b/2024/CVE-2024-43360.md @@ -10,7 +10,7 @@ ZoneMinder is a free, open source closed-circuit television software application ### POC #### Reference -No PoCs from references. +- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43373.md b/2024/CVE-2024-43373.md new file mode 100644 index 000000000..dce93d38c --- /dev/null +++ b/2024/CVE-2024-43373.md @@ -0,0 +1,18 @@ +### [CVE-2024-43373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43373) +![](https://img.shields.io/static/v1?label=Product&message=webcrack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. + +### POC + +#### Reference +- https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43374.md b/2024/CVE-2024-43374.md new file mode 100644 index 000000000..eac52c4c2 --- /dev/null +++ b/2024/CVE-2024-43374.md @@ -0,0 +1,17 @@ +### [CVE-2024-43374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374) +![](https://img.shields.io/static/v1?label=Product&message=vim&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%209.1.0678%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678. + +### POC + +#### Reference +- https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43381.md b/2024/CVE-2024-43381.md new file mode 100644 index 000000000..a6ffabd2c --- /dev/null +++ b/2024/CVE-2024-43381.md @@ -0,0 +1,18 @@ +### [CVE-2024-43381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43381) +![](https://img.shields.io/static/v1?label=Product&message=rengine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-87%3A%20Improper%20Neutralization%20of%20Alternate%20XSS%20Syntax&color=brighgreen) + +### Description + +reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43807.md b/2024/CVE-2024-43807.md new file mode 100644 index 000000000..76aa5a113 --- /dev/null +++ b/2024/CVE-2024-43807.md @@ -0,0 +1,17 @@ +### [CVE-2024-43807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43807) +![](https://img.shields.io/static/v1?label=Product&message=TeamCity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.07.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brighgreen) + +### Description + +In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43808.md b/2024/CVE-2024-43808.md new file mode 100644 index 000000000..5788eae07 --- /dev/null +++ b/2024/CVE-2024-43808.md @@ -0,0 +1,17 @@ +### [CVE-2024-43808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43808) +![](https://img.shields.io/static/v1?label=Product&message=TeamCity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.07.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brighgreen) + +### Description + +In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43809.md b/2024/CVE-2024-43809.md new file mode 100644 index 000000000..67b561b20 --- /dev/null +++ b/2024/CVE-2024-43809.md @@ -0,0 +1,17 @@ +### [CVE-2024-43809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43809) +![](https://img.shields.io/static/v1?label=Product&message=TeamCity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.07.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brighgreen) + +### Description + +In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4763.md b/2024/CVE-2024-4763.md new file mode 100644 index 000000000..dd12efd71 --- /dev/null +++ b/2024/CVE-2024-4763.md @@ -0,0 +1,19 @@ +### [CVE-2024-4763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4763) +![](https://img.shields.io/static/v1?label=Product&message=Accessories%20and%20Display%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Display%20Control%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.3.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.29082.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4781.md b/2024/CVE-2024-4781.md new file mode 100644 index 000000000..f6ef37435 --- /dev/null +++ b/2024/CVE-2024-4781.md @@ -0,0 +1,17 @@ +### [CVE-2024-4781](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4781) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4782.md b/2024/CVE-2024-4782.md new file mode 100644 index 000000000..fe84d6237 --- /dev/null +++ b/2024/CVE-2024-4782.md @@ -0,0 +1,17 @@ +### [CVE-2024-4782](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4782) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5157.md b/2024/CVE-2024-5157.md new file mode 100644 index 000000000..25a006599 --- /dev/null +++ b/2024/CVE-2024-5157.md @@ -0,0 +1,17 @@ +### [CVE-2024-5157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5157) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=125.0.6422.76%3C%20125.0.6422.76%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/336012573 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5158.md b/2024/CVE-2024-5158.md new file mode 100644 index 000000000..d76d64232 --- /dev/null +++ b/2024/CVE-2024-5158.md @@ -0,0 +1,17 @@ +### [CVE-2024-5158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5158) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=125.0.6422.76%3C%20125.0.6422.76%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/338908243 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5209.md b/2024/CVE-2024-5209.md new file mode 100644 index 000000000..0004f56fc --- /dev/null +++ b/2024/CVE-2024-5209.md @@ -0,0 +1,17 @@ +### [CVE-2024-5209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5209) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5210.md b/2024/CVE-2024-5210.md new file mode 100644 index 000000000..5d852d5f6 --- /dev/null +++ b/2024/CVE-2024-5210.md @@ -0,0 +1,17 @@ +### [CVE-2024-5210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5210) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5691.md b/2024/CVE-2024-5691.md new file mode 100644 index 000000000..a1695aa63 --- /dev/null +++ b/2024/CVE-2024-5691.md @@ -0,0 +1,20 @@ +### [CVE-2024-5691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5691) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20127%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Sandboxed%20iframes%20were%20able%20to%20bypass%20sandbox%20restrictions%20to%20open%20a%20new%20window&color=brighgreen) + +### Description + +By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5936.md b/2024/CVE-2024-5936.md new file mode 100644 index 000000000..dc1a6fe0c --- /dev/null +++ b/2024/CVE-2024-5936.md @@ -0,0 +1,17 @@ +### [CVE-2024-5936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5936) +![](https://img.shields.io/static/v1?label=Product&message=imartinez%2Fprivategpt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site&color=brighgreen) + +### Description + +An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6004.md b/2024/CVE-2024-6004.md new file mode 100644 index 000000000..c1f8edf8d --- /dev/null +++ b/2024/CVE-2024-6004.md @@ -0,0 +1,17 @@ +### [CVE-2024-6004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6004) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6098.md b/2024/CVE-2024-6098.md new file mode 100644 index 000000000..6075f60f8 --- /dev/null +++ b/2024/CVE-2024-6098.md @@ -0,0 +1,21 @@ +### [CVE-2024-6098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6098) +![](https://img.shields.io/static/v1?label=Product&message=IGS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Kepware%20KEPServerEX&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Kepware%20ThingWorx%20Kepware%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TOP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20V6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20V7.6x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6188.md b/2024/CVE-2024-6188.md index e6a821171..824c1e3d4 100644 --- a/2024/CVE-2024-6188.md +++ b/2024/CVE-2024-6188.md @@ -11,6 +11,7 @@ A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as #### Reference - https://kiwiyumi.com/post/tracksys-export-source-code/ +- https://vuldb.com/?submit.354924 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6347.md b/2024/CVE-2024-6347.md new file mode 100644 index 000000000..e970d3358 --- /dev/null +++ b/2024/CVE-2024-6347.md @@ -0,0 +1,18 @@ +### [CVE-2024-6347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6347) +![](https://img.shields.io/static/v1?label=Product&message=Altima&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6384.md b/2024/CVE-2024-6384.md new file mode 100644 index 000000000..6a756972c --- /dev/null +++ b/2024/CVE-2024-6384.md @@ -0,0 +1,17 @@ +### [CVE-2024-6384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6384) +![](https://img.shields.io/static/v1?label=Product&message=MongoDB%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.0%3C%206.0.