diff --git a/2002/CVE-2002-2443.md b/2002/CVE-2002-2443.md index 3fccb8b02..507269476 100644 --- a/2002/CVE-2002-2443.md +++ b/2002/CVE-2002-2443.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/vdanen/vex-reader diff --git a/2006/CVE-2006-3211.md b/2006/CVE-2006-3211.md new file mode 100644 index 000000000..40c81b62e --- /dev/null +++ b/2006/CVE-2006-3211.md @@ -0,0 +1,17 @@ +### [CVE-2006-3211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter. + +### POC + +#### Reference +- http://securityreason.com/securityalert/1141 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index 52ce49fa4..a6705b77a 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -20,6 +20,7 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - https://github.com/ThemeHackers/CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/giterlizzi/secdb-feeds - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2008/CVE-2008-3835.md b/2008/CVE-2008-3835.md index c355e3001..c424441a4 100644 --- a/2008/CVE-2008-3835.md +++ b/2008/CVE-2008-3835.md @@ -10,6 +10,7 @@ The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17 ### POC #### Reference +- http://www.ubuntu.com/usn/usn-647-1 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643 #### Github diff --git a/2008/CVE-2008-4058.md b/2008/CVE-2008-4058.md index 9f33b9bbd..500dcf288 100644 --- a/2008/CVE-2008-4058.md +++ b/2008/CVE-2008-4058.md @@ -11,6 +11,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679 #### Github diff --git a/2008/CVE-2008-4059.md b/2008/CVE-2008-4059.md index c2d38bec3..007a24393 100644 --- a/2008/CVE-2008-4059.md +++ b/2008/CVE-2008-4059.md @@ -10,6 +10,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attacke ### POC #### Reference +- http://www.ubuntu.com/usn/usn-647-1 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529 #### Github diff --git a/2008/CVE-2008-4060.md b/2008/CVE-2008-4060.md index 06ffc2ee7..cd170bb3a 100644 --- a/2008/CVE-2008-4060.md +++ b/2008/CVE-2008-4060.md @@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1 #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4061.md b/2008/CVE-2008-4061.md index d3b17fe3d..805605be2 100644 --- a/2008/CVE-2008-4061.md +++ b/2008/CVE-2008-4061.md @@ -11,6 +11,7 @@ Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4062.md b/2008/CVE-2008-4062.md index 5add788a6..5d8b3f677 100644 --- a/2008/CVE-2008-4062.md +++ b/2008/CVE-2008-4062.md @@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4063.md b/2008/CVE-2008-4063.md index d2f0c2196..21ef48cef 100644 --- a/2008/CVE-2008-4063.md +++ b/2008/CVE-2008-4063.md @@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4064.md b/2008/CVE-2008-4064.md index 8ad5c02f1..3f2167934 100644 --- a/2008/CVE-2008-4064.md +++ b/2008/CVE-2008-4064.md @@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 - https://bugzilla.mozilla.org/show_bug.cgi?id=441995 #### Github diff --git a/2008/CVE-2008-4065.md b/2008/CVE-2008-4065.md index b1253fd77..90c49a92f 100644 --- a/2008/CVE-2008-4065.md +++ b/2008/CVE-2008-4065.md @@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1 #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4066.md b/2008/CVE-2008-4066.md new file mode 100644 index 000000000..c9b18c148 --- /dev/null +++ b/2008/CVE-2008-4066.md @@ -0,0 +1,17 @@ +### [CVE-2008-4066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." + +### POC + +#### Reference +- http://www.ubuntu.com/usn/usn-647-1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-4067.md b/2008/CVE-2008-4067.md index e132c302a..0d207c995 100644 --- a/2008/CVE-2008-4067.md +++ b/2008/CVE-2008-4067.md @@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4068.md b/2008/CVE-2008-4068.md index 2f17c8eb3..522136d11 100644 --- a/2008/CVE-2008-4068.md +++ b/2008/CVE-2008-4068.md @@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef #### Reference - http://www.redhat.com/support/errata/RHSA-2008-0879.html +- http://www.ubuntu.com/usn/usn-647-1 #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4070.md b/2008/CVE-2008-4070.md new file mode 100644 index 000000000..8f414a69b --- /dev/null +++ b/2008/CVE-2008-4070.md @@ -0,0 +1,17 @@ +### [CVE-2008-4070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." + +### POC + +#### Reference +- http://www.ubuntu.com/usn/usn-647-1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2009/CVE-2009-1042.md b/2009/CVE-2009-1042.md new file mode 100644 index 000000000..47fbf626d --- /dev/null +++ b/2009/CVE-2009-1042.md @@ -0,0 +1,17 @@ +### [CVE-2009-1042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1042) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. + +### POC + +#### Reference +- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2009/CVE-2009-1043.md b/2009/CVE-2009-1043.md new file mode 100644 index 000000000..f8b88fb6b --- /dev/null +++ b/2009/CVE-2009-1043.md @@ -0,0 +1,17 @@ +### [CVE-2009-1043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1043) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. + +### POC + +#### Reference +- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2009/CVE-2009-1044.md b/2009/CVE-2009-1044.md index a45c4ab89..c40f1f360 100644 --- a/2009/CVE-2009-1044.md +++ b/2009/CVE-2009-1044.md @@ -10,6 +10,7 @@ Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary ### POC #### Reference +- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 - https://bugzilla.mozilla.org/show_bug.cgi?id=484320 #### Github diff --git a/2009/CVE-2009-2477.md b/2009/CVE-2009-2477.md index ee943f8ab..202310a5b 100644 --- a/2009/CVE-2009-2477.md +++ b/2009/CVE-2009-2477.md @@ -12,6 +12,7 @@ js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonk #### Reference - http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/ - http://isc.sans.org/diary.html?storyid=6796 +- http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761 - http://www.kb.cert.org/vuls/id/443060 - https://www.exploit-db.com/exploits/40936/ diff --git a/2009/CVE-2009-2966.md b/2009/CVE-2009-2966.md new file mode 100644 index 000000000..acaffd5b0 --- /dev/null +++ b/2009/CVE-2009-2966.md @@ -0,0 +1,17 @@ +### [CVE-2009-2966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2966) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. + +### POC + +#### Reference +- http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2009/CVE-2009-3878.md b/2009/CVE-2009-3878.md new file mode 100644 index 000000000..4f11d397f --- /dev/null +++ b/2009/CVE-2009-3878.md @@ -0,0 +1,17 @@ +### [CVE-2009-3878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3878) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2009/CVE-2009-3978.md b/2009/CVE-2009-3978.md new file mode 100644 index 000000000..943dd351c --- /dev/null +++ b/2009/CVE-2009-3978.md @@ -0,0 +1,17 @@ +### [CVE-2009-3978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3978) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. + +### POC + +#### Reference +- http://www.h-online.com/open/news/item/Mozilla-fixes-critical-bugs-with-Firefox-3-5-5-852070.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0221.md b/2010/CVE-2010-0221.md new file mode 100644 index 000000000..974d1f2c8 --- /dev/null +++ b/2010/CVE-2010-0221.md @@ -0,0 +1,17 @@ +### [CVE-2010-0221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0221) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0222.md b/2010/CVE-2010-0222.md new file mode 100644 index 000000000..6785c4b8b --- /dev/null +++ b/2010/CVE-2010-0222.md @@ -0,0 +1,17 @@ +### [CVE-2010-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0222) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0224.md b/2010/CVE-2010-0224.md new file mode 100644 index 000000000..34bea3cb7 --- /dev/null +++ b/2010/CVE-2010-0224.md @@ -0,0 +1,17 @@ +### [CVE-2010-0224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0224) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0225.md b/2010/CVE-2010-0225.md new file mode 100644 index 000000000..9b1e59f1b --- /dev/null +++ b/2010/CVE-2010-0225.md @@ -0,0 +1,17 @@ +### [CVE-2010-0225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0225) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0227.md b/2010/CVE-2010-0227.md new file mode 100644 index 000000000..ee686ed87 --- /dev/null +++ b/2010/CVE-2010-0227.md @@ -0,0 +1,17 @@ +### [CVE-2010-0227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0227) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0228.md b/2010/CVE-2010-0228.md new file mode 100644 index 000000000..788bed944 --- /dev/null +++ b/2010/CVE-2010-0228.md @@ -0,0 +1,17 @@ +### [CVE-2010-0228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0228) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-0832.md b/2010/CVE-2010-0832.md new file mode 100644 index 000000000..af9f76daa --- /dev/null +++ b/2010/CVE-2010-0832.md @@ -0,0 +1,17 @@ +### [CVE-2010-0832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2012/CVE-2012-0830.md b/2012/CVE-2012-0830.md index 9f0276080..baf0a3b54 100644 --- a/2012/CVE-2012-0830.md +++ b/2012/CVE-2012-0830.md @@ -11,6 +11,7 @@ The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows rem #### Reference - http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ +- http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html - https://gist.github.com/1725489 #### Github diff --git a/2012/CVE-2012-1557.md b/2012/CVE-2012-1557.md new file mode 100644 index 000000000..2696c42bf --- /dev/null +++ b/2012/CVE-2012-1557.md @@ -0,0 +1,17 @@ +### [CVE-2012-1557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1557) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. + +### POC + +#### Reference +- http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2012/CVE-2012-3137.md b/2012/CVE-2012-3137.md index 1383d1bca..f73c47f71 100644 --- a/2012/CVE-2012-3137.md +++ b/2012/CVE-2012-3137.md @@ -21,6 +21,7 @@ The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0 - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/L34kl0ve/WNMAP +- https://github.com/burnt11235/burnt11235 - https://github.com/hantwister/o5logon-fetch - https://github.com/jakuta-tech/WNMAP - https://github.com/quentinhardy/odat diff --git a/2012/CVE-2012-3716.md b/2012/CVE-2012-3716.md index 747a668c9..d6fc3c9ca 100644 --- a/2012/CVE-2012-3716.md +++ b/2012/CVE-2012-3716.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/0x90/wifi-arsenal - https://github.com/0xbitx/wifi-hacking-tools - https://github.com/ARPSyndicate/cvemon +- https://github.com/Bitsonwheels/macos-wifi-hacking-tools - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/Gafikari/wifi-hacking-tools diff --git a/2017/CVE-2017-20069.md b/2017/CVE-2017-20069.md index 37213a697..7e91d913a 100644 --- a/2017/CVE-2017-20069.md +++ b/2017/CVE-2017-20069.md @@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in Hindu Matrimonial Scrip ### POC #### Reference +- https://vuldb.com/?id.95409 - https://www.exploit-db.com/exploits/41044/ #### Github diff --git a/2017/CVE-2017-7269.md b/2017/CVE-2017-7269.md index 3c940cd60..d9cedba5c 100644 --- a/2017/CVE-2017-7269.md +++ b/2017/CVE-2017-7269.md @@ -47,6 +47,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In - https://github.com/SexyBeast233/SecBooks - https://github.com/ThanHuuTuan/CVE-2017-7269 - https://github.com/Tyro-Shan/gongkaishouji +- https://github.com/VanishedPeople/CVE-2017-7269 - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC - https://github.com/ZTK-009/RedTeamer diff --git a/2018/CVE-2018-9995.md b/2018/CVE-2018-9995.md index b2cba14fe..1e04b66c0 100644 --- a/2018/CVE-2018-9995.md +++ b/2018/CVE-2018-9995.md @@ -96,6 +96,7 @@ TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in - https://github.com/weeka10/-hktalent-TOP - https://github.com/withmasday/HTC - https://github.com/wj158/snowwolf-script +- https://github.com/wmasday/HTC - https://github.com/wr0x00/Lizard - https://github.com/wr0x00/Lsploit - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2019/CVE-2019-19851.md b/2019/CVE-2019-19851.md index 63ca8fada..a6a70ceff 100644 --- a/2019/CVE-2019-19851.md +++ b/2019/CVE-2019-19851.md @@ -10,6 +10,7 @@ An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and ### POC #### Reference +- https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities #### Github diff --git a/2020/CVE-2020-11034.md b/2020/CVE-2020-11034.md index c2b0358d5..f18078673 100644 --- a/2020/CVE-2020-11034.md +++ b/2020/CVE-2020-11034.md @@ -14,6 +14,7 @@ In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2020/CVE-2020-14179.md b/2020/CVE-2020-14179.md index 63ff04d4e..9c197fbbe 100644 --- a/2020/CVE-2020-14179.md +++ b/2020/CVE-2020-14179.md @@ -13,6 +13,7 @@ Affected versions of Atlassian Jira Server and Data Center allow remote, unauthe No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-29164.md b/2020/CVE-2020-29164.md index 923dc8684..5079d3f4c 100644 --- a/2020/CVE-2020-29164.md +++ b/2020/CVE-2020-29164.md @@ -13,6 +13,7 @@ PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site sc - https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-4463.md b/2020/CVE-2020-4463.md index ce3269f2b..2a8cd6795 100644 --- a/2020/CVE-2020-4463.md +++ b/2020/CVE-2020-4463.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/EdgeSecurityTeam/Vulnerability diff --git a/2021/CVE-2021-28918.md b/2021/CVE-2021-28918.md index b5c0f9851..0405872b6 100644 --- a/2021/CVE-2021-28918.md +++ b/2021/CVE-2021-28918.md @@ -14,6 +14,7 @@ Improper input validation of octal strings in netmask npm package v1.0.6 and bel - https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/DNTYO/F5_Vulnerability diff --git a/2021/CVE-2021-32030.md b/2021/CVE-2021-32030.md index 8fc137a87..cb4fc2b18 100644 --- a/2021/CVE-2021-32030.md +++ b/2021/CVE-2021-32030.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0day404/vulnerability-poc +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/EdgeSecurityTeam/Vulnerability diff --git a/2022/CVE-2022-1617.md b/2022/CVE-2022-1617.md index 623591b88..9554a6fb0 100644 --- a/2022/CVE-2022-1617.md +++ b/2022/CVE-2022-1617.md @@ -14,5 +14,5 @@ The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place - https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-0285.md b/2023/CVE-2023-0285.md index d526d97fe..c095f3b79 100644 --- a/2023/CVE-2023-0285.md +++ b/2023/CVE-2023-0285.md @@ -13,5 +13,5 @@ The Real Media Library WordPress plugin before 4.18.29 does not sanitise and esc - https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-2163.md b/2023/CVE-2023-2163.md index eaa572c2a..e30961377 100644 --- a/2023/CVE-2023-2163.md +++ b/2023/CVE-2023-2163.md @@ -15,7 +15,11 @@ No PoCs from references. #### Github - https://github.com/Dikens88/hopp - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/aobakwewastaken/aobakwewastaken +- https://github.com/carmilea/carmilea - https://github.com/google/buzzer - https://github.com/google/security-research +- https://github.com/kherrick/hacker-news +- https://github.com/phixion/phixion - https://github.com/shannonmullins/hopp diff --git a/2023/CVE-2023-31355.md b/2023/CVE-2023-31355.md new file mode 100644 index 000000000..18b648412 --- /dev/null +++ b/2023/CVE-2023-31355.md @@ -0,0 +1,21 @@ +### [CVE-2023-31355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31355) +![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Freax13/cve-2024-21980-poc +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-3597.md b/2023/CVE-2023-3597.md index 854ab1d2e..e602132a0 100644 --- a/2023/CVE-2023-3597.md +++ b/2023/CVE-2023-3597.md @@ -1,6 +1,5 @@ ### [CVE-2023-3597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3597) ![](https://img.shields.io/static/v1?label=Product&message=RHSSO%207.6.8&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022.0.10&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) diff --git a/2023/CVE-2023-39517.md b/2023/CVE-2023-39517.md new file mode 100644 index 000000000..995fb5048 --- /dev/null +++ b/2023/CVE-2023-39517.md @@ -0,0 +1,17 @@ +### [CVE-2023-39517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39517) +![](https://img.shields.io/static/v1?label=Product&message=joplin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `` `` links. However, unlike `` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-43654.md b/2023/CVE-2023-43654.md index 52c133587..0367d5a78 100644 --- a/2023/CVE-2023-43654.md +++ b/2023/CVE-2023-43654.md @@ -14,6 +14,7 @@ TorchServe is a tool for serving and scaling PyTorch models in production. Torch #### Github - https://github.com/OligoCyberSecurity/ShellTorchChecker +- https://github.com/giterlizzi/secdb-feeds - https://github.com/leoambrus/CheckersNomisec - https://github.com/mdisec/mdisec-twitch-yayinlari - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-45229.md b/2023/CVE-2023-45229.md index 51e959aca..55aa4a244 100644 --- a/2023/CVE-2023-45229.md +++ b/2023/CVE-2023-45229.md @@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe #### Github - https://github.com/1490kdrm/vuln_BIOs +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45230.md b/2023/CVE-2023-45230.md index f0e40335f..05e8ac666 100644 --- a/2023/CVE-2023-45230.md +++ b/2023/CVE-2023-45230.md @@ -15,5 +15,6 @@ #### Github - https://github.com/1490kdrm/vuln_BIOs - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45231.md b/2023/CVE-2023-45231.md index 70ffa6986..a95d1d13a 100644 --- a/2023/CVE-2023-45231.md +++ b/2023/CVE-2023-45231.md @@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45232.md b/2023/CVE-2023-45232.md index 4696667b4..43cbed1fe 100644 --- a/2023/CVE-2023-45232.md +++ b/2023/CVE-2023-45232.md @@ -15,5 +15,6 @@ #### Github - https://github.com/1490kdrm/vuln_BIOs - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45233.md b/2023/CVE-2023-45233.md index e666526f0..fcfc04bcd 100644 --- a/2023/CVE-2023-45233.md +++ b/2023/CVE-2023-45233.md @@ -14,5 +14,6 @@ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45234.md b/2023/CVE-2023-45234.md index a05981a33..f7613ca1f 100644 --- a/2023/CVE-2023-45234.md +++ b/2023/CVE-2023-45234.md @@ -15,5 +15,6 @@ #### Github - https://github.com/1490kdrm/vuln_BIOs - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45235.md b/2023/CVE-2023-45235.md index 166b65217..12188e82d 100644 --- a/2023/CVE-2023-45235.md +++ b/2023/CVE-2023-45235.md @@ -14,5 +14,6 @@ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition - https://github.com/quarkslab/pixiefail diff --git a/2023/CVE-2023-45236.md b/2023/CVE-2023-45236.md index d908b6848..1a182e311 100644 --- a/2023/CVE-2023-45236.md +++ b/2023/CVE-2023-45236.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/1490kdrm/vuln_BIOs +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition diff --git a/2023/CVE-2023-45237.md b/2023/CVE-2023-45237.md index ad0afcfd0..7e7210df1 100644 --- a/2023/CVE-2023-45237.md +++ b/2023/CVE-2023-45237.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/1490kdrm/vuln_BIOs +- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition diff --git a/2023/CVE-2023-47238.md b/2023/CVE-2023-47238.md new file mode 100644 index 000000000..a4ed5d333 --- /dev/null +++ b/2023/CVE-2023-47238.md @@ -0,0 +1,17 @@ +### [CVE-2023-47238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47238) +![](https://img.shields.io/static/v1?label=Product&message=Top%2010%20%E2%80%93%20WordPress%20Popular%20posts%20by%20WebberZone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2023/CVE-2023-5488.md b/2023/CVE-2023-5488.md index 4bfdc0578..a3f140508 100644 --- a/2023/CVE-2023-5488.md +++ b/2023/CVE-2023-5488.md @@ -10,6 +10,7 @@ A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Inte ### POC #### Reference +- https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md - https://vuldb.com/?id.241640 #### Github diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index 3a204ecc3..105399874 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -20,9 +20,11 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/Alicey0719/docker-POC_CVE-2024-1086 - https://github.com/BachoSeven/stellestelline - https://github.com/CCIEVoice2009/CVE-2024-1086 +- https://github.com/Disturbante/Linux-Pentest - https://github.com/EGI-Federation/SVG-advisories - https://github.com/GhostTroops/TOP - https://github.com/Hiimsonkul/Hiimsonkul +- https://github.com/Jappie3/starred - https://github.com/Notselwyn/CVE-2024-1086 - https://github.com/Notselwyn/exploits - https://github.com/Notselwyn/notselwyn diff --git a/2024/CVE-2024-21302.md b/2024/CVE-2024-21302.md new file mode 100644 index 000000000..d5317960b --- /dev/null +++ b/2024/CVE-2024-21302.md @@ -0,0 +1,32 @@ +### [CVE-2024-21302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21302) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-21978.md b/2024/CVE-2024-21978.md new file mode 100644 index 000000000..bfdcc6d98 --- /dev/null +++ b/2024/CVE-2024-21978.md @@ -0,0 +1,21 @@ +### [CVE-2024-21978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21978) +![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Freax13/cve-2024-21978-poc +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-21980.md b/2024/CVE-2024-21980.md new file mode 100644 index 000000000..0564d302b --- /dev/null +++ b/2024/CVE-2024-21980.md @@ -0,0 +1,21 @@ +### [CVE-2024-21980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21980) +![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Freax13/cve-2024-21980-poc +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-2800.md b/2024/CVE-2024-2800.md new file mode 100644 index 000000000..b443e1bb3 --- /dev/null +++ b/2024/CVE-2024-2800.md @@ -0,0 +1,17 @@ +### [CVE-2024-2800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2800) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.3%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-30078.md b/2024/CVE-2024-30078.md index ef8e75e9e..e1bd953f6 100644 --- a/2024/CVE-2024-30078.md +++ b/2024/CVE-2024-30078.md @@ -52,6 +52,7 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve - https://github.com/GhostTroops/TOP +- https://github.com/Jappie3/starred - https://github.com/blkph0x/CVE_2024_30078_POC_WIFI - https://github.com/enomothem/PenTestNote - https://github.com/lvyitian/CVE-2024-30078- diff --git a/2024/CVE-2024-3035.md b/2024/CVE-2024-3035.md new file mode 100644 index 000000000..3c0f536de --- /dev/null +++ b/2024/CVE-2024-3035.md @@ -0,0 +1,17 @@ +### [CVE-2024-3035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3035) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.12%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3094.md b/2024/CVE-2024-3094.md index eb5d73fc6..bf3a52945 100644 --- a/2024/CVE-2024-3094.md +++ b/2024/CVE-2024-3094.md @@ -36,6 +36,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/HaveFun83/awesome-stars - https://github.com/Horizon-Software-Development/CVE-2024-3094 - https://github.com/JVS23/cybsec-project-2024 +- https://github.com/Jappie3/starred - https://github.com/JonathanSiemering/stars - https://github.com/Juul/xz-backdoor-scan - https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container diff --git a/2024/CVE-2024-3114.md b/2024/CVE-2024-3114.md new file mode 100644 index 000000000..59e0c0365 --- /dev/null +++ b/2024/CVE-2024-3114.md @@ -0,0 +1,17 @@ +### [CVE-2024-3114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3114) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.10%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3219.md b/2024/CVE-2024-3219.md index 36b62b2d8..9a6ebac76 100644 --- a/2024/CVE-2024-3219.md +++ b/2024/CVE-2024-3219.md @@ -1,6 +1,6 @@ ### [CVE-2024-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3219) ![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.13.0rc1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-3359.md b/2024/CVE-2024-3359.md index b55c06358..843844403 100644 --- a/2024/CVE-2024-3359.md +++ b/2024/CVE-2024-3359.md @@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, has been found in SourceCodes ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.259463 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3400.md b/2024/CVE-2024-3400.md index 50022a8d6..81b937ccf 100644 --- a/2024/CVE-2024-3400.md +++ b/2024/CVE-2024-3400.md @@ -20,6 +20,7 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://github.com/0x0d3ad/CVE-2024-3400 - https://github.com/0xMarcio/cve - https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection +- https://github.com/20142995/nuclei-templates - https://github.com/AdaniKamal/CVE-2024-3400 - https://github.com/CONDITIONBLACK/CVE-2024-3400-POC - https://github.com/CerTusHack/CVE-2024-3400-PoC diff --git a/2024/CVE-2024-3727.md b/2024/CVE-2024-3727.md index ce2b7feed..66a424a06 100644 --- a/2024/CVE-2024-3727.md +++ b/2024/CVE-2024-3727.md @@ -15,6 +15,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%203.11&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%20Assisted%20Installer&color=blue) diff --git a/2024/CVE-2024-37664.md b/2024/CVE-2024-37664.md new file mode 100644 index 000000000..dcd074807 --- /dev/null +++ b/2024/CVE-2024-37664.md @@ -0,0 +1,17 @@ +### [CVE-2024-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37664) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. + +### POC + +#### Reference +- https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/redmi-rb03-nat-rst.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38166.md b/2024/CVE-2024-38166.md new file mode 100644 index 000000000..0d713ed9f --- /dev/null +++ b/2024/CVE-2024-38166.md @@ -0,0 +1,17 @@ +### [CVE-2024-38166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38166) +![](https://img.shields.io/static/v1?label=Product&message=Dynamics%20CRM%20Service%20Portal%20Web%20Resource&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38202.md b/2024/CVE-2024-38202.md new file mode 100644 index 000000000..4fbc5d276 --- /dev/null +++ b/2024/CVE-2024-38202.md @@ -0,0 +1,30 @@ +### [CVE-2024-38202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38202) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAudit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft LearnImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only.Access Control overview | Microsoft LearnDiscretionary Access Control Lists (DACL)Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38206.md b/2024/CVE-2024-38206.md new file mode 100644 index 000000000..c34b09f48 --- /dev/null +++ b/2024/CVE-2024-38206.md @@ -0,0 +1,17 @@ +### [CVE-2024-38206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38206) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Copilot%20Studio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38527.md b/2024/CVE-2024-38527.md new file mode 100644 index 000000000..a8245fef2 --- /dev/null +++ b/2024/CVE-2024-38527.md @@ -0,0 +1,17 @@ +### [CVE-2024-38527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38527) +![](https://img.shields.io/static/v1?label=Product&message=zenuml-core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.23.25%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25, + +### POC + +#### Reference +- https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38856.md b/2024/CVE-2024-38856.md index 449ef4324..cdd4357ec 100644 --- a/2024/CVE-2024-38856.md +++ b/2024/CVE-2024-38856.