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen) + +### Description + +"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6387.md b/2024/CVE-2024-6387.md index c8fab8b6e..886a2d544 100644 --- a/2024/CVE-2024-6387.md +++ b/2024/CVE-2024-6387.md @@ -44,6 +44,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back - https://github.com/azurejoga/CVE-2024-6387-how-to-fix +- https://github.com/beac0n/ruroco - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/cybereagle2001/KQL-Security-Querries - https://github.com/enomothem/PenTestNote diff --git a/2024/CVE-2024-6459.md b/2024/CVE-2024-6459.md new file mode 100644 index 000000000..54cd22ead --- /dev/null +++ b/2024/CVE-2024-6459.md @@ -0,0 +1,17 @@ +### [CVE-2024-6459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6459) +![](https://img.shields.io/static/v1?label=Product&message=News%20Element%20Elementor%20Blog%20Magazine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6460.md b/2024/CVE-2024-6460.md new file mode 100644 index 000000000..8df91c092 --- /dev/null +++ b/2024/CVE-2024-6460.md @@ -0,0 +1,17 @@ +### [CVE-2024-6460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6460) +![](https://img.shields.io/static/v1?label=Product&message=Grow%20by%20Tradedoubler&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6724.md b/2024/CVE-2024-6724.md index 73ff5f844..53756b5a3 100644 --- a/2024/CVE-2024-6724.md +++ b/2024/CVE-2024-6724.md @@ -13,5 +13,6 @@ The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape - https://wpscan.com/vulnerability/0cb3158a-263d-4c4a-8029-62b453c281cb/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6990.md b/2024/CVE-2024-6990.md new file mode 100644 index 000000000..69d3a487d --- /dev/null +++ b/2024/CVE-2024-6990.md @@ -0,0 +1,17 @@ +### [CVE-2024-6990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6990) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=127.0.6533.88%3C%20127.0.6533.88%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uninitialized%20Use&color=brighgreen) + +### Description + +Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7063.md b/2024/CVE-2024-7063.md new file mode 100644 index 000000000..0760bcf72 --- /dev/null +++ b/2024/CVE-2024-7063.md @@ -0,0 +1,17 @@ +### [CVE-2024-7063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7063) +![](https://img.shields.io/static/v1?label=Product&message=ElementsKit%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7064.md b/2024/CVE-2024-7064.md new file mode 100644 index 000000000..a2f44fdbb --- /dev/null +++ b/2024/CVE-2024-7064.md @@ -0,0 +1,17 @@ +### [CVE-2024-7064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7064) +![](https://img.shields.io/static/v1?label=Product&message=ElementsKit%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7136.md b/2024/CVE-2024-7136.md new file mode 100644 index 000000000..5e2298a49 --- /dev/null +++ b/2024/CVE-2024-7136.md @@ -0,0 +1,17 @@ +### [CVE-2024-7136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7136) +![](https://img.shields.io/static/v1?label=Product&message=JetSearch&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7144.md b/2024/CVE-2024-7144.md new file mode 100644 index 000000000..55ca09340 --- /dev/null +++ b/2024/CVE-2024-7144.md @@ -0,0 +1,18 @@ +### [CVE-2024-7144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7144) +![](https://img.shields.io/static/v1?label=Product&message=JetElements&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7145.md b/2024/CVE-2024-7145.md new file mode 100644 index 000000000..c41d8ce67 --- /dev/null +++ b/2024/CVE-2024-7145.md @@ -0,0 +1,18 @@ +### [CVE-2024-7145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7145) +![](https://img.shields.io/static/v1?label=Product&message=JetElements&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7146.md b/2024/CVE-2024-7146.md new file mode 100644 index 000000000..3b905f457 --- /dev/null +++ b/2024/CVE-2024-7146.md @@ -0,0 +1,17 @@ +### [CVE-2024-7146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7146) +![](https://img.shields.io/static/v1?label=Product&message=JetTabs%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7147.md b/2024/CVE-2024-7147.md new file mode 100644 index 000000000..0446b613f --- /dev/null +++ b/2024/CVE-2024-7147.md @@ -0,0 +1,17 @@ +### [CVE-2024-7147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7147) +![](https://img.shields.io/static/v1?label=Product&message=JetBlocks%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7255.md b/2024/CVE-2024-7255.md new file mode 100644 index 000000000..579bc76ec --- /dev/null +++ b/2024/CVE-2024-7255.md @@ -0,0 +1,17 @@ +### [CVE-2024-7255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7255) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=127.0.6533.88%3C%20127.0.6533.88%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20read&color=brighgreen) + +### Description + +Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7262.md b/2024/CVE-2024-7262.md new file mode 100644 index 000000000..c65315930 --- /dev/null +++ b/2024/CVE-2024-7262.md @@ -0,0 +1,17 @@ +### [CVE-2024-7262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7262) +![](https://img.shields.io/static/v1?label=Product&message=WPS%20Office&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory&color=brighgreen) + +### Description + +Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7263.md b/2024/CVE-2024-7263.md new file mode 100644 index 000000000..a875134c5 --- /dev/null +++ b/2024/CVE-2024-7263.md @@ -0,0 +1,17 @@ +### [CVE-2024-7263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7263) +![](https://img.shields.io/static/v1?label=Product&message=WPS%20Office&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=12.2.0.13110%3C%2012.2.0.17153%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory&color=brighgreen) + +### Description + +Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17153 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7301.md b/2024/CVE-2024-7301.md new file mode 100644 index 000000000..a7172cc24 --- /dev/null +++ b/2024/CVE-2024-7301.md @@ -0,0 +1,17 @@ +### [CVE-2024-7301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7301) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20File%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.24.