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-38881.md b/2024/CVE-2024-38881.md new file mode 100644 index 000000000..ebbdf6c8f --- /dev/null +++ b/2024/CVE-2024-38881.md @@ -0,0 +1,17 @@ +### [CVE-2024-38881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38881) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38882.md b/2024/CVE-2024-38882.md new file mode 100644 index 000000000..05a793f46 --- /dev/null +++ b/2024/CVE-2024-38882.md @@ -0,0 +1,17 @@ +### [CVE-2024-38882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38882) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38883.md b/2024/CVE-2024-38883.md new file mode 100644 index 000000000..9d6eaf26c --- /dev/null +++ b/2024/CVE-2024-38883.md @@ -0,0 +1,17 @@ +### [CVE-2024-38883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38883) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38884.md b/2024/CVE-2024-38884.md new file mode 100644 index 000000000..df3e1f7f4 --- /dev/null +++ b/2024/CVE-2024-38884.md @@ -0,0 +1,17 @@ +### [CVE-2024-38884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38884) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38886.md b/2024/CVE-2024-38886.md new file mode 100644 index 000000000..1a3871158 --- /dev/null +++ b/2024/CVE-2024-38886.md @@ -0,0 +1,17 @@ +### [CVE-2024-38886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38886) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38887.md b/2024/CVE-2024-38887.md new file mode 100644 index 000000000..9787036d5 --- /dev/null +++ b/2024/CVE-2024-38887.md @@ -0,0 +1,17 @@ +### [CVE-2024-38887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38887) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38888.md b/2024/CVE-2024-38888.md new file mode 100644 index 000000000..35f195019 --- /dev/null +++ b/2024/CVE-2024-38888.md @@ -0,0 +1,17 @@ +### [CVE-2024-38888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38888) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38889.md b/2024/CVE-2024-38889.md new file mode 100644 index 000000000..a571ded74 --- /dev/null +++ b/2024/CVE-2024-38889.md @@ -0,0 +1,17 @@ +### [CVE-2024-38889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38889) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38890.md b/2024/CVE-2024-38890.md new file mode 100644 index 000000000..fd0d79c1e --- /dev/null +++ b/2024/CVE-2024-38890.md @@ -0,0 +1,17 @@ +### [CVE-2024-38890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38890) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38891.md b/2024/CVE-2024-38891.md new file mode 100644 index 000000000..e861e6a91 --- /dev/null +++ b/2024/CVE-2024-38891.md @@ -0,0 +1,17 @@ +### [CVE-2024-38891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38891) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3958.md b/2024/CVE-2024-3958.md new file mode 100644 index 000000000..dab2b96e2 --- /dev/null +++ b/2024/CVE-2024-3958.md @@ -0,0 +1,17 @@ +### [CVE-2024-3958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3958) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41989.md b/2024/CVE-2024-41989.md new file mode 100644 index 000000000..95d228d06 --- /dev/null +++ b/2024/CVE-2024-41989.md @@ -0,0 +1,17 @@ +### [CVE-2024-41989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41990.md b/2024/CVE-2024-41990.md new file mode 100644 index 000000000..c4a55f230 --- /dev/null +++ b/2024/CVE-2024-41990.md @@ -0,0 +1,17 @@ +### [CVE-2024-41990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41991.md b/2024/CVE-2024-41991.md new file mode 100644 index 000000000..f8064d5df --- /dev/null +++ b/2024/CVE-2024-41991.md @@ -0,0 +1,17 @@ +### [CVE-2024-41991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42005.md b/2024/CVE-2024-42005.md new file mode 100644 index 000000000..4c6f174ae --- /dev/null +++ b/2024/CVE-2024-42005.md @@ -0,0 +1,17 @@ +### [CVE-2024-42005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42033.md b/2024/CVE-2024-42033.md new file mode 100644 index 000000000..9b46a1fab --- /dev/null +++ b/2024/CVE-2024-42033.md @@ -0,0 +1,19 @@ +### [CVE-2024-42033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42033) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen) + +### Description + +Access control vulnerability in the security verification modulempact: Successful exploitation of this vulnerability will affect integrity and confidentiality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42034.md b/2024/CVE-2024-42034.md new file mode 100644 index 000000000..b6b4405b0 --- /dev/null +++ b/2024/CVE-2024-42034.md @@ -0,0 +1,19 @@ +### [CVE-2024-42034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42034) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen) + +### Description + +LaunchAnywhere vulnerability in the account module.Impact: Successful exploitation of this vulnerability may affect service confidentiality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42035.md b/2024/CVE-2024-42035.md new file mode 100644 index 000000000..d25cb70f5 --- /dev/null +++ b/2024/CVE-2024-42035.md @@ -0,0 +1,19 @@ +### [CVE-2024-42035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42035) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-264%20Permissions%2C%20Privileges%2C%20and%20Access%20Controls&color=brighgreen) + +### Description + +Permission control vulnerability in the App Multiplier moduleImpact:Successful exploitation of this vulnerability may affect functionality and confidentiality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42036.md b/2024/CVE-2024-42036.md new file mode 100644 index 000000000..9954d5a31 --- /dev/null +++ b/2024/CVE-2024-42036.md @@ -0,0 +1,19 @@ +### [CVE-2024-42036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42036) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Access permission verification vulnerability in the Notepad moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42037.md b/2024/CVE-2024-42037.md new file mode 100644 index 000000000..3847ee17f --- /dev/null +++ b/2024/CVE-2024-42037.md @@ -0,0 +1,19 @@ +### [CVE-2024-42037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42037) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-248%20Uncaught%20Exception&color=brighgreen) + +### Description + +Vulnerability of uncaught exceptions in the Graphics moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42038.md b/2024/CVE-2024-42038.md new file mode 100644 index 000000000..cef44fbc5 --- /dev/null +++ b/2024/CVE-2024-42038.md @@ -0,0 +1,19 @@ +### [CVE-2024-42038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42038) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-310%20Cryptographic%20Issues&color=brighgreen) + +### Description + +Vulnerability of PIN enhancement failures in the screen lock moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4207.md b/2024/CVE-2024-4207.md new file mode 100644 index 000000000..eeb3e59b5 --- /dev/null +++ b/2024/CVE-2024-4207.md @@ -0,0 +1,17 @@ +### [CVE-2024-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4207) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4210.md b/2024/CVE-2024-4210.md new file mode 100644 index 000000000..89b89dd59 --- /dev/null +++ b/2024/CVE-2024-4210.md @@ -0,0 +1,17 @@ +### [CVE-2024-4210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4210) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=12.6%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. + +### POC + +#### Reference +- https://hackerone.com/reports/2431562 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42233.md b/2024/CVE-2024-42233.md new file mode 100644 index 000000000..d25697f90 --- /dev/null +++ b/2024/CVE-2024-42233.md @@ -0,0 +1,17 @@ +### [CVE-2024-42233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42233) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=58f327f2ce80%3C%206a6c2aec1a89%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:filemap: replace pte_offset_map() with pte_offset_map_nolock()The vmf->ptl in filemap_fault_recheck_pte_none() is still set fromhandle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page tablemay be racily changed and vmf->ptl maybe fails to protect the actual pagetable. Fix this by replacing pte_offset_map() withpte_offset_map_nolock().As David said, the PTL pointer might be stale so if we continue to useit infilemap_fault_recheck_pte_none(), it might trigger UAF. Also, ifthe PTL fails, the issue fixed by commit 58f327f2ce80 ("filemap: avoidunnecessary major faults in filemap_fault()") might reappear. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42234.md b/2024/CVE-2024-42234.md new file mode 100644 index 000000000..4516d5703 --- /dev/null +++ b/2024/CVE-2024-42234.md @@ -0,0 +1,17 @@ +### [CVE-2024-42234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42234) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9bcef5973e31%3C%20fc7facce686b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mm: fix crashes from deferred split racing folio migrationEven on 6.10-rc6, I've been seeing elusive "Bad page state"s (often onflags when freeing, yet the flags shown are not bad: PG_locked had beenset and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s fromdeferred_split_scan()'s folio_put(), and a variety of other BUG and WARNsymptoms implying double free by deferred split and large folio migration.6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when largefolio migration") was right to fix the memcg-dependent locking broken in85ce2c517ade ("memcontrol: only transfer the memcg data for migration"),but missed a subtlety of deferred_split_scan(): it moves folios to its ownlocal list to work on them without split_queue_lock, during which timefolio->_deferred_list is not empty, but even the "right" lock does nothingto secure the folio and the list it is on.Fortunately, deferred_split_scan() is careful to use folio_try_get(): sofolio_migrate_mapping() can avoid the race by folio_undo_large_rmappable()while the old folio's reference count is temporarily frozen to 0 - addingsuch a freeze in the !mapping case too (originally, folio lock andunmapping and no swap cache left an anon folio unreachable, so no freezingwas needed there: but the deferred split queue offers a way to reach it). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42235.md b/2024/CVE-2024-42235.md new file mode 100644 index 000000000..d40e701f9 --- /dev/null +++ b/2024/CVE-2024-42235.md @@ -0,0 +1,17 @@ +### [CVE-2024-42235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42235) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6326c26c1514%3C%20794fa52b9463%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()crst_table_free() used to work with NULL pointers before the conversionto ptdescs. Since crst_table_free() can be called with a NULL pointer(error handling in crst_table_upgrade() add an explicit check.Also add the same check to base_crst_free() for consistency reasons.In real life this should not happen, since order two GFP_KERNELallocations will not fail, unless FAIL_PAGE_ALLOC is enabled and used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42236.md b/2024/CVE-2024-42236.md new file mode 100644 index 000000000..a6a6e6540 --- /dev/null +++ b/2024/CVE-2024-42236.md @@ -0,0 +1,17 @@ +### [CVE-2024-42236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42236) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20a444c3fc2641%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()Userspace provided string 's' could trivially have the length zero. Leftunchecked this will firstly result in an OOB read in the form`if (str[0 - 1] == '\n') followed closely by an OOB write in the form`str[0 - 1] = '\0'`.There is already a validating check to catch strings that are too long.Let's supply an additional check for invalid strings that are too short. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42237.md b/2024/CVE-2024-42237.md new file mode 100644 index 000000000..deb0dbb15 --- /dev/null +++ b/2024/CVE-2024-42237.md @@ -0,0 +1,17 @@ +### [CVE-2024-42237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=f6bc909e7673%3C%20259955eca9b7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:firmware: cs_dsp: Validate payload length before processing blockMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()to be done before the block is processed.The check that the length of a block payload does not exceed the numberof remaining bytes in the firwmware file buffer was being done near theend of the loop iteration. However, some code before that check used thelength field without validating it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42238.md b/2024/CVE-2024-42238.md new file mode 100644 index 000000000..a548be78c --- /dev/null +++ b/2024/CVE-2024-42238.md @@ -0,0 +1,17 @@ +### [CVE-2024-42238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=f6bc909e7673%3C%20b8be70566b33%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:firmware: cs_dsp: Return error if block header overflows fileReturn an error from cs_dsp_power_up() if a block header is longerthan the amount of data left in the file.The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loopwhile there was enough data left in the file for a valid region. Thisprotected against overrunning the end of the file data, but it didn'tabort the file processing with an error. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42239.md b/2024/CVE-2024-42239.md new file mode 100644 index 000000000..b69cd8d56 --- /dev/null +++ b/2024/CVE-2024-42239.md @@ -0,0 +1,17 @@ +### [CVE-2024-42239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42239) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=b00628b1c7d5%3C%20936983051868%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bpf: Fail bpf_timer_cancel when callback is being cancelledGiven a schedule:timer1 cb timer2 cbbpf_timer_cancel(timer2); bpf_timer_cancel(timer1);Both bpf_timer_cancel calls would wait for the other callback to finishexecuting, introducing a lockup.Add an atomic_t count named 'cancelling' in bpf_hrtimer. This keepstrack of all in-flight cancellation requests for a given BPF timer.Whenever cancelling a BPF timer, we must check if we have outstandingcancellation requests, and if so, we must fail the operation with anerror (-EDEADLK) since cancellation is synchronous and waits for thecallback to finish executing. This implies that we can enter a deadlocksituation involving two or more timer callbacks executing in paralleland attempting to cancel one another.Note that we avoid incrementing the cancelling counter for the targettimer (the one being cancelled) if bpf_timer_cancel is not invoked froma callback, to avoid spurious errors. The whole point of detectingcur->cancelling and returning -EDEADLK is to not enter a busy wait loop(which may or may not lead to a lockup). This does not apply in case thecaller is in a non-callback context, the other side can continue tocancel as it sees fit without running into errors.Background on prior attempts:Earlier versions of this patch used a bool 'cancelling' bit and used thefollowing pattern under timer->lock to publish cancellation status.lock(t->lock);t->cancelling = true;mb();if (cur->cancelling) return -EDEADLK;unlock(t->lock);hrtimer_cancel(t->timer);t->cancelling = false;The store outside the critical section could overwrite a parallelrequests t->cancelling assignment to true, to ensure the parallelyexecuting callback observes its cancellation status.It would be necessary to clear this cancelling bit once hrtimer_cancelis done, but lack of serialization introduced races. Another option wasexplored where bpf_timer_start would clear the bit when (re)starting thetimer under timer->lock. This would ensure serialized access to thecancelling bit, but may allow it to be cleared before in-flighthrtimer_cancel has finished executing, such that lockups can occuragain.Thus, we choose an atomic counter to keep track of all outstandingcancellation requests and use it to prevent lockups in case callbacksattempt to cancel each other while executing in parallel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42240.md b/2024/CVE-2024-42240.md new file mode 100644 index 000000000..ccf07a3e7 --- /dev/null +++ b/2024/CVE-2024-42240.md @@ -0,0 +1,17 @@ +### [CVE-2024-42240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=bd53ec80f218%3C%20db56615e96c4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:x86/bhi: Avoid warning in #DB handler due to BHI mitigationWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag setthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls theclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler(exc_debug_kernel()) to issue a warning because single-step is used outside theentry_SYSENTER_compat() function.To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORYafter making sure the TF flag is cleared.The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped)The program is expected to crash, and the #DB handler will issue a warning.Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d [ bp: Massage commit message. ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42241.md b/2024/CVE-2024-42241.md new file mode 100644 index 000000000..4da239b3a --- /dev/null +++ b/2024/CVE-2024-42241.md @@ -0,0 +1,17 @@ +### [CVE-2024-42241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42241) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6b24ca4a1a8d%3C%2093893eacb372%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mm/shmem: disable PMD-sized page cache if neededFor shmem files, it's possible that PMD-sized page cache can't besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can't be supported by xarray. It leads to errors as thefollowing messages indicate when this sort of xarray entry is split.WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \net_failover virtio_console virtio_blk failover dimlib virtio_mmioCPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)pc : xas_split_alloc+0xf8/0x128lr : split_huge_page_to_list_to_order+0x1c4/0x720sp : ffff8000882af5f0x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681cx8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is largerthan MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in ashmem file isn't represented by a multi-index entry and doesn't have thislimitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm:Use multi-index entries in the page cache"). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42242.md b/2024/CVE-2024-42242.md new file mode 100644 index 000000000..588788b62 --- /dev/null +++ b/2024/CVE-2024-42242.md @@ -0,0 +1,17 @@ +### [CVE-2024-42242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42242) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=616f87661792%3C%20bf78b1accef4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZEblk_queue_max_segment_size() ensured: if (max_size < PAGE_SIZE) max_size = PAGE_SIZE;whereas:blk_validate_limits() makes it an error: if (WARN_ON_ONCE(lim->max_segment_size < PAGE_SIZE)) return -EINVAL;The change from one to the other, exposed sdhci which was setting maximumsegment size too low in some circumstances.Fix the maximum segment size when it is too low. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42243.md b/2024/CVE-2024-42243.md new file mode 100644 index 000000000..8891d88b4 --- /dev/null +++ b/2024/CVE-2024-42243.md @@ -0,0 +1,17 @@ +### [CVE-2024-42243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42243) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=793917d997df%3C%20a0c42ddd0969%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarrayPatch series "mm/filemap: Limit page cache size to that supported byxarray", v2.Currently, xarray can't support arbitrary page cache size. More detailscan be found from the WARN_ON() statement in xas_split_alloc(). In ourtest whose code is attached below, we hit the WARN_ON() on ARM64 systemwhere the base page size is 64KB and huge page size is 512MB. The issuewas reported long time ago and some discussions on it can be found here[1].[1] https://www.spinics.net/lists/linux-xfs/msg75404.htmlIn order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to onesupported by xarray and avoid PMD-sized page cache if needed. The codechanges are suggested by David Hildenbrand.PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarrayPATCH[2-3] avoids PMD-sized page cache in the synchronous readahead pathPATCH[4] avoids PMD-sized page cache for shmem files if neededTest program============# cat test.c#define _GNU_SOURCE#include #include #include #include #include #include #include #include #define TEST_XFS_FILENAME "/tmp/data"#define TEST_SHMEM_FILENAME "/dev/shm/data"#define TEST_MEM_SIZE 0x20000000int main(int argc, char **argv){ const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret);cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0;}# gcc test.c -o test# cat /proc/1/smaps | grep KernelPageSize | head -n 1KernelPageSize: 64 kB# ./test shmem :------------[ cut here ]------------WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \virtio_net sha1_ce net_failover failover virtio_console virtio_blk \dimlib virtio_mmioCPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024pstate: 83400005 (Nzcv daif +PAN -UAO +TC---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42244.md b/2024/CVE-2024-42244.md new file mode 100644 index 000000000..6ab0f31ca --- /dev/null +++ b/2024/CVE-2024-42244.md @@ -0,0 +1,17 @@ +### [CVE-2024-42244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=d83b405383c9%3C%20932a86a711c7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:USB: serial: mos7840: fix crash on resumeSince commit c49cfa917025 ("USB: serial: use generic method if noalternative is provided in usb serial layer"), USB serial core calls thegeneric resume implementation when the driver has not provided one.This can trigger a crash on resume with mos7840 since support formultiple read URBs was added back in 2011. Specifically, both port readURBs are now submitted on resume for open ports, but the context pointerof the second URB is left set to the core rather than mos7840 portstructure.Fix this by implementing dedicated suspend and resume functions formos7840.Tested with Delock 87414 USB 2.0 to 4x serial adapter.[ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42245.md b/2024/CVE-2024-42245.md new file mode 100644 index 000000000..b319a0389 --- /dev/null +++ b/2024/CVE-2024-42245.md @@ -0,0 +1,17 @@ +### [CVE-2024-42245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42245) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=b0defa7ae03e%3C%20d467194018dd%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:Revert "sched/fair: Make sure to try to detach at least one movable task"This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.b0defa7ae03ec changed the load balancing logic to ignore env.max_loop ifall tasks examined to that point were pinned. The goal of the patch wasto make it more likely to be able to detach a task buried in a long listof pinned tasks. However, this has the unfortunate side effect ofcreating an O(n) iteration in detach_tasks(), as we now must fullyiterate every task on a cpu if all or most are pinned. Since this loadbalance code is done with rq lock held, and often in softirq context, itis very easy to trigger hard lockups. We observed such hard lockups witha user who affined O(10k) threads to a single cpu.When I discussed this with Vincent he initially suggested that we keepthe limit on the number of tasks to detach, but increase the number oftasks we can search. However, after some back and forth on the mailinglist, he recommended we instead revert the original patch, as it seemslikely no one was actually getting hit by the original issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42246.md b/2024/CVE-2024-42246.md new file mode 100644 index 000000000..44920a53f --- /dev/null +++ b/2024/CVE-2024-42246.md @@ -0,0 +1,17 @@ +### [CVE-2024-42246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4fbac77d2d09%3C%20f2431e7db0fe%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42247.md b/2024/CVE-2024-42247.md new file mode 100644 index 000000000..3391e1978 --- /dev/null +++ b/2024/CVE-2024-42247.md @@ -0,0 +1,17 @@ +### [CVE-2024-42247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42247) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=e7096c131e51%3C%20ae630de24efb%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:wireguard: allowedips: avoid unaligned 64-bit memory accessesOn the parisc platform, the kernel issues kernel warnings becauseswap_endian() tries to load a 128-bit IPv6 address from an unalignedmemory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)Avoid such unaligned memory accesses by instead using theget_unaligned_be64() helper macro.[Jason: replace src[8] in original patch with src+8] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42352.md b/2024/CVE-2024-42352.md new file mode 100644 index 000000000..004376205 --- /dev/null +++ b/2024/CVE-2024-42352.md @@ -0,0 +1,17 @@ +### [CVE-2024-42352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42352) +![](https://img.shields.io/static/v1?label=Product&message=icon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42358.md b/2024/CVE-2024-42358.md new file mode 100644 index 000000000..d4a5658c4 --- /dev/null +++ b/2024/CVE-2024-42358.md @@ -0,0 +1,17 @@ +### [CVE-2024-42358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42358) +![](https://img.shields.io/static/v1?label=Product&message=pdfio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-835%3A%20Loop%20with%20Unreachable%20Exit%20Condition%20('Infinite%20Loop')&color=brighgreen) + +### Description + +PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42395.md b/2024/CVE-2024-42395.md new file mode 100644 index 000000000..7c4132d4b --- /dev/null +++ b/2024/CVE-2024-42395.md @@ -0,0 +1,17 @@ +### [CVE-2024-42395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42395) +![](https://img.shields.io/static/v1?label=Product&message=HPE%20Aruba%20Networking%20InstantOS%20and%20Aruba%20Access%20Points%20running%20ArubaOS%2010&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43044.md b/2024/CVE-2024-43044.md new file mode 100644 index 000000000..cf42f502c --- /dev/null +++ b/2024/CVE-2024-43044.md @@ -0,0 +1,18 @@ +### [CVE-2024-43044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43044) +![](https://img.shields.io/static/v1?label=Product&message=Jenkins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-43045.md b/2024/CVE-2024-43045.md new file mode 100644 index 000000000..1152257c5 --- /dev/null +++ b/2024/CVE-2024-43045.md @@ -0,0 +1,17 @@ +### [CVE-2024-43045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43045) +![](https://img.shields.io/static/v1?label=Product&message=Jenkins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43199.md b/2024/CVE-2024-43199.md new file mode 100644 index 000000000..1fbc591a3 --- /dev/null +++ b/2024/CVE-2024-43199.md @@ -0,0 +1,17 @@ +### [CVE-2024-43199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4784.md b/2024/CVE-2024-4784.md new file mode 100644 index 000000000..04e71789b --- /dev/null +++ b/2024/CVE-2024-4784.md @@ -0,0 +1,17 @@ +### [CVE-2024-4784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4784) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.7%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-305%3A%20Authentication%20Bypass%20by%20Primary%20Weakness&color=brighgreen) + +### Description + +An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4965.md b/2024/CVE-2024-4965.md new file mode 100644 index 000000000..2e0449d73 --- /dev/null +++ b/2024/CVE-2024-4965.md @@ -0,0 +1,17 @@ +### [CVE-2024-4965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4965) +![](https://img.shields.io/static/v1?label=Product&message=DAR-7000-40&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20V31R02B1413C%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5423.md b/2024/CVE-2024-5423.md new file mode 100644 index 000000000..8410315df --- /dev/null +++ b/2024/CVE-2024-5423.md @@ -0,0 +1,17 @@ +### [CVE-2024-5423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5423) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5897.md b/2024/CVE-2024-5897.md new file mode 100644 index 000000000..82e9f6245 --- /dev/null +++ b/2024/CVE-2024-5897.md @@ -0,0 +1,17 @@ +### [CVE-2024-5897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5897) +![](https://img.shields.io/static/v1?label=Product&message=Employee%20and%20Visitor%20Gate%20Pass%20Logging%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268141 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/Hefei-Coffee/cve/blob/main/xss.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6206.md b/2024/CVE-2024-6206.md new file mode 100644 index 000000000..d23dcce89 --- /dev/null +++ b/2024/CVE-2024-6206.md @@ -0,0 +1,17 @@ +### [CVE-2024-6206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6206) +![](https://img.shields.io/static/v1?label=Product&message=HPE%20Athonet%20Mobile%20Core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6329.md b/2024/CVE-2024-6329.md new file mode 100644 index 000000000..40b491259 --- /dev/null +++ b/2024/CVE-2024-6329.md @@ -0,0 +1,17 @@ +### [CVE-2024-6329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6329) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.16%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6481.md b/2024/CVE-2024-6481.md new file mode 100644 index 000000000..d65c176cd --- /dev/null +++ b/2024/CVE-2024-6481.md @@ -0,0 +1,17 @@ +### [CVE-2024-6481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6481) +![](https://img.shields.io/static/v1?label=Product&message=Search%20%26%20Filter%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.18%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/53357868-2bcb-48eb-8abd-83186ff8d027/ + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6522.md b/2024/CVE-2024-6522.md index 3a6d6039d..1c82e40a0 100644 --- a/2024/CVE-2024-6522.md +++ b/2024/CVE-2024-6522.md @@ -14,5 +14,6 @@ The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Req No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6706.md b/2024/CVE-2024-6706.md new file mode 100644 index 000000000..4a7496031 --- /dev/null +++ b/2024/CVE-2024-6706.md @@ -0,0 +1,17 @@ +### [CVE-2024-6706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6706) +![](https://img.shields.io/static/v1?label=Product&message=Open%20WebUI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.1.105%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6707.md b/2024/CVE-2024-6707.md new file mode 100644 index 000000000..39cc1d4d8 --- /dev/null +++ b/2024/CVE-2024-6707.md @@ -0,0 +1,18 @@ +### [CVE-2024-6707](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6707) +![](https://img.shields.io/static/v1?label=Product&message=Open%20WebUI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.1.105%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6781.md b/2024/CVE-2024-6781.md index 5d292fab4..12ca40fdc 100644 --- a/2024/CVE-2024-6781.md +++ b/2024/CVE-2024-6781.md @@ -14,4 +14,5 @@ Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve a #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-6782.md b/2024/CVE-2024-6782.md index ed048a7da..73459df53 100644 --- a/2024/CVE-2024-6782.md +++ b/2024/CVE-2024-6782.md @@ -15,4 +15,5 @@ Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attacker #### Github - https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-6884.md b/2024/CVE-2024-6884.md new file mode 100644 index 000000000..b93661e3e --- /dev/null +++ b/2024/CVE-2024-6884.md @@ -0,0 +1,17 @@ +### [CVE-2024-6884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6884) +![](https://img.shields.io/static/v1?label=Product&message=Gutenberg%20Blocks%20with%20AI%20by%20Kadence%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6890.md b/2024/CVE-2024-6890.md new file mode 100644 index 000000000..ed836c149 --- /dev/null +++ b/2024/CVE-2024-6890.md @@ -0,0 +1,19 @@ +### [CVE-2024-6890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6890) +![](https://img.shields.io/static/v1?label=Product&message=Journyx%20(jtime)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=cwe-321&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=cwe-334&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=cwe-799&color=brighgreen) + +### Description + +Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6891.md b/2024/CVE-2024-6891.md new file mode 100644 index 000000000..e645c1add --- /dev/null +++ b/2024/CVE-2024-6891.md @@ -0,0 +1,18 @@ +### [CVE-2024-6891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6891) +![](https://img.shields.io/static/v1?label=Product&message=Journyx%20(jtime)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-95%20Improper%20Neutralization%20of%20Directives%20in%20Dynamically%20Evaluated%20Code%20('Eval%20Injection')&color=brighgreen) + +### Description + +Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6892.md b/2024/CVE-2024-6892.md new file mode 100644 index 000000000..a2eba8ccd --- /dev/null +++ b/2024/CVE-2024-6892.md @@ -0,0 +1,17 @@ +### [CVE-2024-6892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6892) +![](https://img.shields.io/static/v1?label=Product&message=Journyx%20(jtime)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-81%20Improper%20Neutralization%20of%20Script%20in%20an%20Error%20Message%20Web%20Page&color=brighgreen) + +### Description + +Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6893.md b/2024/CVE-2024-6893.md new file mode 100644 index 000000000..9ab15fbdb --- /dev/null +++ b/2024/CVE-2024-6893.md @@ -0,0 +1,17 @@ +### [CVE-2024-6893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6893) +![](https://img.shields.io/static/v1?label=Product&message=Journyx%20(jtime)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6911.md b/2024/CVE-2024-6911.md index 365d87d83..79a108384 100644 --- a/2024/CVE-2024-6911.md +++ b/2024/CVE-2024-6911.md @@ -14,5 +14,5 @@ Files on the Windows system are accessible without authentication to external pa - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ #### Github -No PoCs found on GitHub currently. +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-6923.md b/2024/CVE-2024-6923.md index 8012bbfb0..5b65ea88f 100644 --- a/2024/CVE-2024-6923.md +++ b/2024/CVE-2024-6923.md @@ -1,6 +1,6 @@ ### [CVE-2024-6923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6923) ![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.13.0rc2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-7061.md b/2024/CVE-2024-7061.md new file mode 100644 index 000000000..4ee672124 --- /dev/null +++ b/2024/CVE-2024-7061.md @@ -0,0 +1,18 @@ +### [CVE-2024-7061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7061) +![](https://img.shields.io/static/v1?label=Product&message=Okta%20Verify%20for%20Windows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%20Uncontrolled%20Search%20Path%20or%20Element&color=brighgreen) + +### Description + +Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater. + +### POC + +#### Reference +- https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7120.md b/2024/CVE-2024-7120.md index c3af04052..11db07d05 100644 --- a/2024/CVE-2024-7120.md +++ b/2024/CVE-2024-7120.md @@ -16,5 +16,6 @@ A vulnerability, which was classified as critical, was found in Raisecom MSG1200 No PoCs from references. #### Github +- https://github.com/Ostorlab/KEV - https://github.com/komodoooo/Some-things diff --git a/2024/CVE-2024-7160.md b/2024/CVE-2024-7160.md index 8657071a4..f1e202324 100644 --- a/2024/CVE-2024-7160.md +++ b/2024/CVE-2024-7160.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u. - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7353.md b/2024/CVE-2024-7353.md new file mode 100644 index 000000000..badc5bb29 --- /dev/null +++ b/2024/CVE-2024-7353.md @@ -0,0 +1,18 @@ +### [CVE-2024-7353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7353) +![](https://img.shields.io/static/v1?label=Product&message=Accept%20Stripe%20Payments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.0.86%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +- https://portswigger.net/research/xss-in-hidden-input-fields + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7355.md b/2024/CVE-2024-7355.md new file mode 100644 index 000000000..864d707e2 --- /dev/null +++ b/2024/CVE-2024-7355.md @@ -0,0 +1,18 @@ +### [CVE-2024-7355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7355) +![](https://img.shields.io/static/v1?label=Product&message=Organization%20chart&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure charts can be extended to subscribers. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7451.md b/2024/CVE-2024-7451.md index 2e7ff2f40..33031be35 100644 --- a/2024/CVE-2024-7451.md +++ b/2024/CVE-2024-7451.md @@ -11,6 +11,7 @@ A vulnerability was found in itsourcecode Placement Management System 1.0 and cl #### Reference - https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md +- https://vuldb.com/?submit.383864 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7496.md b/2024/CVE-2024-7496.md index 673d1e883..212686604 100644 --- a/2024/CVE-2024-7496.md +++ b/2024/CVE-2024-7496.md @@ -11,6 +11,7 @@ A vulnerability has been found in itsourcecode Airline Reservation System 1.0 an #### Reference - https://github.com/DeepMountains/zzz/blob/main/CVE1-1.md +- https://vuldb.com/?submit.385892 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-7498.md b/2024/CVE-2024-7498.md index b307606d4..248417d84 100644 --- a/2024/CVE-2024-7498.md +++ b/2024/CVE-2024-7498.md @@ -11,6 +11,7 @@ A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has #### Reference - https://github.com/DeepMountains/zzz/blob/main/CVE1-3.md +- https://vuldb.com/?submit.385894 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-7554.md b/2024/CVE-2024-7554.md new file mode 100644 index 000000000..cbafcb909 --- /dev/null +++ b/2024/CVE-2024-7554.md @@ -0,0 +1,17 @@ +### [CVE-2024-7554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7554) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13.9%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7578.md b/2024/CVE-2024-7578.md new file mode 100644 index 000000000..531743426 --- /dev/null +++ b/2024/CVE-2024-7578.md @@ -0,0 +1,17 @@ +### [CVE-2024-7578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7578) +![](https://img.shields.io/static/v1?label=Product&message=ALR-F800&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2019.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen) + +### Description + +A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7579.md b/2024/CVE-2024-7579.md new file mode 100644 index 000000000..2820c909e --- /dev/null +++ b/2024/CVE-2024-7579.md @@ -0,0 +1,17 @@ +### [CVE-2024-7579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7579) +![](https://img.shields.io/static/v1?label=Product&message=ALR-F800&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2019.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7580.md b/2024/CVE-2024-7580.md new file mode 100644 index 000000000..0a9a30879 --- /dev/null +++ b/2024/CVE-2024-7580.md @@ -0,0 +1,17 @@ +### [CVE-2024-7580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7580) +![](https://img.shields.io/static/v1?label=Product&message=ALR-F800&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2019.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7581.md b/2024/CVE-2024-7581.md new file mode 100644 index 000000000..5dceb481c --- /dev/null +++ b/2024/CVE-2024-7581.md @@ -0,0 +1,17 @@ +### [CVE-2024-7581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7581) +![](https://img.shields.io/static/v1?label=Product&message=A301&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.13.08.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7610.md b/2024/CVE-2024-7610.md new file mode 100644 index 000000000..81364ddd9 --- /dev/null +++ b/2024/CVE-2024-7610.md @@ -0,0 +1,17 @@ +### [CVE-2024-7610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7610) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=15.9%3C%2017.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index 8b6414682..d790dbdf8 100644 --- a/github.txt +++ b/github.txt @@ -59,6 +59,7 @@ CVE-1999-0082 - https://github.com/joscanoga/Reto-python-CRM CVE-1999-0084 - https://github.com/joscanoga/Reto-python-CRM CVE-1999-0095 - https://github.com/joscanoga/Reto-python-CRM CVE-1999-0101 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-1999-0103 - https://github.com/vdanen/vex-reader CVE-1999-0182 - https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups CVE-1999-0192 - https://github.com/AnyMaster/EQGRP CVE-1999-0192 - https://github.com/CKmaenn/EQGRP @@ -558,6 +559,7 @@ CVE-2002-2420 - https://github.com/CVEDB/PoC-List CVE-2002-2420 - https://github.com/CVEDB/awesome-cve-repo CVE-2002-2420 - https://github.com/krdsploit/CVE-2002-2420 CVE-2002-2443 - https://github.com/ARPSyndicate/cvemon +CVE-2002-2443 - https://github.com/vdanen/vex-reader CVE-2003-0001 - https://github.com/ARPSyndicate/cvemon CVE-2003-0001 - https://github.com/Live-Hack-CVE/CVE-2021-3031 CVE-2003-0001 - https://github.com/hackerhouse-opensource/exploits @@ -1798,6 +1800,7 @@ CVE-2006-5051 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2006-5051 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2006-5051 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2006-5051 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2006-5051 - https://github.com/giterlizzi/secdb-feeds CVE-2006-5051 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2006-5051 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2006-5051 - https://github.com/nomi-sec/PoC-in-GitHub @@ -8788,6 +8791,7 @@ CVE-2012-3137 - https://github.com/ARPSyndicate/cvemon CVE-2012-3137 - https://github.com/CVEDB/PoC-List CVE-2012-3137 - https://github.com/CVEDB/awesome-cve-repo CVE-2012-3137 - https://github.com/L34kl0ve/WNMAP +CVE-2012-3137 - https://github.com/burnt11235/burnt11235 CVE-2012-3137 - https://github.com/hantwister/o5logon-fetch CVE-2012-3137 - https://github.com/jakuta-tech/WNMAP CVE-2012-3137 - https://github.com/quentinhardy/odat @@ -8928,6 +8932,7 @@ CVE-2012-3587 - https://github.com/sjourdan/clair-lab CVE-2012-3716 - https://github.com/0x90/wifi-arsenal CVE-2012-3716 - https://github.com/0xbitx/wifi-hacking-tools CVE-2012-3716 - https://github.com/ARPSyndicate/cvemon +CVE-2012-3716 - https://github.com/Bitsonwheels/macos-wifi-hacking-tools CVE-2012-3716 - https://github.com/CVEDB/PoC-List CVE-2012-3716 - https://github.com/CVEDB/awesome-cve-repo CVE-2012-3716 - https://github.com/Gafikari/wifi-hacking-tools @@ -40108,6 +40113,7 @@ CVE-2017-7269 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detec CVE-2017-7269 - https://github.com/SexyBeast233/SecBooks CVE-2017-7269 - https://github.com/ThanHuuTuan/CVE-2017-7269 CVE-2017-7269 - https://github.com/Tyro-Shan/gongkaishouji +CVE-2017-7269 - https://github.com/VanishedPeople/CVE-2017-7269 CVE-2017-7269 - https://github.com/YIXINSHUWU/Penetration_Testing_POC CVE-2017-7269 - https://github.com/ZTK-009/Penetration_PoC CVE-2017-7269 - https://github.com/ZTK-009/RedTeamer @@ -57401,6 +57407,7 @@ CVE-2018-9995 - https://github.com/twensoo/PersistentThreat CVE-2018-9995 - https://github.com/weeka10/-hktalent-TOP CVE-2018-9995 - https://github.com/withmasday/HTC CVE-2018-9995 - https://github.com/wj158/snowwolf-script +CVE-2018-9995 - https://github.com/wmasday/HTC CVE-2018-9995 - https://github.com/wr0x00/Lizard CVE-2018-9995 - https://github.com/wr0x00/Lsploit CVE-2018-9995 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -79955,6 +79962,7 @@ CVE-2020-11030 - https://github.com/ARPSyndicate/cvemon CVE-2020-11030 - https://github.com/El-Palomo/SYMFONOS CVE-2020-11030 - https://github.com/MeerAbdullah/Kali-Vs-WordPress CVE-2020-11030 - https://github.com/namhikelo/Symfonos1-Vulnhub-CEH +CVE-2020-11034 - https://github.com/20142995/nuclei-templates CVE-2020-11034 - https://github.com/ARPSyndicate/kenzer-templates CVE-2020-11034 - https://github.com/Elsfa7-110/kenzer-templates CVE-2020-11034 - https://github.com/d4n-sec/d4n-sec.github.io @@ -82724,6 +82732,7 @@ CVE-2020-14178 - https://github.com/Faizee-Asad/JIRA-Vulnerabilities CVE-2020-14178 - https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting CVE-2020-14178 - https://github.com/imhunterand/JiraCVE CVE-2020-14178 - https://github.com/rezasarvani/JiraVulChecker +CVE-2020-14179 - https://github.com/20142995/nuclei-templates CVE-2020-14179 - https://github.com/ARPSyndicate/cvemon CVE-2020-14179 - https://github.com/ARPSyndicate/kenzer-templates CVE-2020-14179 - https://github.com/Elsfa7-110/kenzer-templates @@ -90764,6 +90773,7 @@ CVE-2020-29156 - https://github.com/Live-Hack-CVE/CVE-2020-2915 CVE-2020-29156 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-29156 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-29156 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2020-29164 - https://github.com/20142995/nuclei-templates CVE-2020-29164 - https://github.com/ARPSyndicate/cvemon CVE-2020-29164 - https://github.com/ARPSyndicate/kenzer-templates CVE-2020-29164 - https://github.com/Elsfa7-110/kenzer-templates @@ -92525,6 +92535,7 @@ CVE-2020-4450 - https://github.com/silentsignal/WebSphere-WSIF-gadget CVE-2020-4450 - https://github.com/trganda/starrlist CVE-2020-4450 - https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 CVE-2020-4463 - https://github.com/0xT11/CVE-POC +CVE-2020-4463 - https://github.com/20142995/nuclei-templates CVE-2020-4463 - https://github.com/ARPSyndicate/cvemon CVE-2020-4463 - https://github.com/ARPSyndicate/kenzer-templates CVE-2020-4463 - https://github.com/EdgeSecurityTeam/Vulnerability @@ -105747,6 +105758,7 @@ CVE-2021-28878 - https://github.com/Qwaz/rust-cve CVE-2021-28879 - https://github.com/ARPSyndicate/cvemon CVE-2021-28879 - https://github.com/Qwaz/rust-cve CVE-2021-28879 - https://github.com/mariodon/GeekGame-2nd-Writeup +CVE-2021-28918 - https://github.com/20142995/nuclei-templates CVE-2021-28918 - https://github.com/ARPSyndicate/cvemon CVE-2021-28918 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-28918 - https://github.com/DNTYO/F5_Vulnerability @@ -108179,6 +108191,7 @@ CVE-2021-31980 - https://github.com/aapooksman/certmitm CVE-2021-3199 - https://github.com/moehw/poc_exploits CVE-2021-3200 - https://github.com/ARPSyndicate/cvemon CVE-2021-32030 - https://github.com/0day404/vulnerability-poc +CVE-2021-32030 - https://github.com/20142995/nuclei-templates CVE-2021-32030 - https://github.com/ARPSyndicate/cvemon CVE-2021-32030 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-32030 - https://github.com/EdgeSecurityTeam/Vulnerability @@ -122963,6 +122976,7 @@ CVE-2022-1609 - https://github.com/youwizard/CVE-POC CVE-2022-1609 - https://github.com/zecool/cve CVE-2022-1611 - https://github.com/ARPSyndicate/cvemon CVE-2022-1614 - https://github.com/ARPSyndicate/cvemon +CVE-2022-1617 - https://github.com/20142995/nuclei-templates CVE-2022-1619 - https://github.com/ARPSyndicate/cvemon CVE-2022-1622 - https://github.com/ARPSyndicate/cvemon CVE-2022-1622 - https://github.com/peng-hui/CarpetFuzz @@ -142495,6 +142509,7 @@ CVE-2023-0266 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detec CVE-2023-0266 - https://github.com/SeanHeelan/claude_opus_cve_2023_0266 CVE-2023-0266 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-0266 - https://github.com/xairy/linux-kernel-exploitation +CVE-2023-0285 - https://github.com/20142995/nuclei-templates CVE-2023-0286 - https://github.com/ARPSyndicate/cvemon CVE-2023-0286 - https://github.com/EGI-Federation/SVG-advisories CVE-2023-0286 - https://github.com/FairwindsOps/bif @@ -143967,8 +143982,12 @@ CVE-2023-21612 - https://github.com/kohnakagawa/kohnakagawa CVE-2023-21616 - https://github.com/HuzaifaPatel/houdini CVE-2023-2163 - https://github.com/Dikens88/hopp CVE-2023-2163 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +CVE-2023-2163 - https://github.com/aobakwewastaken/aobakwewastaken +CVE-2023-2163 - https://github.com/carmilea/carmilea CVE-2023-2163 - https://github.com/google/buzzer CVE-2023-2163 - https://github.com/google/security-research +CVE-2023-2163 - https://github.com/kherrick/hacker-news +CVE-2023-2163 - https://github.com/phixion/phixion CVE-2023-2163 - https://github.com/shannonmullins/hopp CVE-2023-21647 - https://github.com/sgxgsx/BlueToolkit CVE-2023-21674 - https://github.com/Ostorlab/KEV @@ -147805,6 +147824,8 @@ CVE-2023-3134 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-31341 - https://github.com/5angjun/5angjun CVE-2023-31346 - https://github.com/Freax13/cve-2023-31346-poc CVE-2023-31346 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-31355 - https://github.com/Freax13/cve-2024-21980-poc +CVE-2023-31355 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-3136 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3138 - https://github.com/AWSXXF/xorg_mirror_libx11 CVE-2023-3138 - https://github.com/LingmoOS/libx11 @@ -152393,6 +152414,7 @@ CVE-2023-43651 - https://github.com/N0th1n3/JumpServer-MySQLRCE CVE-2023-43651 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43652 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43654 - https://github.com/OligoCyberSecurity/ShellTorchChecker +CVE-2023-43654 - https://github.com/giterlizzi/secdb-feeds CVE-2023-43654 - https://github.com/leoambrus/CheckersNomisec CVE-2023-43654 - https://github.com/mdisec/mdisec-twitch-yayinlari CVE-2023-43654 - https://github.com/nomi-sec/PoC-in-GitHub @@ -152971,25 +152993,34 @@ CVE-2023-45223 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45226 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45227 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45229 - https://github.com/1490kdrm/vuln_BIOs +CVE-2023-45229 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45229 - https://github.com/quarkslab/pixiefail CVE-2023-4523 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45230 - https://github.com/1490kdrm/vuln_BIOs CVE-2023-45230 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45230 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45230 - https://github.com/quarkslab/pixiefail CVE-2023-45231 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45231 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45231 - https://github.com/quarkslab/pixiefail CVE-2023-45232 - https://github.com/1490kdrm/vuln_BIOs CVE-2023-45232 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45232 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45232 - https://github.com/quarkslab/pixiefail CVE-2023-45233 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45233 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45233 - https://github.com/quarkslab/pixiefail CVE-2023-45234 - https://github.com/1490kdrm/vuln_BIOs CVE-2023-45234 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45234 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45234 - https://github.com/quarkslab/pixiefail CVE-2023-45235 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-45235 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45235 - https://github.com/quarkslab/pixiefail CVE-2023-45236 - https://github.com/1490kdrm/vuln_BIOs +CVE-2023-45236 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45237 - https://github.com/1490kdrm/vuln_BIOs +CVE-2023-45237 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition CVE-2023-45244 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45244 - https://github.com/password123456/cve-collector CVE-2023-45245 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -153785,6 +153816,7 @@ CVE-2023-47218 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-47218 - https://github.com/passwa11/CVE-2023-47218 CVE-2023-47222 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-47223 - https://github.com/parkttule/parkttule +CVE-2023-47238 - https://github.com/20142995/nuclei-templates CVE-2023-4724 - https://github.com/dipa96/my-days-and-not CVE-2023-47246 - https://github.com/Marco-zcl/POC CVE-2023-47246 - https://github.com/Ostorlab/KEV @@ -161578,9 +161610,11 @@ CVE-2024-1086 - https://github.com/0xsyr0/OSCP CVE-2024-1086 - https://github.com/Alicey0719/docker-POC_CVE-2024-1086 CVE-2024-1086 - https://github.com/BachoSeven/stellestelline CVE-2024-1086 - https://github.com/CCIEVoice2009/CVE-2024-1086 +CVE-2024-1086 - https://github.com/Disturbante/Linux-Pentest CVE-2024-1086 - https://github.com/EGI-Federation/SVG-advisories CVE-2024-1086 - https://github.com/GhostTroops/TOP CVE-2024-1086 - https://github.com/Hiimsonkul/Hiimsonkul +CVE-2024-1086 - https://github.com/Jappie3/starred CVE-2024-1086 - https://github.com/Notselwyn/CVE-2024-1086 CVE-2024-1086 - https://github.com/Notselwyn/exploits CVE-2024-1086 - https://github.com/Notselwyn/notselwyn @@ -162572,6 +162606,7 @@ CVE-2024-21111 - https://github.com/x0rsys/CVE-2024-21111 CVE-2024-21183 - https://github.com/tanjiti/sec_profile CVE-2024-2124 - https://github.com/NaInSec/CVE-LIST CVE-2024-2129 - https://github.com/NaInSec/CVE-LIST +CVE-2024-21302 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21305 - https://github.com/NaInSec/CVE-LIST CVE-2024-21305 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21305 - https://github.com/nomi-sec/PoC-in-GitHub @@ -163149,7 +163184,11 @@ CVE-2024-2193 - https://github.com/uthrasri/CVE-2024-2193 CVE-2024-2194 - https://github.com/Ostorlab/KEV CVE-2024-2197 - https://github.com/NaInSec/CVE-LIST CVE-2024-21972 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21978 - https://github.com/Freax13/cve-2024-21978-poc +CVE-2024-21978 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-21979 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21980 - https://github.com/Freax13/cve-2024-21980-poc +CVE-2024-21980 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22002 - https://github.com/0xkickit/iCUE_DllHijack_LPE-CVE-2024-22002 CVE-2024-22002 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22005 - https://github.com/NaInSec/CVE-LIST @@ -166303,6 +166342,7 @@ CVE-2024-27995 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27996 - https://github.com/NaInSec/CVE-LIST CVE-2024-27997 - https://github.com/NaInSec/CVE-LIST CVE-2024-27998 - https://github.com/NaInSec/CVE-LIST +CVE-2024-2800 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28004 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28005 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167406,6 +167446,7 @@ CVE-2024-3007 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3007 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30078 - https://github.com/0xMarcio/cve CVE-2024-30078 - https://github.com/GhostTroops/TOP +CVE-2024-30078 - https://github.com/Jappie3/starred CVE-2024-30078 - https://github.com/blkph0x/CVE_2024_30078_POC_WIFI CVE-2024-30078 - https://github.com/enomothem/PenTestNote CVE-2024-30078 - https://github.com/lvyitian/CVE-2024-30078- @@ -167500,6 +167541,7 @@ CVE-2024-3030 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3032 - https://github.com/Chocapikk/Chocapikk CVE-2024-3032 - https://github.com/Chocapikk/My-CVEs CVE-2024-3034 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3035 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30378 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30380 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30381 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167806,6 +167848,7 @@ CVE-2024-3094 - https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check CVE-2024-3094 - https://github.com/HaveFun83/awesome-stars CVE-2024-3094 - https://github.com/Horizon-Software-Development/CVE-2024-3094 CVE-2024-3094 - https://github.com/JVS23/cybsec-project-2024 +CVE-2024-3094 - https://github.com/Jappie3/starred CVE-2024-3094 - https://github.com/JonathanSiemering/stars CVE-2024-3094 - https://github.com/Juul/xz-backdoor-scan CVE-2024-3094 - https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container @@ -167961,6 +168004,7 @@ CVE-2024-31136 - https://github.com/netlas-io/netlas-dorks CVE-2024-31137 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31138 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31139 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3114 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31140 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31142 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31156 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168695,6 +168739,7 @@ CVE-2024-33981 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3400 - https://github.com/0x0d3ad/CVE-2024-3400 CVE-2024-3400 - https://github.com/0xMarcio/cve CVE-2024-3400 - https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection +CVE-2024-3400 - https://github.com/20142995/nuclei-templates CVE-2024-3400 - https://github.com/AdaniKamal/CVE-2024-3400 CVE-2024-3400 - https://github.com/CONDITIONBLACK/CVE-2024-3400-POC CVE-2024-3400 - https://github.com/CerTusHack/CVE-2024-3400-PoC @@ -169329,8 +169374,11 @@ CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807 CVE-2024-38100 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38100 - https://github.com/tanjiti/sec_profile CVE-2024-38112 - https://github.com/thepcn3rd/goAdventures +CVE-2024-38166 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3817 - https://github.com/dellalibera/dellalibera CVE-2024-3817 - https://github.com/otms61/vex_dir +CVE-2024-38202 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3823 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3824 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169396,6 +169444,7 @@ CVE-2024-38856 - https://github.com/RacerZ-fighting/RacerZ-fighting CVE-2024-38856 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38856 - https://github.com/tanjiti/sec_profile +CVE-2024-38856 - https://github.com/wy876/POC CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169437,6 +169486,7 @@ CVE-2024-3936 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3958 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3961 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39614 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3967 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169610,6 +169660,7 @@ CVE-2024-41473 - https://github.com/wy876/POC CVE-2024-41550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41551 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4156 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41570 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4162 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41628 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4163 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169641,6 +169692,7 @@ CVE-2024-4186 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41910 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41911 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41913 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41943 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes CVE-2024-41943 - https://github.com/alessio-romano/alessio-romano CVE-2024-41946 - https://github.com/lifeparticle/Ruby-Cheatsheet @@ -169655,16 +169707,43 @@ CVE-2024-42005 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42010 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4203 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42033 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42034 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42035 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42036 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42037 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42038 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42041 - https://github.com/actuator/cve CVE-2024-42054 - https://github.com/jinsonvarghese/jinsonvarghese CVE-2024-42055 - https://github.com/jinsonvarghese/jinsonvarghese +CVE-2024-4207 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4208 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4210 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42233 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42234 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42235 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42236 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42237 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42238 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42239 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42240 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42241 