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7411.md b/2024/CVE-2024-7411.md new file mode 100644 index 000000000..cc914b504 --- /dev/null +++ b/2024/CVE-2024-7411.md @@ -0,0 +1,17 @@ +### [CVE-2024-7411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7411) +![](https://img.shields.io/static/v1?label=Product&message=Newsletters&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.9.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7420.md b/2024/CVE-2024-7420.md new file mode 100644 index 000000000..5963b5111 --- /dev/null +++ b/2024/CVE-2024-7420.md @@ -0,0 +1,17 @@ +### [CVE-2024-7420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7420) +![](https://img.shields.io/static/v1?label=Product&message=Insert%20PHP%20Code%20Snippet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7422.md b/2024/CVE-2024-7422.md new file mode 100644 index 000000000..dd60a4273 --- /dev/null +++ b/2024/CVE-2024-7422.md @@ -0,0 +1,17 @@ +### [CVE-2024-7422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7422) +![](https://img.shields.io/static/v1?label=Product&message=Theme%20My%20Login&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7501.md b/2024/CVE-2024-7501.md new file mode 100644 index 000000000..461cc4cfc --- /dev/null +++ b/2024/CVE-2024-7501.md @@ -0,0 +1,17 @@ +### [CVE-2024-7501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7501) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Plugins%20and%20Themes%20in%20ZIP%20from%20Dashboard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7590.md b/2024/CVE-2024-7590.md index 9be06b5a6..8f0386761 100644 --- a/2024/CVE-2024-7590.md +++ b/2024/CVE-2024-7590.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7624.md b/2024/CVE-2024-7624.md new file mode 100644 index 000000000..c3034d672 --- /dev/null +++ b/2024/CVE-2024-7624.md @@ -0,0 +1,17 @@ +### [CVE-2024-7624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7624) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr%20Project%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.101%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen) + +### Description + +The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7628.md b/2024/CVE-2024-7628.md new file mode 100644 index 000000000..d41ce95e0 --- /dev/null +++ b/2024/CVE-2024-7628.md @@ -0,0 +1,17 @@ +### [CVE-2024-7628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7628) +![](https://img.shields.io/static/v1?label=Product&message=MStore%20API%20%E2%80%93%20Create%20Native%20Android%20%26%20iOS%20Apps%20On%20The%20Cloud&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.15.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to an @flutter.io email address or phone number. This also requires firebase to be configured on the website and the user to have set up firebase for their account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7630.md b/2024/CVE-2024-7630.md new file mode 100644 index 000000000..599f66c9a --- /dev/null +++ b/2024/CVE-2024-7630.md @@ -0,0 +1,17 @@ +### [CVE-2024-7630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7630) +![](https://img.shields.io/static/v1?label=Product&message=Relevanssi%20%E2%80%93%20A%20Better%20Search&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.22.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7709.md b/2024/CVE-2024-7709.md index f1382bce3..163feddf8 100644 --- a/2024/CVE-2024-7709.md +++ b/2024/CVE-2024-7709.md @@ -5,7 +5,7 @@ ### Description -A vulnerability, which was classified as problematic, has been found in OcoMon 4.0. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component. +A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component. ### POC diff --git a/2024/CVE-2024-7813.md b/2024/CVE-2024-7813.md new file mode 100644 index 000000000..4bf2bc214 --- /dev/null +++ b/2024/CVE-2024-7813.md @@ -0,0 +1,17 @@ +### [CVE-2024-7813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7813) +![](https://img.shields.io/static/v1?label=Product&message=Prison%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7829.md b/2024/CVE-2024-7829.md new file mode 100644 index 000000000..11aa51189 --- /dev/null +++ b/2024/CVE-2024-7829.md @@ -0,0 +1,36 @@ +### [CVE-2024-7829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7829) +![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7830.md b/2024/CVE-2024-7830.md new file mode 100644 index 000000000..ea0302919 --- /dev/null +++ b/2024/CVE-2024-7830.md @@ -0,0 +1,36 @@ +### [CVE-2024-7830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7830) +![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7831.md b/2024/CVE-2024-7831.md new file mode 100644 index 000000000..e16d519aa --- /dev/null +++ b/2024/CVE-2024-7831.md @@ -0,0 +1,36 @@ +### [CVE-2024-7831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7831) +![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7832.md b/2024/CVE-2024-7832.md new file mode 100644 index 000000000..35878e33d --- /dev/null +++ b/2024/CVE-2024-7832.md @@ -0,0 +1,36 @@ +### [CVE-2024-7832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7832) +![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7833.md b/2024/CVE-2024-7833.md new file mode 100644 index 000000000..627f00644 --- /dev/null +++ b/2024/CVE-2024-7833.md @@ -0,0 +1,17 @@ +### [CVE-2024-7833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7833) +![](https://img.shields.io/static/v1?label=Product&message=DI-8100&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7868.md b/2024/CVE-2024-7868.md new file mode 100644 index 000000000..cb3fc3aec --- /dev/null +++ b/2024/CVE-2024-7868.md @@ -0,0 +1,17 @@ +### [CVE-2024-7868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7868) +![](https://img.shields.io/static/v1?label=Product&message=Xpdf&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%204.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-908%20Use%20of%20Uninitialized%20Resource&color=brighgreen) + +### Description + +In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. + +### POC + +#### Reference +- https://www.xpdfreader.com/security-bug/CVE-2024-7868.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7886.md b/2024/CVE-2024-7886.md new file mode 100644 index 000000000..975166df6 --- /dev/null +++ b/2024/CVE-2024-7886.md @@ -0,0 +1,17 @@ +### [CVE-2024-7886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7886) +![](https://img.shields.io/static/v1?label=Product&message=Beyond%20Compare&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.3.5.15075%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%20Uncontrolled%20Search%20Path&color=brighgreen) + +### Description + +** DISPUTED ** A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7887.md b/2024/CVE-2024-7887.md new file mode 100644 index 000000000..ac23165ea --- /dev/null +++ b/2024/CVE-2024-7887.md @@ -0,0 +1,17 @@ +### [CVE-2024-7887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7887) +![](https://img.shields.io/static/v1?label=Product&message=LimeSurvey&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3.0-231016%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index 4067916d0..3274a381b 100644 --- a/github.txt +++ b/github.txt @@ -1196,6 +1196,7 @@ CVE-2004-2549 - https://github.com/CVEDB/PoC-List CVE-2004-2549 - https://github.com/CVEDB/awesome-cve-repo CVE-2004-2662 - https://github.com/ARPSyndicate/cvemon CVE-2004-2662 - https://github.com/chnzzh/OpenSSL-CVE-lib +CVE-2004-2687 - https://github.com/20142995/nuclei-templates CVE-2004-2687 - https://github.com/4n0nym0u5dk/distccd_rce_CVE-2004-2687 CVE-2004-2687 - https://github.com/ARPSyndicate/cvemon CVE-2004-2687 - https://github.com/CVEDB/PoC-List @@ -96916,6 +96917,7 @@ CVE-2020-9496 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2020-9496 - https://github.com/pen4uin/vulnerability-research CVE-2020-9496 - https://github.com/pen4uin/vulnerability-research-list CVE-2020-9496 - https://github.com/s4dbrd/CVE-2020-9496 +CVE-2020-9496 - https://github.com/securelayer7/CVE-Analysis CVE-2020-9496 - https://github.com/sobinge/nuclei-templates CVE-2020-9496 - https://github.com/soosmile/POC CVE-2020-9496 - https://github.com/tanjiti/sec_profile @@ -110510,6 +110512,7 @@ CVE-2021-3493 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits CVE-2021-3493 - https://github.com/KayCHENvip/vulnerability-poc CVE-2021-3493 - https://github.com/Metarget/metarget CVE-2021-3493 - https://github.com/Miraitowa70/POC-Notes +CVE-2021-3493 - https://github.com/Mr-Tree-S/POC_EXP CVE-2021-3493 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2021-3493 - https://github.com/N1NJ10/eJPT_Prep CVE-2021-3493 - https://github.com/NaInSec/CVE-PoC-in-GitHub @@ -136551,6 +136554,7 @@ CVE-2022-33987 - https://github.com/ARPSyndicate/cvemon CVE-2022-33987 - https://github.com/davidrgfoss/davidrgfoss CVE-2022-33987 - https://github.com/davidrgfoss/davidrgfoss-web CVE-2022-33987 - https://github.com/seal-community/patches +CVE-2022-3399 - https://github.com/20142995/nuclei-templates CVE-2022-34008 - https://github.com/ARPSyndicate/cvemon CVE-2022-34020 - https://github.com/karimhabush/cyberowl CVE-2022-34024 - https://github.com/ARPSyndicate/cvemon @@ -138911,6 +138915,7 @@ CVE-2022-38688 - https://github.com/ARPSyndicate/cvemon CVE-2022-38688 - https://github.com/pokerfacett/MY_CVE_CREDIT CVE-2022-38689 - https://github.com/ARPSyndicate/cvemon CVE-2022-38689 - https://github.com/pokerfacett/MY_CVE_CREDIT +CVE-2022-3869 - https://github.com/20142995/nuclei-templates CVE-2022-38691 - https://github.com/TomKing062/CVE-2022-38691_38692 CVE-2022-38691 - https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader CVE-2022-38694 - https://github.com/4bitFox/hisense_a7cc @@ -144961,6 +144966,7 @@ CVE-2023-22518 - https://github.com/duggytuxy/malicious_ip_addresses CVE-2023-22518 - https://github.com/nitish778191/fitness_app CVE-2023-22518 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-22518 - https://github.com/sanjai-AK47/CVE-2023-22518 +CVE-2023-22518 - https://github.com/securelayer7/CVE-Analysis CVE-2023-22518 - https://github.com/securitycipher/daily-bugbounty-writeups CVE-2023-22518 - https://github.com/tanjiti/sec_profile CVE-2023-22518 - https://github.com/thecybertix/One-Liner-Collections @@ -146538,6 +146544,7 @@ CVE-2023-26360 - https://github.com/iluaster/getdrive_PoC CVE-2023-26360 - https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit CVE-2023-26360 - https://github.com/karimhabush/cyberowl CVE-2023-26360 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-26360 - https://github.com/securelayer7/CVE-Analysis CVE-2023-26360 - https://github.com/yosef0x01/CVE-2023-26360 CVE-2023-26361 - https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit CVE-2023-26369 - https://github.com/Ostorlab/KEV @@ -151342,6 +151349,7 @@ CVE-2023-38831 - https://github.com/r1yaz/winDED CVE-2023-38831 - https://github.com/ruycr4ft/CVE-2023-38831 CVE-2023-38831 - https://github.com/s4m98/winrar-cve-2023-38831-poc-gen CVE-2023-38831 - https://github.com/sadnansakin/Winrar_0-day_RCE_Exploitation +CVE-2023-38831 - https://github.com/securelayer7/CVE-Analysis CVE-2023-38831 - https://github.com/sh770/CVE-2023-38831 CVE-2023-38831 - https://github.com/solomon12354/VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC CVE-2023-38831 - https://github.com/takinrom/nto2024-user4-report @@ -151399,6 +151407,7 @@ CVE-2023-39114 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39115 - https://github.com/Raj789-sec/CVE-2023-39115 CVE-2023-39115 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-39122 - https://github.com/DojoSecurity/DojoSecurity +CVE-2023-39125 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-3914 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39141 - https://github.com/codeb0ss/CVE-2023-39141-PoC CVE-2023-39141 - https://github.com/nomi-sec/PoC-in-GitHub @@ -151406,6 +151415,7 @@ CVE-2023-39143 - https://github.com/codeb0ss/CVE-2023-39143 CVE-2023-39143 - https://github.com/netlas-io/netlas-dorks CVE-2023-39143 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-39143 - https://github.com/nvn1729/advisories +CVE-2023-39143 - https://github.com/securelayer7/CVE-Analysis CVE-2023-39144 - https://github.com/cduram/CVE-2023-39144 CVE-2023-39144 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-39150 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -152711,6 +152721,7 @@ CVE-2023-42917 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-42917 - https://github.com/RENANZG/My-Forensics CVE-2023-42920 - https://github.com/NaInSec/CVE-LIST CVE-2023-42926 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-42929 - https://github.com/beerisgood/macOS_Hardening CVE-2023-4293 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-42931 - https://github.com/d0rb/CVE-2023-42931 CVE-2023-42931 - https://github.com/houjingyi233/macOS-iOS-system-security @@ -154770,6 +154781,7 @@ CVE-2023-49070 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2023-49070 - https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass CVE-2023-49070 - https://github.com/mintoolkit/mint CVE-2023-49070 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-49070 - https://github.com/securelayer7/CVE-Analysis CVE-2023-49070 - https://github.com/slimtoolkit/slim CVE-2023-49070 - https://github.com/tanjiti/sec_profile CVE-2023-49070 - https://github.com/tw0point/BadBizness-CVE-2023-51467 @@ -155617,6 +155629,7 @@ CVE-2023-51467 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2023-51467 - https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass CVE-2023-51467 - https://github.com/murayr/Bizness CVE-2023-51467 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-51467 - https://github.com/securelayer7/CVE-Analysis CVE-2023-51467 - https://github.com/tanjiti/sec_profile CVE-2023-51467 - https://github.com/tw0point/BadBizness-CVE-2023-51467 CVE-2023-51467 - https://github.com/txuswashere/OSCP @@ -156257,6 +156270,7 @@ CVE-2023-5857 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5858 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5859 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5860 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-5863 - https://github.com/20142995/nuclei-templates CVE-2023-5868 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5869 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5870 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -156801,6 +156815,7 @@ CVE-2023-7032 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7042 - https://github.com/NaInSec/CVE-LIST CVE-2023-7043 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-7049 - https://github.com/20142995/nuclei-templates CVE-2023-7052 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7053 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7054 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164754,6 +164769,7 @@ CVE-2024-23897 - https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-rea