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42242 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42243 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42244 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42245 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42246 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42247 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4226 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4231 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4232 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4234 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4235 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42354 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42355 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42356 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42357 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4236 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4236 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4236 - https://github.com/helloyhrr/IoT_vulnerability @@ -169673,6 +169752,7 @@ CVE-2024-4237 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4238 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4239 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4239 - https://github.com/helloyhrr/IoT_vulnerability +CVE-2024-42395 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42397 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42398 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42399 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169709,6 +169789,7 @@ CVE-2024-4299 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4300 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4301 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43044 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43044 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-43045 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4313 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169944,6 +170025,7 @@ CVE-2024-4761 - https://github.com/michredteam/CVE-2024-4761 CVE-2024-4761 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4761 - https://github.com/securitycipher/daily-bugbounty-writeups CVE-2024-4761 - https://github.com/tanjiti/sec_profile +CVE-2024-4784 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4801 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4803 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170045,6 +170127,7 @@ CVE-2024-4956 - https://github.com/xungzzz/CVE-2024-4956 CVE-2024-4959 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-4960 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-49606 - https://github.com/netlas-io/netlas-dorks +CVE-2024-4965 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4966 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4978 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4984 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170124,6 +170207,7 @@ CVE-2024-5385 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5389 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5390 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5391 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5423 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-54321 - https://github.com/runwuf/clickhouse-test CVE-2024-5438 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5455 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170217,6 +170301,7 @@ CVE-2024-6193 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6194 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6195 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6205 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6222 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6243 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6244 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170225,6 +170310,7 @@ CVE-2024-6270 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6271 - https://github.com/Jokergazaa/zero-click-exploits CVE-2024-6271 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6315 - https://github.com/20142995/nuclei-templates +CVE-2024-6329 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6342 - https://github.com/yikesoftware/yikesoftware CVE-2024-6343 - https://github.com/yikesoftware/yikesoftware CVE-2024-6366 - https://github.com/nomi-sec/PoC-in-GitHub @@ -170257,11 +170343,13 @@ CVE-2024-6387 - https://github.com/teamos-hub/regreSSHion CVE-2024-6387 - https://github.com/trailofbits/codeql-queries CVE-2024-6390 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6472 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6481 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6494 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6496 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6518 - https://github.com/fluentform/fluentform CVE-2024-6520 - https://github.com/fluentform/fluentform CVE-2024-6521 - https://github.com/fluentform/fluentform +CVE-2024-6522 - https://github.com/20142995/nuclei-templates CVE-2024-6522 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-65230 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6529 - https://github.com/nomi-sec/PoC-in-GitHub @@ -170277,6 +170365,8 @@ CVE-2024-6666 - https://github.com/JohnnyBradvo/CVE-2024-6666 CVE-2024-6666 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6695 - https://github.com/20142995/nuclei-templates CVE-2024-6703 - https://github.com/fluentform/fluentform +CVE-2024-6706 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6707 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6731 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6732 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6738 - https://github.com/nomi-sec/PoC-in-GitHub @@ -170290,13 +170380,19 @@ CVE-2024-6756 - https://github.com/20142995/nuclei-templates CVE-2024-6766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6779 - https://github.com/leesh3288/leesh3288 CVE-2024-6781 - https://github.com/20142995/nuclei-templates +CVE-2024-6781 - https://github.com/wy876/POC CVE-2024-6782 - https://github.com/20142995/nuclei-templates CVE-2024-6782 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6782 - https://github.com/wy876/POC CVE-2024-6802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6807 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6836 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6890 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6891 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates +CVE-2024-6911 - https://github.com/wy876/POC CVE-2024-6923 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6930 - https://github.com/20142995/nuclei-templates CVE-2024-6931 - https://github.com/20142995/nuclei-templates @@ -170319,7 +170415,9 @@ CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7080 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7081 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7091 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7160 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7212 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7213 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7214 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170336,7 +170434,9 @@ CVE-2024-7332 - https://github.com/20142995/nuclei-templates CVE-2024-7339 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7339 - https://github.com/tanjiti/sec_profile CVE-2024-7340 - https://github.com/20142995/nuclei-templates +CVE-2024-7353 - https://github.com/20142995/nuclei-templates CVE-2024-7353 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7355 - https://github.com/20142995/nuclei-templates CVE-2024-7355 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7357 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7383 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170374,6 +170474,7 @@ CVE-2024-7469 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7470 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7484 - https://github.com/20142995/nuclei-templates CVE-2024-7485 - https://github.com/20142995/nuclei-templates +CVE-2024-7490 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7521 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7529 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170385,10 +170486,12 @@ CVE-2024-7536 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7552 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7553 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7554 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7578 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7579 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7580 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7581 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7610 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 089d9698c..e53a4b914 100644 --- a/references.txt +++ b/references.txt @@ -4022,6 +4022,7 @@ CVE-2006-3195 - http://securityreason.com/securityalert/1135 CVE-2006-3196 - http://securityreason.com/securityalert/1135 CVE-2006-3197 - http://securityreason.com/securityalert/596 CVE-2006-3200 - http://securityreason.com/securityalert/1132 +CVE-2006-3211 - http://securityreason.com/securityalert/1141 CVE-2006-3221 - https://www.exploit-db.com/exploits/1938 CVE-2006-3221 - https://www.exploit-db.com/exploits/1939 CVE-2006-3222 - http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html @@ -12067,6 +12068,7 @@ CVE-2008-3827 - http://securityreason.com/securityalert/4326 CVE-2008-3827 - http://www.ocert.org/advisories/ocert-2008-013.html CVE-2008-3833 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9980 CVE-2008-3834 - https://www.exploit-db.com/exploits/7822 +CVE-2008-3835 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-3835 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643 CVE-2008-3837 - http://www.redhat.com/support/errata/RHSA-2008-0879.html CVE-2008-3837 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950 @@ -12200,17 +12202,29 @@ CVE-2008-4050 - https://www.exploit-db.com/exploits/6334 CVE-2008-4054 - http://securityreason.com/securityalert/4235 CVE-2008-4054 - https://www.exploit-db.com/exploits/6310 CVE-2008-4058 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4058 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4058 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679 +CVE-2008-4059 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4059 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529 CVE-2008-4060 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4060 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4061 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4061 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4062 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4062 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4063 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4063 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4064 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4064 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4064 - https://bugzilla.mozilla.org/show_bug.cgi?id=441995 CVE-2008-4065 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4065 - http://www.ubuntu.com/usn/usn-647-1 +CVE-2008-4066 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4067 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4067 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4068 - http://www.redhat.com/support/errata/RHSA-2008-0879.html +CVE-2008-4068 - http://www.ubuntu.com/usn/usn-647-1 +CVE-2008-4070 - http://www.ubuntu.com/usn/usn-647-1 CVE-2008-4071 - http://securityreason.com/securityalert/4257 CVE-2008-4071 - https://www.exploit-db.com/exploits/6424 CVE-2008-4072 - http://securityreason.com/securityalert/4246 @@ -15292,6 +15306,9 @@ CVE-2009-1038 - https://www.exploit-db.com/exploits/8217 CVE-2009-1039 - https://www.exploit-db.com/exploits/8231 CVE-2009-1040 - https://www.exploit-db.com/exploits/8224 CVE-2009-1041 - https://www.exploit-db.com/exploits/8261 +CVE-2009-1042 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 +CVE-2009-1043 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 +CVE-2009-1044 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 CVE-2009-1044 - https://bugzilla.mozilla.org/show_bug.cgi?id=484320 CVE-2009-1045 - https://www.exploit-db.com/exploits/8213 CVE-2009-1049 - https://www.exploit-db.com/exploits/8243 @@ -15985,6 +16002,7 @@ CVE-2009-2472 - https://oval.cisecurity.org/repository/search/definition/oval%3A CVE-2009-2473 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461 CVE-2009-2477 - http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/ CVE-2009-2477 - http://isc.sans.org/diary.html?storyid=6796 +CVE-2009-2477 - http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761 CVE-2009-2477 - http://www.kb.cert.org/vuls/id/443060 CVE-2009-2477 - https://www.exploit-db.com/exploits/40936/ CVE-2009-2479 - http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/ @@ -16187,6 +16205,7 @@ CVE-2009-2957 - http://www.thekelleys.org.uk/dnsmasq/CHANGELOG CVE-2009-2958 - http://www.thekelleys.org.uk/dnsmasq/CHANGELOG CVE-2009-2958 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816 CVE-2009-2961 - http://www.exploit-db.com/exploits/9467 +CVE-2009-2966 - http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077 CVE-2009-3003 - http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html CVE-2009-3004 - http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html CVE-2009-3005 - http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html @@ -16538,6 +16557,7 @@ CVE-2009-3874 - http://www.oracle.com/technetwork/topics/security/cpujan2010-084 CVE-2009-3875 - http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html CVE-2009-3876 - http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html CVE-2009-3877 - http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html +CVE-2009-3878 - http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html CVE-2009-3879 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568 CVE-2009-3887 - http://ocert.org/advisories/ocert-2009-013.html CVE-2009-3887 - https://www.akitasecurity.nl/advisory.php?id=AK20090601 @@ -16560,6 +16580,7 @@ CVE-2009-3967 - http://www.exploit-db.com/exploits/9480 CVE-2009-3969 - http://www.exploit-db.com/exploits/9487 CVE-2009-3977 - http://seclists.org/fulldisclosure/2009/Nov/199 CVE-2009-3977 - http://www.coresecurity.com/content/openview_nnm_internaldb_dos +CVE-2009-3978 - http://www.h-online.com/open/news/item/Mozilla-fixes-critical-bugs-with-Firefox-3-5-5-852070.html CVE-2009-3983 - https://bugzilla.mozilla.org/show_bug.cgi?id=487872 CVE-2009-3984 - https://bugzilla.mozilla.org/show_bug.cgi?id=521461 CVE-2009-3984 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9791 @@ -17012,6 +17033,12 @@ CVE-2010-0217 - http://securityreason.com/securityalert/8255 CVE-2010-0219 - http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf CVE-2010-0219 - http://www.exploit-db.com/exploits/15869 CVE-2010-0220 - http://isc.sans.org/diary.html?storyid=7897 +CVE-2010-0221 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html +CVE-2010-0222 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html +CVE-2010-0224 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html +CVE-2010-0225 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html +CVE-2010-0227 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html +CVE-2010-0228 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html CVE-2010-0244 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 CVE-2010-0245 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 CVE-2010-0246 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 @@ -17226,6 +17253,7 @@ CVE-2010-0825 - https://bugs.launchpad.net/ubuntu/+bug/531569 CVE-2010-0826 - http://www.ubuntu.com/usn/USN-922-1 CVE-2010-0828 - http://www.ubuntu.com/usn/USN-925-1 CVE-2010-0829 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718 +CVE-2010-0832 - http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html CVE-2010-0835 - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CVE-2010-0836 - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CVE-2010-0837 - http://ubuntu.com/usn/usn-923-1 @@ -21268,6 +21296,7 @@ CVE-2012-0815 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul CVE-2012-0825 - http://openid.net/2011/05/05/attribute-exchange-security-alert/ CVE-2012-0829 - http://www.openwall.com/lists/oss-security/2012/02/02/10 CVE-2012-0830 - http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ +CVE-2012-0830 - http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html CVE-2012-0830 - https://gist.github.com/1725489 CVE-2012-0839 - http://www.ocert.org/advisories/ocert-2011-003.html CVE-2012-0841 - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html @@ -21464,6 +21493,7 @@ CVE-2012-1533 - http://www.oracle.com/technetwork/topics/security/javacpuoct2012 CVE-2012-1541 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html CVE-2012-1543 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html CVE-2012-1545 - http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 +CVE-2012-1557 - http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html CVE-2012-1561 - http://drupal.org/node/1432318 CVE-2012-1563 - https://www.exploit-db.com/exploits/41156/ CVE-2012-1580 - https://bugzilla.wikimedia.org/show_bug.cgi?id=35317 @@ -45595,6 +45625,7 @@ CVE-2017-20066 - https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allo CVE-2017-20066 - https://vuldb.com/?id.97384 CVE-2017-20067 - https://www.exploit-db.com/exploits/41044/ CVE-2017-20068 - https://www.exploit-db.com/exploits/41044/ +CVE-2017-20069 - https://vuldb.com/?id.95409 CVE-2017-20069 - https://www.exploit-db.com/exploits/41044/ CVE-2017-20070 - https://vuldb.com/?id.95410 CVE-2017-20070 - https://www.exploit-db.com/exploits/41044/ @@ -60103,6 +60134,7 @@ CVE-2019-19832 - http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C803 CVE-2019-19833 - http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.html CVE-2019-19833 - http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.html CVE-2019-19844 - http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html +CVE-2019-19851 - https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module CVE-2019-19851 - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities CVE-2019-19852 - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities CVE-2019-19854 - https://websec.nl/news.php @@ -93317,6 +93349,7 @@ CVE-2023-39513 - https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f CVE-2023-39514 - https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 CVE-2023-39515 - https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h CVE-2023-39516 - https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv +CVE-2023-39517 - https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m CVE-2023-39520 - https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3 CVE-2023-39523 - https://github.com/nexB/scancode.io/security/advisories/GHSA-2ggp-cmvm-f62f CVE-2023-39534 - https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp @@ -95430,6 +95463,7 @@ CVE-2023-5454 - https://wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d4 CVE-2023-5458 - https://wpscan.com/vulnerability/47d15f1c-b9ca-494d-be8f-63c30e92f9b8 CVE-2023-5463 - https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu CVE-2023-5471 - https://vuldb.com/?id.241608 +CVE-2023-5488 - https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md CVE-2023-5488 - https://vuldb.com/?id.241640 CVE-2023-5489 - https://github.com/llixixi/cve/blob/main/s45_upload_%20uploadfile.md CVE-2023-5490 - https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md @@ -98386,6 +98420,7 @@ CVE-2024-33527 - https://insinuator.net/2024/05/security-advisory-achieving-php- CVE-2024-33528 - https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/ CVE-2024-33529 - https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/ CVE-2024-33530 - https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies/ +CVE-2024-3359 - https://vuldb.com/?id.259463 CVE-2024-33655 - https://gitlab.isc.org/isc-projects/bind9/-/issues/4398 CVE-2024-33655 - https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/ CVE-2024-3366 - https://github.com/xuxueli/xxl-job/issues/3391 @@ -98850,6 +98885,7 @@ CVE-2024-3765 - https://github.com/netsecfish/xiongmai_incorrect_access_control/ CVE-2024-37661 - https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md CVE-2024-37662 - https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/tl-7dr5130-nat-rst.md CVE-2024-37663 - https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md +CVE-2024-37664 - https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/redmi-rb03-nat-rst.md CVE-2024-3767 - https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md CVE-2024-37671 - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37671.md CVE-2024-37672 - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md @@ -98938,6 +98974,7 @@ CVE-2024-38520 - https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisorie CVE-2024-38521 - https://github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3 CVE-2024-38522 - https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q CVE-2024-38523 - https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx +CVE-2024-38527 - https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h CVE-2024-38529 - https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm CVE-2024-3873 - https://vuldb.com/?submit.312623 CVE-2024-3874 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md @@ -98950,6 +98987,16 @@ CVE-2024-3880 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W3 CVE-2024-3881 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/frmL7ProtForm.md CVE-2024-3882 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromRouteStatic.md CVE-2024-3882 - https://vuldb.com/?id.260916 +CVE-2024-38881 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38882 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38883 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38884 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38886 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38887 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38888 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38889 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38890 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html +CVE-2024-38891 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html CVE-2024-38892 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md CVE-2024-38894 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/touchlist_sync.cgi/README.md CVE-2024-38895 - https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/live_mfg.shtml @@ -99270,10 +99317,13 @@ CVE-2024-4201 - https://gitlab.com/gitlab-org/gitlab/-/issues/458229 CVE-2024-42029 - https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242 CVE-2024-42054 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd CVE-2024-42055 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd +CVE-2024-4210 - https://hackerone.com/reports/2431562 CVE-2024-4217 - https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/ CVE-2024-4224 - https://takeonme.org/cves/CVE-2024-4224.html CVE-2024-42348 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw CVE-2024-42349 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h +CVE-2024-42352 - https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2 +CVE-2024-42358 - https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353 CVE-2024-4236 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md CVE-2024-4237 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md CVE-2024-4238 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md @@ -99641,6 +99691,7 @@ CVE-2024-5883 - https://wpscan.com/vulnerability/a1894884-c739-4ef4-8d9c-392171a CVE-2024-5894 - https://github.com/Hefei-Coffee/cve/blob/main/sql10.md CVE-2024-5895 - https://github.com/Hefei-Coffee/cve/blob/main/sql11.md CVE-2024-5896 - https://github.com/Hefei-Coffee/cve/blob/main/sql12.md +CVE-2024-5897 - https://github.com/Hefei-Coffee/cve/blob/main/xss.md CVE-2024-5898 - https://github.com/guiyxli/cve/issues/1 CVE-2024-5973 - https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/ CVE-2024-5975 - https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/ @@ -99724,6 +99775,7 @@ CVE-2024-6412 - https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b514 CVE-2024-6417 - https://github.com/xyj123a/cve/blob/main/sql.md CVE-2024-6420 - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ CVE-2024-6477 - https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ +CVE-2024-6481 - https://wpscan.com/vulnerability/53357868-2bcb-48eb-8abd-83186ff8d027/ CVE-2024-6484 - https://www.herodevs.com/vulnerability-directory/cve-2024-6484 CVE-2024-6485 - https://www.herodevs.com/vulnerability-directory/cve-2024-6485 CVE-2024-6487 - https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/ @@ -99742,6 +99794,8 @@ CVE-2024-6536 - https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76c CVE-2024-6651 - https://wpscan.com/vulnerability/65e2c77d-09bd-4a44-81d9-d7a5db0e0f84/ CVE-2024-6652 - https://github.com/littletree7/cve/issues/1 CVE-2024-6695 - https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/ +CVE-2024-6706 - https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt +CVE-2024-6707 - https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt CVE-2024-6710 - https://wpscan.com/vulnerability/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d/ CVE-2024-6716 - https://gitlab.com/libtiff/libtiff/-/issues/620 CVE-2024-6720 - https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/ @@ -99762,6 +99816,11 @@ CVE-2024-6802 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6802 CVE-2024-6807 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807 CVE-2024-6807 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6807 CVE-2024-6808 - https://github.com/qianqiusujiu/cve/issues/1 +CVE-2024-6884 - https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/ +CVE-2024-6890 - https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt +CVE-2024-6891 - https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt +CVE-2024-6892 - https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt +CVE-2024-6893 - https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt CVE-2024-6911 - http://seclists.org/fulldisclosure/2024/Jul/13 CVE-2024-6911 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ CVE-2024-6912 - http://seclists.org/fulldisclosure/2024/Jul/13 @@ -99788,6 +99847,7 @@ CVE-2024-7008 - https://starlabs.sg/advisories/24/24-7008/ CVE-2024-7055 - https://ffmpeg.org/ CVE-2024-7055 - https://ffmpeg.org/download.html CVE-2024-7055 - https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3 +CVE-2024-7061 - https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4 CVE-2024-7065 - https://github.com/topsky979/Security-Collections/blob/main/1700810/README.md CVE-2024-7066 - https://vuldb.com/?id.272347 CVE-2024-7067 - https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 @@ -99904,6 +99964,7 @@ CVE-2024-7338 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK CVE-2024-7340 - https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/ CVE-2024-7342 - https://github.com/Hebing123/cve/issues/62 CVE-2024-7343 - https://github.com/Hebing123/cve/issues/63 +CVE-2024-7353 - https://portswigger.net/research/xss-in-hidden-input-fields CVE-2024-7357 - https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DIR-600/soapcgi_main_injection CVE-2024-7358 - https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen CVE-2024-7359 - https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10 @@ -99938,6 +99999,7 @@ CVE-2024-7446 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-3.md CVE-2024-7449 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md CVE-2024-7450 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md CVE-2024-7451 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md +CVE-2024-7451 - https://vuldb.com/?submit.383864 CVE-2024-7452 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md CVE-2024-7453 - https://github.com/Hebing123/cve/issues/65 CVE-2024-7453 - https://github.com/Hebing123/cve/issues/66 @@ -99951,8 +100013,10 @@ CVE-2024-7464 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK CVE-2024-7465 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/loginauth.md CVE-2024-7494 - https://github.com/lche511/cve/blob/main/sql2.md CVE-2024-7496 - https://github.com/DeepMountains/zzz/blob/main/CVE1-1.md +CVE-2024-7496 - https://vuldb.com/?submit.385892 CVE-2024-7497 - https://github.com/DeepMountains/zzz/blob/main/CVE1-2.md CVE-2024-7498 - https://github.com/DeepMountains/zzz/blob/main/CVE1-3.md +CVE-2024-7498 - https://vuldb.com/?submit.385894 CVE-2024-7499 - https://github.com/DeepMountains/zzz/blob/main/CVE1-4.md CVE-2024-7500 - https://github.com/DeepMountains/zzz/blob/main/CVE1-5.md CVE-2024-7505 - https://github.com/CveSecLook/cve/issues/56