CVE-2024-23897 - https://github.com/quentin33980/ToolBox-qgt CVE-2024-23897 - https://github.com/raheel0x01/CVE-2024-23897 CVE-2024-23897 - https://github.com/sampsonv/github-trending +CVE-2024-23897 - https://github.com/securelayer7/CVE-Analysis CVE-2024-23897 - https://github.com/securitycipher/daily-bugbounty-writeups CVE-2024-23897 - https://github.com/stevenvegar/Jenkins_scripts CVE-2024-23897 - https://github.com/tanjiti/sec_profile @@ -165309,6 +165325,7 @@ CVE-2024-25062 - https://github.com/lucacome/lucacome CVE-2024-25063 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25064 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25065 - https://github.com/Threekiii/CVE +CVE-2024-25065 - https://github.com/securelayer7/CVE-Analysis CVE-2024-25065 - https://github.com/tanjiti/sec_profile CVE-2024-25073 - https://github.com/N3vv/N3vv CVE-2024-25074 - https://github.com/N3vv/N3vv @@ -166645,10 +166662,12 @@ CVE-2024-27322 - https://github.com/vin01/bogus-cves CVE-2024-27347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27348 - https://github.com/Ostorlab/KEV CVE-2024-27348 - https://github.com/Zeyad-Azima/CVE-2024-27348 +CVE-2024-27348 - https://github.com/apiverve/news-API CVE-2024-27348 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27348 - https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE CVE-2024-27348 - https://github.com/kljunowsky/CVE-2024-27348 CVE-2024-27348 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-27348 - https://github.com/securelayer7/CVE-Analysis CVE-2024-27348 - https://github.com/wjlin0/poc-doc CVE-2024-27348 - https://github.com/wy876/POC CVE-2024-27348 - https://github.com/wy876/wiki @@ -169535,6 +169554,7 @@ CVE-2024-34310 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34312 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34313 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34329 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-34331 - https://github.com/beerisgood/macOS_Hardening CVE-2024-34341 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34342 - https://github.com/GhostTroops/TOP CVE-2024-34342 - https://github.com/LOURC0D3/CVE-2024-4367-PoC @@ -169648,6 +169668,7 @@ CVE-2024-34829 - https://github.com/ntrampham/Eramba CVE-2024-3483 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34832 - https://github.com/julio-cfa/CVE-2024-34832 CVE-2024-34832 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-34833 - https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce CVE-2024-34833 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3484 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3485 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170108,6 +170129,7 @@ CVE-2024-38077 - https://github.com/silentEAG/awesome-stars CVE-2024-38077 - https://github.com/tanjiti/sec_profile CVE-2024-38100 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38100 - https://github.com/tanjiti/sec_profile +CVE-2024-38112 - https://github.com/apiverve/news-API CVE-2024-38112 - https://github.com/thepcn3rd/goAdventures CVE-2024-38123 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38125 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170131,6 +170153,7 @@ CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3823 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3824 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38276 - https://github.com/cli-ish/cli-ish +CVE-2024-38288 - https://github.com/20142995/nuclei-templates CVE-2024-38319 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3833 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170162,6 +170185,7 @@ CVE-2024-38489 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-38490 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-38501 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38502 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38514 - https://github.com/20142995/nuclei-templates CVE-2024-38530 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38537 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3854 - https://github.com/googleprojectzero/fuzzilli @@ -170793,8 +170817,32 @@ CVE-2024-42247 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42258 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42259 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4226 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42299 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42300 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42301 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42302 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42303 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42304 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42305 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42306 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42307 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42308 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42309 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4231 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42310 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42311 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42312 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42313 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42314 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42315 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42316 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42317 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42318 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42319 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4232 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42320 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42321 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42322 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4234 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4235 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170847,6 +170895,8 @@ CVE-2024-4257 - https://github.com/wjlin0/poc-doc CVE-2024-4257 - https://github.com/wy876/POC CVE-2024-4257 - https://github.com/wy876/wiki CVE-2024-4265 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42657 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42658 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42676 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42677 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42678 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171500,6 +171550,7 @@ CVE-2024-5861 - https://github.com/20142995/nuclei-templates CVE-2024-5893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5894 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5895 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5936 - https://github.com/20142995/nuclei-templates CVE-2024-5947 - https://github.com/komodoooo/Some-things CVE-2024-5947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171579,6 +171630,7 @@ CVE-2024-6387 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2024-6387 - https://github.com/Threekiii/CVE CVE-2024-6387 - https://github.com/TrojanAZhen/Self_Back CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix +CVE-2024-6387 - https://github.com/beac0n/ruroco CVE-2024-6387 - https://github.com/bigb0x/CVE-2024-6387 CVE-2024-6387 - https://github.com/cybereagle2001/KQL-Security-Querries CVE-2024-6387 - https://github.com/enomothem/PenTestNote @@ -171639,6 +171691,7 @@ CVE-2024-6703 - https://github.com/fluentform/fluentform CVE-2024-6706 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6707 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6710 - https://github.com/20142995/nuclei-templates +CVE-2024-6711 - https://github.com/20142995/nuclei-templates CVE-2024-6722 - https://github.com/20142995/nuclei-templates CVE-2024-6724 - https://github.com/20142995/nuclei-templates CVE-2024-6724 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171725,8 +171778,13 @@ CVE-2024-7094 - https://github.com/20142995/nuclei-templates CVE-2024-7094 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7136 - https://github.com/20142995/nuclei-templates +CVE-2024-7144 - https://github.com/20142995/nuclei-templates CVE-2024-7144 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7145 - https://github.com/20142995/nuclei-templates CVE-2024-7145 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7146 - https://github.com/20142995/nuclei-templates +CVE-2024-7147 - https://github.com/20142995/nuclei-templates CVE-2024-7150 - https://github.com/20142995/nuclei-templates CVE-2024-7160 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7164 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171757,6 +171815,7 @@ CVE-2024-7265 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7266 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7267 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7297 - https://github.com/JoshuaMart/JoshuaMart +CVE-2024-7301 - https://github.com/20142995/nuclei-templates CVE-2024-7313 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7317 - https://github.com/20142995/nuclei-templates CVE-2024-7317 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171800,6 +171859,7 @@ CVE-2024-7413 - https://github.com/20142995/nuclei-templates CVE-2024-7414 - https://github.com/20142995/nuclei-templates CVE-2024-7416 - https://github.com/20142995/nuclei-templates CVE-2024-7420 - https://github.com/20142995/nuclei-templates +CVE-2024-7422 - https://github.com/20142995/nuclei-templates CVE-2024-7436 - https://github.com/tanjiti/sec_profile CVE-2024-7439 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7442 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171835,6 +171895,7 @@ CVE-2024-7490 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7492 - https://github.com/20142995/nuclei-templates CVE-2024-7498 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7499 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7501 - https://github.com/20142995/nuclei-templates CVE-2024-7502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7503 - https://github.com/20142995/nuclei-templates CVE-2024-7518 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171877,9 +171938,14 @@ CVE-2024-7610 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7621 - https://github.com/20142995/nuclei-templates CVE-2024-7624 - https://github.com/20142995/nuclei-templates CVE-2024-7628 - https://github.com/20142995/nuclei-templates +CVE-2024-7630 - https://github.com/20142995/nuclei-templates CVE-2024-7648 - https://github.com/20142995/nuclei-templates CVE-2024-7649 - https://github.com/20142995/nuclei-templates +CVE-2024-7690 - https://github.com/20142995/nuclei-templates +CVE-2024-7691 - https://github.com/20142995/nuclei-templates +CVE-2024-7692 - https://github.com/20142995/nuclei-templates CVE-2024-7697 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7703 - https://github.com/lfillaz/CVE-2024-7703 CVE-2024-7704 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7705 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7706 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171897,6 +171963,10 @@ CVE-2024-7830 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7831 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7833 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7897 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index cfe7c6e09..09bf7fbf2 100644 --- a/references.txt +++ b/references.txt @@ -1541,6 +1541,7 @@ CVE-2005-0504 - https://oval.cisecurity.org/repository/search/definition/oval%3A CVE-2005-0511 - http://marc.info/?l=bugtraq&m=110910899415763&w=2 CVE-2005-0519 - http://www.securityfocus.com/bid/12487 CVE-2005-0524 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9310 +CVE-2005-0525 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703 CVE-2005-0526 - http://marc.info/?l=bugtraq&m=110917641105486&w=2 CVE-2005-0526 - http://marc.info/?l=bugtraq&m=110917702708589&w=2 CVE-2005-0526 - http://marc.info/?l=bugtraq&m=110917768511595&w=2 @@ -6119,6 +6120,7 @@ CVE-2007-0097 - http://vuln.sg/powarc964-en.html CVE-2007-0098 - https://www.exploit-db.com/exploits/3075 CVE-2007-0099 - http://isc.sans.org/diary.php?storyid=2004 CVE-2007-0099 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 +CVE-2007-0104 - http://www.ubuntu.com/usn/usn-410-1 CVE-2007-0105 - http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml CVE-2007-0106 - http://securityreason.com/securityalert/2114 CVE-2007-0107 - http://securityreason.com/securityalert/2112 @@ -40868,7 +40870,9 @@ CVE-2016-6914 - https://hackerone.com/reports/140793 CVE-2016-6914 - https://www.exploit-db.com/exploits/43390/ CVE-2016-6920 - http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html CVE-2016-7039 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html +CVE-2016-7044 - http://www.ubuntu.com/usn/USN-3086-1 CVE-2016-7044 - https://irssi.org/security/irssi_sa_2016.txt +CVE-2016-7045 - http://www.ubuntu.com/usn/USN-3086-1 CVE-2016-7045 - https://irssi.org/security/irssi_sa_2016.txt CVE-2016-7048 - https://bugzilla.redhat.com/show_bug.cgi?id=1378043 CVE-2016-7052 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html @@ -47373,6 +47377,7 @@ CVE-2017-7253 - https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b CVE-2017-7258 - https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html CVE-2017-7263 - https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/ CVE-2017-7264 - https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ +CVE-2017-7264 - https://bugs.ghostscript.com/show_bug.cgi?id=697515 CVE-2017-7269 - https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html CVE-2017-7269 - https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812 CVE-2017-7269 - https://www.exploit-db.com/exploits/41738/ @@ -63677,6 +63682,7 @@ CVE-2020-10648 - https://github.com/u-boot/u-boot/commits/master CVE-2020-10650 - https://www.oracle.com/security-alerts/cpuoct2022.html CVE-2020-10665 - https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md CVE-2020-10665 - https://github.com/spaceraccoon/CVE-2020-10665 +CVE-2020-10666 - https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE CVE-2020-10666 - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities CVE-2020-10667 - http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html CVE-2020-10668 - http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html @@ -69453,6 +69459,7 @@ CVE-2020-35828 - https://kb.netgear.com/000062678/Security-Advisory-for-Stored-C CVE-2020-35830 - https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507 CVE-2020-35831 - https://kb.netgear.com/000062679/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0508 CVE-2020-35837 - https://kb.netgear.com/000062650/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0499 +CVE-2020-35842 - https://kb.netgear.com/000062713/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0015 CVE-2020-35846 - http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html CVE-2020-35847 - http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html CVE-2020-35847 - http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html @@ -85826,6 +85833,7 @@ CVE-2022-3668 - https://github.com/axiomatic-systems/Bento4/files/9640968/Bug_1_ CVE-2022-3668 - https://github.com/axiomatic-systems/Bento4/issues/776 CVE-2022-3669 - https://github.com/axiomatic-systems/Bento4/files/9675042/Bug_2_POC.zip CVE-2022-3669 - https://github.com/axiomatic-systems/Bento4/issues/776 +CVE-2022-3669 - https://vuldb.com/?id.212009 CVE-2022-3670 - https://github.com/axiomatic-systems/Bento4/files/9675049/Bug_3_POC.zip CVE-2022-3670 - https://github.com/axiomatic-systems/Bento4/issues/776 CVE-2022-3670 - https://vuldb.com/?id.212010 @@ -86027,6 +86035,7 @@ CVE-2022-3768 - https://bulletin.iese.de/post/wp-smart-contracts_1-3-11/ CVE-2022-3768 - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3 CVE-2022-3769 - https://bulletin.iese.de/post/owm-weather_5-6-8/ CVE-2022-3769 - https://wpscan.com/vulnerability/2f9ffc1e-c8a9-47bb-a76b-d043c93e63f8 +CVE-2022-3770 - https://vuldb.com/?id.212500 CVE-2022-37700 - https://medium.com/@sc0p3hacker/cve-2022-37700-directory-transversal-in-zentao-easy-soft-alm-2573c1f0fc21 CVE-2022-37703 - https://github.com/MaherAzzouzi/CVE-2022-37703 CVE-2022-37704 - https://github.com/MaherAzzouzi/CVE-2022-37704 @@ -86126,6 +86135,7 @@ CVE-2022-3814 - https://vuldb.com/?id.212680 CVE-2022-38143 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 CVE-2022-3815 - https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip CVE-2022-3815 - https://github.com/axiomatic-systems/Bento4/issues/792 +CVE-2022-3815 - https://vuldb.com/?id.212681 CVE-2022-38152 - http://packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html CVE-2022-38152 - https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/ CVE-2022-38153 - http://packetstormsecurity.com/files/170605/wolfSSL-5.3.0-Denial-Of-Service.html @@ -93776,6 +93786,7 @@ CVE-2023-4185 - https://vuldb.com/?id.236220 CVE-2023-4187 - https://huntr.dev/bounties/14941381-b669-4756-94fc-cce172472f8b CVE-2023-41879 - https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp CVE-2023-4188 - https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf +CVE-2023-41884 - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96 CVE-2023-41885 - https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-h7cm-mrvq-wcfr CVE-2023-41886 - https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m CVE-2023-41887 - https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5 @@ -95117,6 +95128,7 @@ CVE-2023-50061 - https://security.friendsofpresta.org/modules/2024/02/08/opartea CVE-2023-50069 - https://github.com/holomekc/wiremock/issues/51 CVE-2023-50072 - https://github.com/ahrixia/CVE-2023-50072 CVE-2023-50089 - https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md +CVE-2023-50094 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4 CVE-2023-50094 - https://www.mattz.io/posts/cve-2023-50094/ CVE-2023-50096 - https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md CVE-2023-50110 - https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357 @@ -95477,6 +95489,7 @@ CVE-2023-5261 - https://github.com/csbsong/bug_report/blob/main/sql2.md CVE-2023-5264 - https://github.com/yhy217/huakecms-vul/issues/1 CVE-2023-5265 - https://github.com/YaGaoT/cve/blob/main/sql.md CVE-2023-5267 - https://github.com/kpz-wm/cve/blob/main/sql.md +CVE-2023-5277 - https://vuldb.com/?id.240905 CVE-2023-5284 - https://vuldb.com/?id.240912 CVE-2023-5286 - https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App CVE-2023-5287 - https://vuldb.com/?id.240915 @@ -96140,6 +96153,7 @@ CVE-2024-0313 - https://kcm.trellix.com/corporate/index?page=content&id=SB10418 CVE-2024-0321 - https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 CVE-2024-0322 - https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec CVE-2024-0337 - https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/ +CVE-2024-0343 - https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing CVE-2024-0344 - https://vuldb.com/?id.250112 CVE-2024-0346 - https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing CVE-2024-0355 - https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8 @@ -98289,6 +98303,9 @@ CVE-2024-31759 - https://github.com/menghaining/PoC/blob/main/PublicCMS/publishC CVE-2024-31760 - https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 CVE-2024-31760 - https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md CVE-2024-31777 - https://github.com/FreySolarEye/Exploit-CVE-2024-31777 +CVE-2024-31798 - https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 +CVE-2024-31799 - https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 +CVE-2024-31800 - https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 CVE-2024-31804 - https://www.exploit-db.com/exploits/51977 CVE-2024-31819 - https://chocapikk.com/posts/2024/cve-2024-31819/ CVE-2024-31819 - https://github.com/Chocapikk/CVE-2024-31819 @@ -98306,6 +98323,7 @@ CVE-2024-31850 - https://www.tenable.com/security/research/tra-2024-09 CVE-2024-31852 - https://github.com/llvm/llvm-project/issues/80287 CVE-2024-31869 - http://www.openwall.com/lists/oss-security/2024/04/17/10 CVE-2024-3188 - https://wpscan.com/vulnerability/bc273e75-7faf-4eaf-8ebd-efc5d6e9261f/ +CVE-2024-31982 - https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982 CVE-2024-31989 - https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr CVE-2024-32019 - https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 CVE-2024-32020 - https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj @@ -98671,6 +98689,7 @@ CVE-2024-34714 - https://github.com/hoppscotch/hoppscotch-extension/security/adv CVE-2024-34715 - https://github.com/ethyca/fides/security/advisories/GHSA-8cm5-jfj2-26q7 CVE-2024-3472 - https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/ CVE-2024-34722 - https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957 +CVE-2024-34737 - https://android.googlesource.com/platform/frameworks/base/+/8b473b3f79642f42eeeffbfe572df6c6cbe9d79e CVE-2024-3474 - https://wpscan.com/vulnerability/e5c3e145-6738-4d85-8507-43ca1b1d5877/ CVE-2024-3475 - https://wpscan.com/vulnerability/bf540242-5306-4c94-ad50-782d0d5b127f/ CVE-2024-3476 - https://wpscan.com/vulnerability/46f74493-9082-48b2-90bc-2c1d1db64ccd/ @@ -99240,6 +99259,7 @@ CVE-2024-39688 - https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-20 CVE-2024-39699 - https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw CVE-2024-39701 - https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm CVE-2024-39705 - https://github.com/nltk/nltk/issues/3266 +CVE-2024-39708 - https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability CVE-2024-3971 - https://wpscan.com/vulnerability/5dec5719-105d-4989-a97f-bda04d223322/ CVE-2024-3972 - https://wpscan.com/vulnerability/55dfb9b5-d590-478b-bd1f-d420b79037fa/ CVE-2024-3973 - https://wpscan.com/vulnerability/8c6ce66e-091a-41da-a13d-5f80cadb499a/ @@ -99293,6 +99313,7 @@ CVE-2024-40331 - https://github.com/Tank992/cms/blob/main/66/csrf.md CVE-2024-40332 - https://github.com/Tank992/cms/blob/main/65/csrf.md CVE-2024-40333 - https://github.com/Tank992/cms/blob/main/68/csrf.md CVE-2024-40334 - https://github.com/Tank992/cms/blob/main/69/csrf.md +CVE-2024-40336 - https://github.com/Tank992/cms/blob/main/73/readme.md CVE-2024-40392 - https://github.com/CveSecLook/cve/issues/46 CVE-2024-40393 - https://github.com/CveSecLook/cve/issues/47 CVE-2024-40394 - https://github.com/CveSecLook/cve/issues/48 @@ -99667,14 +99688,55 @@ CVE-2024-42744 - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/ CVE-2024-42745 - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUPnPCfg/setUPnPCfg.md CVE-2024-42747 - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWanIeCfg/setWanIeCfg.md CVE-2024-42748 - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWiFiWpsCfg/setWiFiWpsCfg.md +CVE-2024-42843 - https://github.com/ganzhi-qcy/cve/issues/6 +CVE-2024-42849 - https://github.com/njmbb8/CVE-2024-42849/tree/main CVE-2024-4289 - https://wpscan.com/vulnerability/072785de-0ce5-42a4-a3fd-4eb1d1a2f1be/ CVE-2024-4290 - https://wpscan.com/vulnerability/a9a10d0f-d8f2-4f3e-92bf-94fc08416d87/ CVE-2024-4291 - https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md CVE-2024-4293 - https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md CVE-2024-4294 - https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_idor.md +CVE-2024-42940 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromP2pListFilter.md +CVE-2024-42941 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_pptpPPW.md +CVE-2024-42942 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/frmL7ImForm.md +CVE-2024-42943 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_PPPOEPassword.md +CVE-2024-42944 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromNatlimit.md +CVE-2024-42945 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAddressNat_page.md +CVE-2024-42946 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromVirtualSer.md +CVE-2024-42947 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/telnet.md +CVE-2024-42948 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromPptpUserSetting.md +CVE-2024-42949 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_qos.md +CVE-2024-42950 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_Go.md +CVE-2024-42951 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_mit_pptpusrpw.md +CVE-2024-42952 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_page.md +CVE-2024-42953 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_PPW.md +CVE-2024-42954 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromwebExcptypemanFilter.md +CVE-2024-42955 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_page.md +CVE-2024-42966 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/N350R/ExportSettings.md +CVE-2024-42967 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md +CVE-2024-42968 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter_Go.md +CVE-2024-42969 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter%20_page.md +CVE-2024-42973 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSetIpBind.md +CVE-2024-42974 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromwebExcptypemanFilter.md +CVE-2024-42976 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeClientFilter_page.md +CVE-2024-42977 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromqossetting_qos.md +CVE-2024-42978 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/telnet.md +CVE-2024-42979 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ProtForm.md +CVE-2024-42980 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ImForm.md +CVE-2024-42981 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserSetting.md +CVE-2024-42982 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromVirtualSer.md +CVE-2024-42983 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_pptpPPW.md +CVE-2024-42984 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromP2pListFilter.md +CVE-2024-42985 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromNatlimit.md +CVE-2024-42986 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_PPPOEPassword.md +CVE-2024-42987 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserAdd.md +CVE-2024-42994 - https://www.shielder.com/advisories/vtiger-mailmanager-sqli/ +CVE-2024-42995 - https://www.shielder.com/advisories/vtiger-migration-bac/ CVE-2024-4305 - https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/ CVE-2024-43167 - https://github.com/NLnetLabs/unbound/issues/1072 CVE-2024-43168 - https://github.com/NLnetLabs/unbound/issues/1039 +CVE-2024-43360 - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj +CVE-2024-43373 - https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w +CVE-2024-43374 - https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw CVE-2024-4340 - https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4340 - https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/ CVE-2024-4348 - https://vuldb.com/?submit.320855 @@ -99891,6 +99953,8 @@ CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38CVE-2005-1275 CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38CVE-2020-7009 CVE-2024-5151 - https://wpscan.com/vulnerability/1ede4c66-9932-4ba6-bba1-0ba13f5a2f8f/ CVE-2024-5155 - https://wpscan.com/vulnerability/f1e90a8a-d959-4316-a5d4-e183854944bd/ +CVE-2024-5157 - https://issues.chromium.org/issues/336012573 +CVE-2024-5158 - https://issues.chromium.org/issues/338908243 CVE-2024-5159 - https://issues.chromium.org/issues/335613092 CVE-2024-5167 - https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-41576675b61a/ CVE-2024-5169 - https://wpscan.com/vulnerability/f0de62e3-5e85-43f3-8e3e-e816dafb1406/ @@ -100069,6 +100133,7 @@ CVE-2024-6165 - https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802 CVE-2024-6184 - https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_a.md CVE-2024-6187 - https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_d.md CVE-2024-6188 - https://kiwiyumi.com/post/tracksys-export-source-code/ +CVE-2024-6188 - https://vuldb.com/?submit.354924 CVE-2024-6190 - https://github.com/HryspaHodor/CVE/issues/2 CVE-2024-6191 - https://github.com/HryspaHodor/CVE/issues/3 CVE-2024-6192 - https://github.com/HryspaHodor/CVE/issues/4 @@ -100109,6 +100174,8 @@ CVE-2024-6408 - https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fb CVE-2024-6412 - https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/ CVE-2024-6417 - https://github.com/xyj123a/cve/blob/main/sql.md CVE-2024-6420 - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ +CVE-2024-6459 - https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/ +CVE-2024-6460 - https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/ CVE-2024-6477 - https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ CVE-2024-6481 - https://wpscan.com/vulnerability/53357868-2bcb-48eb-8abd-83186ff8d027/ CVE-2024-6484 - https://www.herodevs.com/vulnerability-directory/cve-2024-6484 @@ -100414,5 +100481,7 @@ CVE-2024-7792 - https://github.com/joinia/webray.com.cn/blob/main/Task-Progress- CVE-2024-7794 - https://github.com/ppp-src/ha/issues/5 CVE-2024-7810 - https://github.com/Wsstiger/cve/blob/main/Tracer_sql.md CVE-2024-7811 - https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md +CVE-2024-7813 - https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md CVE-2024-7814 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md CVE-2024-7815 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md +CVE-2024-7868 - https://www.xpdfreader.com/security-bug/CVE-2024-7868.html